GLSA: kgpg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-002 - - PACKAGE : kgpg SUMMARY : keys generated in wizard have an

Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have recently completed a white paper reviewing some of the tactics used in 802.11 wireless LAN discovery applications including NetStumbler, DStumbler and Wellenreiter. Abstract: Wireless LAN discovery through the use of applications such as

Re: How to execute programs with parameters in IE - Sandblad advisory #10

Rule #1: Never use timers in IE exploits. :) When I was developing the exploit I noticed I had to add some delay (using a timer) because the mk:@MSITStore:C: url was not loaded directly by IE. If the timer was set to tight I would sometimes receive the error: This operation can only function in

Multiple Vuln. in Hotfoon.com's Hotfoon4.exe dialer

Multiple Vuln. in Hotfoon.com's Hotfoon4.exe dialer Hotfoon.com is a popular provider of PC to Phone, PC to PC Phone,Instant Messaging and Chat services. It's services are accessed by using a client program, Hotfoon4.exe(http://www.hotfoon.com/hotfoon4.exe), which includes the dialer. This is

benchmark tool for HTTP pages.

ezhttpbench.php eZ httpbench version 1.1(http://developer.ez.no) - benchmark tool for HTTP pages. A security vulnerability in the product allows remote attackers to download any file on the local system that the eZ httpbench has read access to. Vulnerable systems: eZ httpbench version 1.1 eZ

NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For Immediate Disclosure == Summary == Security Alert: NOVL-2002-2963651 Title: iManager (eMFrame) Buffer Overflow Date: 08-Oct-2002 Revision: Updates

Re: Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This email is in response to the BugTraq posting at http://online.securityfocus.com/archive/1/299046 There are two issues in the original email which are addressed below. 1) The TCP stack on the PIX is non RFC compliant in responding to TCP packets

Buffer Overflow in iSMTP Gateway

= Advisory: Buffer Overflow in iSMTP Gateway Software: iSMTP Gateway Severity: Medium-High Vendor: Incognito Systems http://www.incognito.com Systems Affected: Banyan VINES Version: 5.0.1, ? Type of Vulnerability: Buffer Overflow Discovered by: K.

RE: A technique to mitigate cookie-stealing XSS attacks

This new HTTPOnly security feature would simply stop cookie hijacking via document.cookie. Nothing else. Which is good, but important to know the limitations and the risks. Actually, the change is not in IE - it's lower-level in WinInet, which IE uses. So any app that uses document.cookie, or,

RE: Motorola Cable Modem DOS

I have been able to replicate this behavior by scanning the cable modem's internal IP (192.168.100.1) on my Motorola Surfboard 3100 w/ the following versions: Software Version: SB3100-3.2.6-SCM-NOSHELL Hardware Version: 2 MIB Version: II GUI Version: 1.0 VxWorks Version: 5.3 Scanning the

[SECURITY] [DSA 191-2] New squirrelmail packages fix problem in options page

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 191-2 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 7th, 2002

iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 11.11.02: http://www.idefense.com/advisory/11.11.02.txt Buffer Overflow in KDE resLISa November 11, 2002 I. BACKGROUND KDE is a popular open source graphical desktop environment for Unix workstations. Its kdenetwork module

Re: SuSE Security Announcement: perl-MailTools (SuSE-SA:2002:041)

On Fri, 8 Nov 2002, Florian Weimer wrote: Hi, Sebastian Krahmer [EMAIL PROTECTED] writes: The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary

RE: How to execute programs with parameters in IE - Sandblad advisory #10

Worked just fine on Windows NT SP6a + all OS fixes + IE 6.0 Gold. Doesn't work on Windows 2000 SP3 + IE 6.0 SP1 + all fixes Worked just fine on Windows XP SP1 + IE 6.0 SP1 + all fixes Your mileage may vary, but it works on the latest OS/IE combination with all fixes. Cheers, Russ - Surgeon

[SECURITY] [DSA 193-1] New klisa packages fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 193-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 11th, 2002

[RHSA-2002:213-06] New PHP packages fix vulnerability in mail function

- Red Hat, Inc. Red Hat Security Advisory Synopsis: New PHP packages fix vulnerability in mail function Advisory ID: RHSA-2002:213-06 Issue date:2002-11-11 Updated on:2002-11-11

Multiple vulnerabilities in Tiny HTTPd

INetCop Security Advisory #2002-0x82-001 * Title: Multiple vulnerabilities in Tiny HTTPd. 0x01. Description Tiny HTTP daemon is web server that do simple very. Vulnerability and

xoops Quizz Module IMG bug

Author: Magistrat http://www.blocus-zone.com magistratblocus-zone com Date: 11/11/2002 Object: IMG bug in quizz module risk: Medium-high advisory url: http://www.blocus-zone.com/modules/news/article.php?storyid=180 - After having

Re: A technique to mitigate cookie-stealing XSS attacks

On Thu, 7 Nov 2002, Justin King wrote: I would be very interested in major browsers supporting a dead tag with an optional parameter to be a hash of the data between the opening and closing dead tag. This tag would indicate that no live elements of HTML be supported (e.g., JavaScript,

Security Update: [CSSA-2002-044.0] Linux: Preboot eXecution Environment (PXE) server denial-of-service attacks

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ SCO Security Advisory Subject:Linux: Preboot eXecution Environment (PXE) server denial-of-service