Hello
As we reported in our previous article: IP Smartspoofing
(http://www.althes.fr/ressources/avis/smartspoofing.htm), we introduced a
new method for IP Spoofing, allowing full-connexion from any client
software.
The exploit code smartspoof.pl is a proof of concept (for educational
purpose onl
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Linux: libpng progressive image loading vulnerabilities and
other buf
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
- --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]--
- --[ Type
Denial of Service
- --[ Release Date
November 12, 2002
- --[ Product / Vendor
The INweb Mail Server is a standard Internet POP3 and SMTP mail server that runs
flawlessly
Product: Another PHP Program - APBoard
Versions: tested on 2.02, 2.03
Vulnerability: post threads to protected forums and possibility to hijack
forum-password
Date: November 12, 2002
Discovered by: ProXy <[EMAIL PROTECTED]>
Introduction:
Normal Users can submit threads to password prot
-Forwarded Message-
From: Peter Losher <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Notice of serious vulnerabilities in ISC BIND 4 & 8
Date: 12 Nov 2002 10:02:25 -0800
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ISC is aware of several bugs which can result in serious vulnerabi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The attached advisory supercedes my previous effort regarding W3Mail
(NDSA20020719). It seems that in fixing the original holes, CascadeSoft
introduced a new one.
Their fix for the original hole was as I suggested, to move the MIME
attachments d
Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Release Date:
November 12, 2002
Severity:
High (Remote SYSTEM level code execution)
Systems Affected:
Macromedia Coldfusion 6.0 and prior (IIS ISAPI)
Macromedia JRun 4.0 and prior (IIS ISAPI)
Description:
Macromedia JRun a
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 800 invoked from network); 12 Nov 2002 17:04:55 -
Received: from atla-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For Immediate Disclosure
== Summary ==
Security Alert: NOVL-2002-2963827
Title: Remote Manager Security Issue - NW5.1
Date: 16-Oct-2002
Revision: Original
Produc
Reposted.
> -Original Message-
> From: Michael Wojcik
> Sent: Wednesday, November 06, 2002 12:25 AM
> To: 'Michael Howard'
> Cc: [EMAIL PROTECTED]
> Subject: RE: When scrubbing secrets in memory doesn't work
>
>
> > From: Michael Howard [mailto:mikehow@;microsoft.com]
> > Sent: Tuesday,
Aloha,
Everyone interested in preventing XSS should review and understand
http://www.xwt.org/sop.txt
which is a vulnerability that combines XSS with bad data in DNS to allow an
attacker to hijack a Web browser (IE) and force it to function as a proxy
for requests of the attacker's choosing -- re
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:kdenetwork
Announcement-ID:SuSE-SA:2002:042
Date: Tue Nov
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 194-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 12th, 2002
KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO
Vulnerability
Original Release Date: 2002-11-11
URL: http://www.kde.org/info/security/advisory-2002-1.txt
0. References
None.
1. Systems affected:
All KDE 2 releases starting with KDE 2.1 and all KDE 3 rele
> -Original Message-
> From: Ulf Harnhammar [mailto:ulfh@;update.uu.se]
> Sent: Sunday, 10 November 2002 2:22 PM
> To: Justin King
> Subject: Re: A technique to mitigate cookie-stealing XSS attacks
>
> On Thu, 7 Nov 2002, Justin King wrote:
>
> > I would be very interested in major brow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For Immediate Disclosure
== Summary ==
Security Alert: NOVL-2002-2963767
Title: Remote Manager Security Issue - eDir 8.6.2
Date: 22-Oct-2002
Revision: Original
Pr
INetCop Security Advisory #2002-0x82-002
* Title: Remote Buffer Overflow vulnerability in Light HTTPd.
0x01. Description
Lhttpd that is improved in ghttpd for more convenient and strong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200211-003
- -
PACKAGE : apache
SUMMARY : Cross-Site Scripting Vulnerabili
Text available at
http://www.phpsecure.org/tutos/webchat.1-5.xoops.rc3.sql.injection.txt
Patch available on phpsecure.org
XOOPS RC3 WebChat Module SQL Injection
Tested with : Xoops RC3
WebChat 1-5
Author :val2 - phpsecure.org for more info and ~patchs~
Lines 291-299 from modules
KDE Security Advisory: resLISa / LISa Vulnerabilities
Original Release Date: 2002-11-11
URL: http://www.kde.org/info/security/advisory-2002-2.txt
0. References
iDEFENSE Security Advisory 11.11.02
(http://www.idefense.com/advisory/11.11.02.txt).
1. Systems affected:
A
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
- --[ Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability ]--
- --[ Type
Directory Traversal
- --[ Release Date
November 12, 2002
- --[ Product / Vendor
Hyperion FTP Server is a powerful, reliable FTP server for Windows 95/98/NT/2000,
and
21 matches
Mail list logo
