[SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: MD5 - --[ Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability ]-- - --[ Type Directory Traversal - --[ Release Date November 12, 2002 - --[ Product / Vendor Hyperion FTP Server is a powerful, reliable FTP server for Windows 95/98/NT/2000,

KDE Security Advisory: resLISa / LISa Vulnerabilities

KDE Security Advisory: resLISa / LISa Vulnerabilities Original Release Date: 2002-11-11 URL: http://www.kde.org/info/security/advisory-2002-2.txt 0. References iDEFENSE Security Advisory 11.11.02 (http://www.idefense.com/advisory/11.11.02.txt). 1. Systems affected:

WebChat for XOOPS RC3 SQL INJECTION

Text available at http://www.phpsecure.org/tutos/webchat.1-5.xoops.rc3.sql.injection.txt Patch available on phpsecure.org XOOPS RC3 WebChat Module SQL Injection Tested with : Xoops RC3 WebChat 1-5 Author :val2 - phpsecure.org for more info and ~patchs~ Lines 291-299 from

GLSA: apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-003 - - PACKAGE : apache SUMMARY : Cross-Site Scripting

Remote Buffer Overflow vulnerability in Light HTTPd

INetCop Security Advisory #2002-0x82-002 * Title: Remote Buffer Overflow vulnerability in Light HTTPd. 0x01. Description Lhttpd that is improved in ghttpd for more convenient and strong

NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For Immediate Disclosure == Summary == Security Alert: NOVL-2002-2963767 Title: Remote Manager Security Issue - eDir 8.6.2 Date: 22-Oct-2002 Revision: Original

RE: A technique to mitigate cookie-stealing XSS attacks

-Original Message- From: Ulf Harnhammar [mailto:ulfh;update.uu.se] Sent: Sunday, 10 November 2002 2:22 PM To: Justin King Subject: Re: A technique to mitigate cookie-stealing XSS attacks On Thu, 7 Nov 2002, Justin King wrote: I would be very interested in major browsers

KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability

KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability Original Release Date: 2002-11-11 URL: http://www.kde.org/info/security/advisory-2002-1.txt 0. References None. 1. Systems affected: All KDE 2 releases starting with KDE 2.1 and all KDE 3

[SECURITY] [DSA 194-1] New masqmail packages fix buffer overflows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 194-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 12th, 2002

SuSE Security Announcement: KDE lanbrowser vulnerability (SuSE-SA:2002:042)

-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:kdenetwork Announcement-ID:SuSE-SA:2002:042 Date: Tue

RE: A technique to mitigate cookie-stealing XSS attacks

Aloha, Everyone interested in preventing XSS should review and understand http://www.xwt.org/sop.txt which is a vulnerability that combines XSS with bad data in DNS to allow an attacker to hijack a Web browser (IE) and force it to function as a proxy for requests of the attacker's choosing --

RE: When scrubbing secrets in memory doesn't work

Reposted. -Original Message- From: Michael Wojcik Sent: Wednesday, November 06, 2002 12:25 AM To: 'Michael Howard' Cc: [EMAIL PROTECTED] Subject: RE: When scrubbing secrets in memory doesn't work From: Michael Howard [mailto:mikehow;microsoft.com] Sent: Tuesday, November

NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For Immediate Disclosure == Summary == Security Alert: NOVL-2002-2963827 Title: Remote Manager Security Issue - NW5.1 Date: 16-Oct-2002 Revision: Original

Fresh hole in W3Mail (fwd)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The attached advisory supercedes my previous effort regarding W3Mail (NDSA20020719). It seems that in fixing the original holes, CascadeSoft introduced a new one. Their fix for the original hole was as I suggested, to move the MIME attachments

[Fwd: Notice of serious vulnerabilities in ISC BIND 4 8]

-Forwarded Message- From: Peter Losher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Notice of serious vulnerabilities in ISC BIND 4 8 Date: 12 Nov 2002 10:02:25 -0800 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ISC is aware of several bugs which can result in serious

APBoard - post threads to protected forums and possibility to hijack forum-password

Product: Another PHP Program - APBoard Versions: tested on 2.02, 2.03 Vulnerability: post threads to protected forums and possibility to hijack forum-password Date: November 12, 2002 Discovered by: ProXy [EMAIL PROTECTED] Introduction: Normal Users can submit threads to password

[SecurityOffice] INweb Mail Server v2.01 Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: MD5 - --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]-- - --[ Type Denial of Service - --[ Release Date November 12, 2002 - --[ Product / Vendor The INweb Mail Server is a standard Internet POP3 and SMTP mail server that runs

Security Update: [CSSA-2002-042.0] Linux: libpng progressive image loading vulnerabilities and other buffer overflows

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ SCO Security Advisory Subject:Linux: libpng progressive image loading vulnerabilities and other

Exploit code for IP Smart Spoofing

Hello As we reported in our previous article: IP Smartspoofing (http://www.althes.fr/ressources/avis/smartspoofing.htm), we introduced a new method for IP Spoofing, allowing full-connexion from any client software. The exploit code smartspoof.pl is a proof of concept (for educational purpose