CERT Advisory CA-2002-32 Backdoor in Alcatel OmniSwitch AOS (fwd)

David Mirza Ahmad Symantec 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- Forwarded message -- Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 24024 invoked by alias); 21 Nov 2002 18:36:26 - Delivered-To: [EMAIL

Remote Heap malloc/free multiple Overflow vulnerability in WSMP3.

INetCop Security Advisory #2002-0x82-006 * Title: Remote Heap malloc/free multiple Overflow vulnerability in WSMP3. 0x01. Description =-=-=-=-=-=-=-=-= WSMP3d webserver or, is used by

Re: Alert: Microsoft Security Bulletin - MS02-066

Hi, In MS02-066 Microsoft claim they've fixed several Cross Domain Verification problems. Unfortunately, they are not really clear on which vulnerabilities they fix. Does anyone know which vulnerability was meant with this: - Frames Cross Site Scripting: CVE-CAN-2002-1187 The CVE number is

iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 11.19.02b: http://www.idefense.com/advisory/11.19.02b.txt Eudora Script Execution Vulnerability November 19, 2002 I. BACKGROUND Qualcomm Inc.'s Eudora is a graphical e-mail client for Windows and Macintosh. More

[LSD] Java and JVM security vulnerabilities

We would like to inform you about several security vulnerabilities in Java Virtual Machine implementations that we have found during our research. These vulnerabilities affect at least JVMs used in Netscape Communicator and Microsoft Internet Explorer web browsers. Below you can find their brief

acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS

Product Information acFreeProxy (aka acfp) is an HTTP/1.x proxy for Microsoft Windows environments. It offers caching, and several other features, and has a plug-in format designed for extensibility. A flaw in the product may allow attackers to execute content across domains. Description The

acFTP Authentication Issue

acFTP is an open-source FTP daemon for Windows platforms (http://www.sourceforge.net/projects/acftp) that offers more functionality than many proprietary servers (including the MS FTP service). The authentication code of acFTP contains a flaw -- specifically, the server treats users as logged in

Multiple phpNuke Modules Vulnerable to Cross-Site Scripting

phpNuke Module Vulnerabilities Enable Identity Theft Systems Affected: phpNuke 6.5b1 and prior (all operating systems) Risk: High Impact: Identity Theft/Impersonation/Privilege Elevation Scenario: Cross-site scripting flaws enabling cookie theft Description phpNuke is a popular, and very

ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability(fwd)

David Mirza Ahmad Symantec 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -BEGIN PGP SIGNED MESSAGE- ISS X-Force Security Brief November 25, 2002 Solaris fs.auto Remote Compromise Vulnerability Synopsis: ISS X-Force has discovered a vulnerability in the Sun

Web Server Creator - Web Portal 0.1 (PHP)

Informations : °° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file PHP Code/Location : °°° news/include/customize.php : -- ? $langfile = $l; include $l; ? -- index.php :

Predictable TCP Initial Sequence Numbers

Title: NetScreen Security Alert 51897 Date: 25 November 2002 Description: Predictable TCP Initial Sequence Numbers Impact: Circumvention of Defined Security Policies Affected Products: All firewall/VPN appliances and systems Affected Software Releases: ScreenOS 1.7, 2.6, 2.8, 3.0, 3.1, 4.0