CORE-20021005: Vulnerability Report For Linksys Devices

2002-12-03 Thread Carlos Sarraute
CORE Security Technologies http://www.corest.com Vulnerability Report For Linksys Devices Date Published: 2002-12-02 Last Update: 2002-12-02 Advisory ID: CORE-20021005 Bugtraq ID: None currently assigned. CVE: None currently assigned. Title: Remotely exploitable Buffer overflows and

MDKSA-2002:085 - Updated WindowMaker packages fix buffer overflow vulnerability

2002-12-03 Thread Mandrake Linux Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: WindowMaker Advisory

[SNS Advisory No.59] Buffalo Wireless LAN Access Point Denial of Service Vulnerability (was Re: Buffalo AP Denial of Service)

2002-12-03 Thread snsadv
We found the same vulnerabilty and reported to the vender on 9 Aug 2002. Since the vender reported that this problem has been addressed, we have decided to release this advisory after confirming the fix. --- On 13 Nov 2002 19:39:12 - Andrei Mikhailovsky [EMAIL PROTECTED] wrote: Arhont

Local Netfilter / IPTables IP Queue PID Wrap Flaw

2002-12-03 Thread James Morris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Netfilter Core Team Security Advisory Subject: Local Netfilter / IPTables IP Queue PID Wrap Flaw Released: December 3, 2002. Effects: Under limited circumstances, an unprivileged local user may be able

Poisonous Style for Dialog window turns the zone off.

2002-12-03 Thread Liu Die Yu
Poisonous Style for Dialog window turns the zone off. (that's all is the end of file if you are in a hurry) [tested] MSIEv6(CN version) Patch: Q312461,Q328790(MS02-066) {IEXPLORE.EXE file version: 6.0.2600.} {MSHTML.DLL file version: 6.00.2600.} [demo] at

SquirrelMail v1.2.9 XSS bugs

2002-12-03 Thread euronymous
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: SquirrelMail v1.2.9 XSS bugs product: SquirrelMail v1.2.9 vendor: www.squirrelmail.org risk: low date: 12/3/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory url: http://f0kp.iplus.ru/bz/008.txt

Zeroo Webserver remote directory traversal exploit

2002-12-03 Thread Mike Cramp
Hey guys, A while back there was that directory traversal exploit for the Zeroo webserver. (http://lonerunner.cfxweb.net) Here is a proof of concept code, enjoy. /* * zeroo httpd remote directory traversal exploit * proof of concept * hehe, just a copy and paste from my other directory

[SECURITY] [DSA 202-1] New IM packages fix insecure temporary file creation

2002-12-03 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 202-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze December 3rd, 2002

Re: Local Netfilter / IPTables IP Queue PID Wrap Flaw

2002-12-03 Thread James Morris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just an update on this. Solution: Upgrade to Linux kernels 2.4.20 (stable), and 2.5.32 (development). Someone has pointed out that the recommended 2.4.20 kernel has an ext3 data corruption bug (which fortunately will not affect most users).

MDKSA-2002:084 - Updated pine packages fix buffer overflow vulnerability

2002-12-03 Thread Mandrake Linux Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: pine Advisory ID: