* This writing is part of Malloc() Hackers Malloc() Security *
http://www.mallochackers.com
http://www.superw00t.com
Title: 'printenv' XSS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 215-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
December 23th, 2002
zkfingerd remote exploit, for syslog() format string mistake.
marcetam
/*
*
* remote exploit for zkfingerd-r3-0.9 linux/x86
* gives uid of user who is running zkfingerd (default: nobody)
* by Marceta Milos
*
hi
Hyperion FTP Server (http://www.mollensoft.com/ )is a
powerful, reliable FTP server for Windows 95/98/NT/2000,
and supports all basic FTP commands, and much more, such as
passive mode.
A vulnerability exists in Hyperion Ftp Server (version
2.8.11)which allows a remote
user to execute an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-9
- -
PACKAGE : kde-3.0.x
SUMMARY : multiple vulnerabilities in
I just found a junkbuster proxy on a RedHat 6.2 machine
being used to relay spam - a bit ironic, considering the
intention of the program.
This is junkbuster-2.0-1 installed as part of a
complete install on RedHat 6.2.
It seems that the default install sets no ACL, no logging,
and starts the
On 18.12.2002 18:37:59 Dmitry Guyvoronsky wrote:
Software : Openwebmail (http://openwebmail.org)
Version : ?.?? - 1.71 (current)
Type : Arbitrary commands execution
Remote : yes
Root : yes (!!!)
Date : December 18, 2002
IV. RECOMENDATIONS
Temporary disable using of
On Sun, 22 Dec 2002, Dr.Tek wrote:
'printenv' is a test CGI script that tends to come default with most
Apache installation. Usually located in the /cgi-bin/ directory.
An XSS vulnerbility exist which will allow anyone to input specially
crafted links and/or other malicious/obscene scripts.
On Mon, 2 Dec 2002, Jay Beale wrote:
This always gets classified as bad input validation. Is the right
answer really to check for ../ 's or to canonicalize the filename
argument and check ownerships and permissions on the file and parent
directories?
#2 is wrong: even a root-only-writable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 12.23.02:
http://www.idefense.com/advisory/12.23.02.txt
Integer Overflow in pdftops
December 23, 2002
Reference Advisory: http://www.idefense.com/advisory/12.19.02.txt
[Multiple Security Vulnerabilities in Common Unix
10 matches
Mail list logo