'printenv' XSS vulnerability

* This writing is part of Malloc() Hackers Malloc() Security * http://www.mallochackers.com http://www.superw00t.com Title: 'printenv' XSS

[SECURITY] [DSA 215-1] New cyrus-imapd packages fix remote command execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 215-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze December 23th, 2002

zkfingerd remote exploit

zkfingerd remote exploit, for syslog() format string mistake. marcetam /* * * remote exploit for zkfingerd-r3-0.9 linux/x86 * gives uid of user who is running zkfingerd (default: nobody) * by Marceta Milos *

Hyperion FTP Server buffer overflow

hi Hyperion FTP Server (http://www.mollensoft.com/ )is a powerful, reliable FTP server for Windows 95/98/NT/2000, and supports all basic FTP commands, and much more, such as passive mode. A vulnerability exists in Hyperion Ftp Server (version 2.8.11)which allows a remote user to execute an

GLSA: kde-3.0.x

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-9 - - PACKAGE : kde-3.0.x SUMMARY : multiple vulnerabilities in

junkbuster 2.0-1 proxy relaying spam

I just found a junkbuster proxy on a RedHat 6.2 machine being used to relay spam - a bit ironic, considering the intention of the program. This is junkbuster-2.0-1 installed as part of a complete install on RedHat 6.2. It seems that the default install sets no ACL, no logging, and starts the

Antwort: Openwebmail 1.71 remote root compromise

On 18.12.2002 18:37:59 Dmitry Guyvoronsky wrote: Software : Openwebmail (http://openwebmail.org) Version : ?.?? - 1.71 (current) Type : Arbitrary commands execution Remote : yes Root : yes (!!!) Date : December 18, 2002 IV. RECOMENDATIONS Temporary disable using of

Re: 'printenv' XSS vulnerability

On Sun, 22 Dec 2002, Dr.Tek wrote: 'printenv' is a test CGI script that tends to come default with most Apache installation. Usually located in the /cgi-bin/ directory. An XSS vulnerbility exist which will allow anyone to input specially crafted links and/or other malicious/obscene scripts.

Re: Solaris priocntl exploit

On Mon, 2 Dec 2002, Jay Beale wrote: This always gets classified as bad input validation. Is the right answer really to check for ../ 's or to canonicalize the filename argument and check ownerships and permissions on the file and parent directories? #2 is wrong: even a root-only-writable

iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 12.23.02: http://www.idefense.com/advisory/12.23.02.txt Integer Overflow in pdftops December 23, 2002 Reference Advisory: http://www.idefense.com/advisory/12.19.02.txt [Multiple Security Vulnerabilities in Common Unix