In some cases Outlook Express shows a wrong certificate when i receive a
signed and encrypted message from another user.
Outlook Express uses the sender's certificate to encrypt the message, and
not the receipt's certificate!
Notwithstanding this, outlook express open the message, but this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-10
- -
PACKAGE : dhcp
SUMMARY : buffer overflow
DATE : 2003-01-1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: dhcp
Advisory ID:
Mike Kristovich, PivX Security Advisory MK#001
Date:November 26, 2002
Released:January 16, 2002
Application: Battlefield 1942 (Server and Dedicated Server)
America's Army
U
Researchers,
I am pleased to announce the Sixth International
Symposium on the Recent Advances in Intrusion
Detection (RAID 2003). The Symposium will be held
September 8-10, 2003, in Pittsburgh, Pennsylvania, USA.
For more information, please refer to the CFP included
below, or go to the Symposiu
The past months (years ?) several people found a lot of methods and/or
vulnerabilities on Internet Explorer which could be exploit for silent
delivery
and arbitrary program execution. This people are well known :
Jelmer, Malware, SandBlad, Guninski, GreyMagic, Thor Larholm,
Liu Die Yu, ...
When I
Overview
cgihtml is a collection of routines for parsing World Wide Web (WWW)
Common Gateway Interface (CGI) input and outputting HyperText Markup
Language (HTML).
http://www.eekim.com/software/cgihtml/
According to the authors website, it has potentially been used in the
implementation
On 7/1/03 2:58 am, Floyd Russell <[EMAIL PROTECTED]> wrote:
> Negative on Windows 98 SE
No problems with Mac OS X 10.2.3, which also contains an OpenType engine.
Cheers,
Chris
As some may have gathered, the advisory recently posted by [EMAIL PROTECTED]
was indeed a fake, intended to highlight several unclear statements made in
GIS2002062801.
The advisory in question is currently being updated with more detailed information and
will be
re-posted at: http://www.glob
-BEGIN PGP SIGNED MESSAGE-
___ ___ ___ ___ _ ___ ___ ___ ___ ___ _ _ ___ ___ ___
/ __|/ _ \| _ ) _ ) | | __/ __| / __| __/ __| | | | _ \_ _|_ _\ \ / /
| (_ | (_) | _ \ _ \ |__| _|\__ \ \__ \ _| (__| |_| | /| | | | \ V /
\___|\___/|___/___/|___|___/ |___/___\___|\___/|_|_\___| |_| |
Not to bore anyone any further - the .FON extension is also vulnerable.
(The .FON and TTF may work on the other Windows platforms where the .OTF
failed)
- Original Message -
From: <[EMAIL PROTECTED]>
To: "Mark Litchfield" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sen
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated PostgreSQL packages fix buffer overrun vulnerabilities
Advisory ID: RHSA-2003:010-10
Issue date:2003-01-14
Updated on:20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-8
- -
PACKAGE : mod_php php
SUMMARY : buffer overflow
DATE : 200
On Tue, Jan 07, 2003 at 09:18:00AM +, Jez Hancock wrote:
[snip]
> It's annoying in that I see a lot of users running mysql with the -u and -p options:
>
> mysql -u user -p mypassword
>
> on the commandline, thinking that this info will not show up in ps listings when ps
> is run by other use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 226-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 10th, 2003
Negative on Windows 98 SE
Floyd
- Original Message -
From: "Andrew" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, January 06, 2003 9:36 AM
Subject: Opentype font file causes Windows to restart.
| Problem
| ---
|
| The attached OpenType font file wil
(slightly off topic)
> Kazaa lite doesnt have ads or spyware. http://www.kazaalite.com/
>
> PLUS it works great with Wine (http://www.winehq.com/) :)
One problem (at least to firewall administrators trying to block P2P
apps) is that KazaaLite pre-populates a specific registry key that has
infor
On Tue, 2003-01-07 at 20:12, Mark Litchfield wrote:
> Renaming the file extension to TTF (True Type Font) also causes an instant
> reboot on Win2k, although still does not work on .NET Server (don't have XP
> in house to test on at the minute).
Something that the hackers (thankfully) have seem to
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated dhcp packages fix security vulnerabilities
Advisory ID: RHSA-2003:011-07
Issue date:2003-01-16
Updated on:2003-01-16
Pro
> mplayer (www.mplayerhq.org)
Gobbles must have been so busy coding a "robust exploit" for our
software that they forgot the URL of our site: http://www.mplayerhq.hu
> 1) If you participate in illegal file-sharing networks, your
> computer now belongs to the RIAA.
Although I like smiling over fun
[This isn't exactly new, but it does come up now and then, so I
thought it might be useful to summarize it here.]
Recently, I stumbled upon a page on Microsoft's website,
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/efs.asp>
which talks about possible attack(s)
Gabber 0.8.7 leaks presence information without user authorization
Greg Troxel <[EMAIL PROTECTED]>
DESCRIPTION
Gabber 0.8.7 sends a presence message to the Jabber ID
[EMAIL PROTECTED] at login and logout time.
This is a privacy violation: that a user even exists should only
On Thu, Jan 16, 2003 at 12:07:12AM +0100, Nicob wrote:
> On Sun, 2003-01-12 at 16:03, [EMAIL PROTECTED] wrote:
> > index.php :
> >$cfg_file = "${cfg_dir}/${bn}.${ext}";
> >
> >
>http://www.w-agora.net/current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
> >
>htt
Confirmed also with version 4.0 on Linux/Intel.
It also works on HTTP, no need of HTTPS
Albert Bendicho
At 21:41 06/01/2003 +0100, G.P.de.Boer wrote:
Directory traversal bug in Communigate Pro 4.0b to 4.0.2
Overview
Whe
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
SCO Security Advisory
Subject:UnixWare 7.1.1 Open UNIX 8.0.0 : command line argument buffer
overflo
On Sun, Jan 05, 2003 at 08:46:50PM +, Cache wrote:
> This is a little information leak. This bug(?) is not dangerous, but
> normal user can see all process on the box using ex. /bin/ps;
This topic was addressed on freebsd-security list a while back, where
someone also noted that all user proces
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 222-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 6th, 2003
Mambo PHP-Portal Vulnerability ( By Mindwarper :: [EMAIL PROTECTED] :: )
<--- --->
--
Vendor Information:
--
Homepage : http://www.mamboserver.com
Vendor : informed
Mailed advisory: 09/01/03
Vender Response : None yet
--
Affe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: krb5
Advisory ID:
Proof of Concept
format string exploit for
isc dhcpd 3.0 dynamic dns update log function bug
--
VOID.AT Security
/***
* hoagie_dhcpd.c
*
* local and remote exploit for isc dhcpd 3.0 (perhaps others)
*
* hi 19c3 guys ;)
*
* gcc hoagie
In article <[EMAIL PROTECTED]> you
write:
[ snip ]
>SOLUTION :
>==
[ snip ]
> if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",
>$email) && $email !=
>"") {
Please note that there are many more characters valid in the LHS of an
email address, for examp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 223-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 7th, 2003
[void.at Security Advisory VSA0303]
Overview
"statsme"[1] is a popular plugin for the Half-Life Dedicated Server (hlds).
hlds is not only the server for the most popular online game today,
"Counter-Strike", but for many other games too.
Two security bugs in statsme make it possible to e
Multiple PHP Topsites Vulnerabities found
PHP TopSites is a PHP/MySQL-based customizable TopList script. Main
features include: Easy configuration config file; MySQL database backend;
unlimited categories, Site rating on incoming votes; Special Rating from
Webmaster; anti-cheating gatew
Below is an ipfilter security issue, and my previous mail to author
Darren was bounced back, so I think maybe I should mail it to this
mailing list.
Overview
--
Anytime ipfilter see a packet with ACK bit set without the previous SYN,
it will marked it as TCPS_ESTABLISHED in it's state table, and f
[void.at Security Advisory VSA0302]
Adminmod[1] is a plugin for the "Half-Life Server", hosting
the most popular online game today, "Counter-Strike", among
others.
Overview
Due to a format string bug in adminmod, it is possible
for a remote attacker who knows the rcon-password to
remote
Also use http://www.dietk.com/
/Thomas
[EMAIL PROTECTED] wrote:
>
> Kazaa lite doesnt have ads or spyware.
> http://www.kazaalite.com/
>
> PLUS it works great with Wine (http://www.winehq.com/) :)
>
> On Tue, Jan 07, 2003 at 11:53:05AM -0700, David Krum wrote:
> > To follow up my mid Oct post:
Just be aware that, in order to stop pop up ads, Kazaa Light installs its own
HOSTS file into %Windir%. This has the negative affect of not allowing you
to view several legitimate web sites, including Yahoo Maps, since the HOSTS
file redirects the URL to your loopback adapter.
--
Kazaa lite
Hi,
i discovered a bug in the dhcrelay causing it to send a continuing packet
storm towards the configured dhcp server(s) in case of a malicious bootp
packet. I have seen this on Linux Kernel 2.2 and 2.4 with the isc dhcp
3.0rc9 relay (I havent tested rc10 but the diff shows no obvious fix).
In c
On Sat, Jan 11, 2003 at 12:24:49AM +0100, Peter Turczak wrote:
> I audited our system running under various operating systems.
> The following OS do _not_ pad the packets with zero but something else, if
> anybody is interested in the dumps of the frames produced while testing, feel
> free to con
-BEGIN PGP SIGNED MESSAGE-
I. BACKGROUND
PHP-Nuke is a popular Web portal system.
Project homepage : http://www.phpnuke.org
II. DESCRIPTION
Remote attacker could transfer to server his own file or copy
arbitrary file from system to accessible directory. The result
of such acts could be
#
Topic:XSS (Cross Site Scripting) on FormMail.CGI
Version: 1.92
Released: April 21, 2002
Manufacturer: http://www.scriptarchive.com/formmail.ht
Hello :)
This is an DoS exploit that utilizes the flaw found
by KPMG Denmark, to crasch or hang any Win2k box
running the LanMan server on port 445 (ms-ds).
What it does is just a simple 10k NULL string
bombardment of port 445 TCP or UDP.
By: Daniel Nystrom <[EMAIL PROTECTED]>
Download:
43 matches
Mail list logo