dotproject Remote Code Execution Vulnerability

2003-01-29 Thread mindwarper
dotproject Remote Code Execution Vulnerability (By Mindwarper) --- --- -- Vendor Information: -- Homepage : http://www.dotproject.net Vendor : informed Mailed advisory: 28/01/03 Vender Response : None -- Affected

[OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)

2003-01-29 Thread OpenPKG
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

Re: MSDE contained in...

2003-01-29 Thread Stefan Laudat
I'm using at work in my company Websense Reporter for Websense Enterprise and McAfee Policy Orchestrator, which, under some circumstances (usually the default installation) may install MSDE as storage/query engine. It's shipped as third-party/redistribution packs. There may be also other

Re: dotproject Remote Code Execution Vulnerability : Patch

2003-01-29 Thread Frog Man
A non-official patch has been created for this hole and is published on http://www.phpsecure.org/index.php?zone=pPatchAsAlpha=dl=us (english version) . From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: dotproject Remote Code Execution Vulnerability Date: Wed, 29 Jan 2003 04:02:24 -0800

David Litchfield talks about the SQL Worm in the Washington Post

2003-01-29 Thread Richard M. Smith
Hi, The following quote from David Litchfield appeared in a front-page article in today's Washington Post: http://www.washingtonpost.com/wp-dyn/articles/A57550-2003Jan28.html You have this ideal vision of doing something for the greater good, said David Litchfield, managing

iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords

2003-01-29 Thread iDEFENSE Labs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords (AbsoluteTelnet, SecureCRT, Entunnel, SecureFx, and PuTTY) http://www.idefense.com/advisory/01.28.03.txt January 28, 2003 I. BACKGROUND PuTTY is a free implementation of

Re[2]: Zorum Portal (PHP)

2003-01-29 Thread Messer
Hello MGHz, From: MGhz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Zorum Portal (PHP) Date: 22 Jan 2003 19:45:26 - Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: - include.php

Re: Local root vuln in SuSE 8.0 plptools package

2003-01-29 Thread Roman Drahtmueller
Also hi, Hi, There is a vulnerability in the plptools (Psion tools) package of SuSE 8.0 (possibly others; this has not been researched). Please see attached advisory for more details. Regards, Carl SuSE Security would like to thank Carl Livitt for his early notice to us on that bug.

Re: David Litchfield talks about the SQL Worm in the Washington Post

2003-01-29 Thread David Litchfield
Perhaps David can put together a longer message for Bugtraq and Full-Disclosure on his changing views of publishing proof-of-concept code for security vulnerabilities. On analysis of the code of the Slammer worm it is apparent that my code was used as its template. It uses the same addresses