dotproject Remote Code Execution Vulnerability (By Mindwarper)
--- ---
--
Vendor Information:
--
Homepage : http://www.dotproject.net
Vendor : informed
Mailed advisory: 28/01/03
Vender Response : None
--
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
I'm using at work in my company Websense Reporter for Websense
Enterprise and McAfee Policy Orchestrator, which, under some
circumstances (usually the default installation) may install MSDE
as storage/query engine. It's shipped as third-party/redistribution
packs. There may be also other
A non-official patch has been created for this hole and is published on
http://www.phpsecure.org/index.php?zone=pPatchAsAlpha=dl=us (english
version) .
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: dotproject Remote Code Execution Vulnerability
Date: Wed, 29 Jan 2003 04:02:24 -0800
Hi,
The following quote from David Litchfield appeared in a front-page
article in today's Washington Post:
http://www.washingtonpost.com/wp-dyn/articles/A57550-2003Jan28.html
You have this ideal vision of doing something
for the greater good, said David Litchfield,
managing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store
Passwords (AbsoluteTelnet, SecureCRT, Entunnel, SecureFx, and PuTTY)
http://www.idefense.com/advisory/01.28.03.txt
January 28, 2003
I. BACKGROUND
PuTTY is a free implementation of
Hello MGHz,
From: MGhz [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Zorum Portal (PHP)
Date: 22 Jan 2003 19:45:26 -
Version : 3.0;3.1;3.2
Website : http://zorum.phpoutsourcing.com/
Problem : Include file
File:
-
include.php
Also hi,
Hi,
There is a vulnerability in the plptools (Psion tools) package of SuSE 8.0
(possibly others; this has not been researched).
Please see attached advisory for more details.
Regards,
Carl
SuSE Security would like to thank Carl Livitt for his early notice to us
on that bug.
Perhaps David can put together a longer message for Bugtraq and
Full-Disclosure on his changing views of publishing proof-of-concept
code for security vulnerabilities.
On analysis of the code of the Slammer worm it is apparent that my code was
used as its template.
It uses the same addresses