Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability
Discussion:
Ericsson HM220dp is a small office enviroment ADSL modem, distributed
by many Carriers such as Telecom Italia to thousand users.
It may be administered remotely through a number of mechanisms,
including a web
Andrew McGill emailed me with the following comments:
This is a nice technique - however it is quite probable that a
jmp esp instruction can be found which is preceeded by an
innocuous instruction ( add bx,si ; jmp esp ... ) ... quite
probable in the above means I haven't actually looked.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 249-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 11th, 2003
Title: Kaspersky Antivirus DoS
Affected: Kaspersky Antivirus 4.0.9.0
(Server and Workstation version on
Windows NT 4.0 and Windows 2000).
Author:ZARAZA [EMAIL PROTECTED]
Vendor:
-BEGIN PGP SIGNED MESSAGE-
===
Field Notice - IOS Accepts ICMP Redirects in Non-default
Configuration Settings
Field Notice Number 23074
Publish Date2003-February-10
Author Damir Rajnovic [EMAIL PROTECTED]
Products Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 248-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 31st, 2003
Title: Buffer overflow in Far Manager
Affected: Far Manager 1.70beta1 and prior
(saved EIP overflow)
1.70beta4
(off-by-one frame pointer overflow)
Vendor: RARSoft
Risk:
I am forwarding this response from the Author of Gallery who posted
the following on his web site at:
http://gallery.menalto.com/modules.php?op=modloadname=Newsfile=articlesid=67mode=threadorder=1thold=0
:::Begin Forwarded Message:::
Recently there was a post on BugTraq, that referred to a
-BEGIN PGP SIGNED MESSAGE-
Hello Andrew,
Andrew Daviel [EMAIL PROTECTED] writes:
I just found a junkbuster proxy on a RedHat 6.2 machine
being used to relay spam - a bit ironic, considering the
intention of the program.
This is junkbuster-2.0-1 installed as part of a
complete install
official reply from eggheads.org, the current eggdrop development group
On Sun, Feb 09, 2003 at 08:44:50PM +0100, Paul Starzetz wrote:
Hi,
Hello.
there is a serious security problem in the popular eggdrop IRCbot. The
hole allows a regular user with enough 'power' (at least power to add
Title: Buffer overflow/DoS against cmd.exe
for Windows NT 4.0/2000
Affected: Microsoft Windows NT 4.0 (buffer overflow)
Microsoft Windows 2000 (DoS)
Vendor: Microsoft
Risk: Average for
On February 5th, Luigi Auriemma of PivX Solutions released a tightly packed
advisory detailing multiple vulnerabilities in the Unreal network gaming
engine developed by Epic Games. These vulnerabilities affect both clients
and servers who are playing the plethora of games that are using the
FX [EMAIL PROTECTED] said:
ftp open malware.com
Connected to malware.com.
220 Sprint FTP version 1.0 ready at Wed Jan 5 17:20:47 2000
User (malware.com:(none)):
331 Enter PASS command
Password:
230 Logged in
ftp get rom-0
I'm not sure if this applies to the Zyxel boxes you
SUBJECT
Security bug in CGI::Lite::escape_dangerous_chars() function, part
of the CGI::Lite 2.0 package, and earlier revisions thereof.
SUMMARY
The CGI::Lite::escape_dangerous_chars() function fails to escape
the entire set of special characters that may have
In-Reply-To: 01ce01c2d1f1$1beebef0$[EMAIL PROTECTED]
Thor,
I have sent your company an apology for those completely unfortunate
comments that I sincerely regret. We did provide an official statement
and I was not, at the time, aware that my verbal reaction, in a moment of
shock and
In-Reply-To: [EMAIL PROTECTED]
As a side note, the trojaned map vulnerability has been known to many
people in the security industry for over a year, since certain members of
us are avid UT players, and it came under some intense review. (After
finding the Powerpoint 2000 vulnerability,
16 matches
Mail list logo