Cross Site Scripting Advisory.

-- MODERATOR -- Edited accordingly, Identified 3 possible vendors. -- /MODERATOR -- uk2sec Cross Site Scripting Advisory by c0w_d0g3 [EMAIL PROTECTED] Many many websites run a 'site search' tool on their webpage with a URL that looks like this: /search/index.cfm I am having trouble locatin

Re: Security bug in CGI::Lite::escape_dangerous_chars() function

Hi Ronald, Ronald F. Guilmette wrote: > Below is a trivially simple example of how this security flaw can > cause a problem, in practice: > > = > #!/usr/bin/perl -w > > use strict; > use

Lotus Domino DOT Bug Allows for Source Code Viewing

Through some testing against some Lotus Domino web servers (verified in version 5 & 6), if you append a period to the end of a non-default Lotus file type (non .NSF, .NTF, etc) via your browser URL request, you will be prompted to download the file. This has a possible repercussion of the ability t

Solaris Signals

Hi, We all know that old chestnut about tracing setuid programs or scripts, but what about non-setuid scripts which have been installed for users and given execute only permission. For example, a lot of sites provide scripts for users to run which perform some admin related function and thus have

libIM.a buffer overflow vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Wed Feb 12 11:00:00 CST 2003 === VULNERABILITY SUMMARY VULNERABILITY: libIM.a buffer overflow vulnerabili

CodeCon Registration Deadline Approaching

CodeCon is fast approaching, and there are only three days left to register online for CodeCon at the reduced rate. CodeCon 2.0 is the premier event in 2003 for the P2P, Cypherpunk, and network/security application developer community. It is a workshop for developers of real-world applications wit

Abyss WebServer Brute Force Vulnerability

Abyss WebServer Brute Force Vulnerability Package:Abyss WebServer Vendor Web Site:http://www.aprelium.com Versions: All versions <= v1.1.2 Platforms: Linux, Windows Local: No Remote: Yes Fix Available:

iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 02.12.03: http://www.idefense.com/advisory/02.12.03.txt Buffer Overflow in AIX libIM.a February 12, 2003 I. BACKGROUND Advanced Interactive eXecutive (AIX) is IBM Corp.'s Unix operating system implementation, native to pSer

IRIX IP denial-of-service fixes and tunings

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: IP denial-of-service fixes and tunings Number : 20030201-01-P Date : February 12, 2003 Reference: CERT CA-2001-09 Refe

[RHSA-2003:029-06] Updated lynx packages fix CRLF injection vulnerability

- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated lynx packages fix CRLF injection vulnerability Advisory ID: RHSA-2003:029-06 Issue date:2003-01-28 Updated on:2003-02-12

[LSD] Codes for Java and JVM security vulnerabilities

Hello, We have finally released the codes for security vulnerabilities in Java Virtual Machine implementations that were discussed in our Java/JVM security paper. They can be downloaded from the projects section of our website. There are two issues that should be cleared out with regard to the r

MDKSA-2002:062-1 - Updated postgresql packages fix various buffer overflows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: postgresql Advisory ID: