) PROTOS
Test Suite for SIP and can be repeatedly exploited to produce a denial of
service.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml.
Affected Products
=
* Cisco IP Phone Model 7940/7960 running SIP images prior to 4.2
hola,
On 20 Feb 2003 20:36:11 -
Lucas Armstrong [EMAIL PROTECTED] wrote:
To get around this problem, one could use the mysql char()
function which will output any ascii value, without using quotes. So to
guess the letter 'a' the hacker could use char(97). Here is an example url
Product:
perl2exe, http://www.indigostar.com/
Vunerability:
Perl programs compiled into EXEs with Perl2Exe can be decompiled and
full, unadulterated source code extracted.
Vendor Status:
Vendor has been notifyed a year ago as Simon Cozens dissected perl2exe's
version 5.x
and
When programming a system that creates sql strings based on passed in integers
i.e. where some_int=$variable_from_querystring
you must always do a check to confirm that that variable contains only numeric
data.
an alternate fix on sql servers that allow the format
where some_int='1234' --
Informations :
°°
Version : 3.0
Website : http://www.tefonline.net/
Problems :
- XSS - admin infos recovery
- Access to admin pages
PHP Code/Location :
°°°
If pseudo = [SCRIPT],
e-mail = [SCRIPT]
or message = /textarea[SCRIPT]
[SCRIPT] will be executed on index.php,
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated VNC packages fix replay and cookie vulnerabilities
Advisory ID: RHSA-2003:041-12
Issue date:2003-02-07
Updated on:
[MODERATOR: posted this to vuln-dev where it recieved some interest.
Thought it might be interesting to a wider audience. Here's a revised
version of the same post]
Here's a code snippet that injects code directly into a running process
without the need for a DLL etc. I believe that it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 252-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 21st, 2003
In-Reply-To: [EMAIL PROTECTED]
Systems Affected
all the versions ARE vulnerable
except '5.0 RC1' (i wonder why a released c. is ok while the final 5.2 is
bugged)
snip
conclusions:
yet another bug of php nuke... this software is used by thousands of
people... (we run something based on it too)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: openssl
Advisory ID:
Rogue buffer overflow
PROGRAM: Rogue
VENDOR: Tim Stoehr et al.
DOWNLOAD URL: http://ibiblio.org/pub/Linux/games/dungeon/!INDEX.html
(any file called *rogue* in that directory)
DMOZ/ODP: http://dmoz.org/Games/Video_Games/Roleplaying/Rogue-like/
DESCRIPTION:
Rogue is a text-based
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2003-0005
Package name: openssl
Summary: Security fix
Date: 2003-02-20
Affected versions: TSL 1.1, 1.2,
I don't like to claim for the authory of bugs, because It is not
possible to clarify who discovered/exploited first some bug because
some times we are too lazy to publish them for any reason. But this
is an special reason because the person that claims for the authory
of the TWO PhpNuke SQL
Auriemma == Auriemma Luigi [EMAIL PROTECTED] writes:
Auriemma Yeah, seems that DDoS attacks will never die and in these
Auriemma months seems that every game can be used for launch DDoS
Auriemma attacks...
One could argue that using _D_DoS term here is a misnomer. The attack
will
Hi Lucas List,
On Thu, 2003-02-20 at 21:37, Lucas Armstrong wrote:
If a correct password hash digit is guessed, the admin's name will show up
as an online user, in the online user list at the bottom of the forum
page. After the password hash is determined, it is then placed in the
cookie
-Original Message-
From: xenophi1e [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 1:34 PM
To: [EMAIL PROTECTED]
Subject: Bypassing Personal Firewalls
snip
Here's a code snippet that injects code directly into a
running process
without the need for a DLL etc. I
-Original Message-
From: Oliver Lavery [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 3:23 PM
To: 'Drew Copley'; [EMAIL PROTECTED]
Subject: RE: Bypassing Personal Firewalls
(Sidenote: a number of previous apps used to test PFWs or Application
Firewalls --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco can confirm the statement made by FX from Phenoelit in his message
Cisco IOS OSPF exploit posted on 2003-Feb-20. The OSPF implementation in
certain Cisco IOS versions is vulnerable to a denial of service if it
receives a flood of neighbor
(Sidenote: a number of previous apps used to test PFWs or Application
Firewalls --
http://www.pcflank.com/art21.htm )
Yes, these are great tests. Most PFWs block them all now.
There are a number of ways to do this, you use the more popular method of
openprocess and
writeprocess memory.
19 matches
Mail list logo