Info.
-
+ Type: To gain visibility
+ Software: Cross-Referencing Linux.
+ Verions: until 0.9.2
+ Exploit: Si.
+ Autor:Albert Puigsech Galicia
+ Contact: [EMAIL PROTECTED]
Hello,
Under certain conditions it is possible to execute arbitrary code using
a buffer overflow in the recent qpopper.
You need a valid username/password-combination and code is (depending on
the setup) usually executed with the user's uid and gid mail.
Explanation:
Qualcomm provides their
Hi!
Both to bugtraq and mysql list:
This issue has been adressed in 3.23.56 (release build is started
today), and some steps were taken to alleviate the threat.
In particular, MySQL will no longer read config files that are
world-writeable (and SELECT ... OUTFILE always creates world-writeable
Hello...
On Sat, 2003-03-08 at 03:58, [EMAIL PROTECTED] wrote:
Hi. I tried this on my own MySQL 3.23.55 !!!
I found out that logging as the root user, we can change mysqld to run as root
instead that i.e. mysql but this works only if there's just one my.cnf file and it
is locate in
- Chris Gordon [EMAIL PROTECTED] has been watching DNS
traffic at www.dshield.org and was wondering if something was coming
and wanted to know if I had seen anything to indicate a DNS worm or
virus was propagating. Chris, I have not noticed anything along those
lines but all I did was actively
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 258-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 10th, 2003
Direct solution:
No direct solution at this time.
Workaround:
Avoid using the welcome screen and use only the normal logon screen.
http://www.kellys-korner-xp.com/xp_wel_screen.htm
or
http://www.google.com/search?q=%2BSpecialAccounts+%2BWindows+%2BXP
Wellknown and supported way to
--
SNS Advisory No.63
DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code
Problem first discovered on: Sun, 02 Mar 2003
Published on: Mon, 10 Mar 2003
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Linux: format string vulnerability in zlib (gzprintf)
Advisory number:
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Linux: remote buffer overflow in sendmail (CERT CA-2003-07)
Advisory number:
Informations :
°°
Language : PHP
Website : http://www.phpnuke.org
Version : 6.0 6.5 RC2
Modules : Forums, Private_Messages
Problem : SQL Injection
PHP Code/Location :
°°°
/modules/Forums/viewtopic.php :
man 1.5l was released today, fixing a bug which results in arbitrary code
execution upon reading a specially formatted man file. The basic problem
is, upon finding a string with a quoting problem, the function my_xsprintf
in util.c will return unsafe (rather than returning a string which could
be
!--
The following sample format contains malformed MIME header along with
the Base64 encoded executable.
--
MIME-Version: 1.0
--=_NextPart_000__01C2E1F4.0D559EA0
Content-Location:file:///tomatell.exe
Content-Transfer-Encoding: base64
Name: SOHO Routefinder 550 VPN, DoS and Buffer Overflow
Date: 11th of Marts 2003
Software affected: RF550VPN Firmware v463, v464 beta
(prior versions are vulnerable - other models might
be affected as well!)
Advisory:
Hello,
i just checked and got:
Suse 7.3 (qpopper.rpm 4.0.3-34) is vulnerable, you get
id
uid=503(test) gid=0(root) groups=0(root)
(Using Mailuser test).
Same goes for Suse 8.0 (qpopper-4.0.3-168)
The overflow isnt logged anywhere, you just see normal pop logins.
Jonas
On Mon, 2003-03-10 at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - -
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-10
- - -
PACKAGE : ethereal
SUMMARY :
!--
Step 2: Now create a text file that will be used to hold the MIME
encoded attachment. Start notepad (or another text editor), and
paste
in:
MIME-Version: 1.0
Content-Location:file:///executable.exe
Content-Transfer-Encoding: base64
While working to develop code for WIDZ that is equivalent to a standard
Intrusion Detection systems RESET or SHUN functionality, an effective
802.11b disruption of service attack has been discovered. I havent
spotted any other postings so here we go
.
FATA-jack - a modified version of
On 10 Mar 2003, Tom Tanaka wrote:
CANON SYSTEM SOLUTIONS INC. Security Alert
VULNERABILITY:.MHT Buffer Overflow in Internet Explorer
DATE FOUND:March 2, 2003
Severity:High Risk(code can be executed remotely)
[snip]
The following error will occur when the above file is browsed
Hi, all.
We release the information about the vulnerability of Opera, here.
And we hope that this vulnerability be fixed by Vendor immediately.
___
-
Synopsis: [Opera
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : REVISED: Lax
permissions on /dev/X
21 matches
Mail list logo