-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:apcupsd
Announcement-ID:SuSE-SA:2003:022
Date:
-- Corsaire Security Advisory --
Title: Symantec Enterprise Firewall (SEF) HTTP URL pattern evasion issue
Date: 24.02.03
Application: Symantec Enterprise Firewall (SEF) 7.0
Environment: Windows NT 4.0, Windows 2000,
Author: Martin O'Neal [EMAIL PROTECTED]
Audience: General Distribution
--
Original Advisory: Tuesday, March 25, 2003
Severity: Medium - High
Description: Unencrypted tax-return information saved in C:\My Documents
by default can pose security risks, and may disclose financial/personal
information to the Internet via peer-to-peer (P2P) networks.
Version: Tested on
In-Reply-To: [EMAIL PROTECTED]
From: Jim Geovedi [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: PHPNuke viewpage.php allows Remote File retrieving
Message-Id: [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
References: [EMAIL PROTECTED]
[EMAIL PROTECTED]
Organization: Will Work For
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2003-004
=
Topic: Format string vulnerability in zlib gzprintf()
Version:NetBSD-current: source prior to March 5, 2003
NetBSD 1.6:
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2003-007
=
Topic: (Another) Encryption weakness in OpenSSL code
Version:NetBSD-current: source prior to March 21, 2003
NetBSD-1.6.1:
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2003-005
=
Topic: RSA timing attack in OpenSSL code
Version:NetBSD-current: source prior to March 19, 2003
NetBSD-1.6: affected
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2003-008
=
Topic: faulty length checks in xdrmem_getbytes
Version:NetBSD-current: source prior to March 21, 2003
NetBSD-1.6.1:not
As a follow to this, the vendor has now released a permanent fix for the
product, which can be downloaded from:
http://www.clearswift.com/download/SQL/downloadList.asp?productID=301
Regards,
Martin O'Neal
Hi,
Here you can find the tool used to make a proof of concept for the
Vaudenay's TLS Timing Attack for OpenSSL/9.7a. (CAN-2003-78)
BID REF: 6884
http://omen.vuagnoux.com
This attack was tested on a IMAPrev4 server (WU) encapsuled by
stunnel-3.22 using OpenSSL/9.7
//(#) Mordred Security Labs advisory
Release date: March 26, 2003
Name: Integer overflow in PHP memory allocator
Versions affected: 4.3.2
Risk: very high
Author: Sir Mordred ([EMAIL PROTECTED], http://mslabs.iwebland.com)
I. Description:
PHP is a widely-used general-purpose scripting language
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 269-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 26th, 2003
Unfortunately, on my US Windows 2K SP3 build (and I assume all others),
those %u directives get translated into question marks. (0x003F in hex)
:
This exploit must be much easier to get reliable on other language
versions. A shame, really.
Did you use my encoder or did you write your shellcode
If you could follow up on this and give more details (versions affected)
etc etc; as it stands I'm gonna confirm that viewpage.php hasn't existed
for quite some time and that this is a pretty pointless advisory.
Thanks,
Christopher Warner
On Tue, 2003-03-25 at 14:28, Jim Geovedi wrote:
On Tue,
On Tue, 2003-03-25 at 21:28, Jim Geovedi wrote:
On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote:
viewpage.php is a part of PHPNuke.
The Script allows an attacker to view all files on the System.
Example:
http://server.com/viewpage.php?file=/etc/passwd
Not repeatable with
15 matches
Mail list logo