= Windows Media Services Remote Command Execution
=
= NSIISLOG.DLL Ver 4.1.0.3920
=
= MS Bulletin posted: May 28, 2003 revised May 30, 2003
= http ://www.microsoft.com/technet/security/bulletin/MS03-019.asp
=
= Affected
On Thu, May 29, 2003 at 03:33:06PM -0500, Scott A Crosby wrote:
They exploit the difference between 'typical case' behavior versus
worst-case behavior. For instance, in a hash table, the performance is
usually O(1) for all operations. However in an adversarial
environment, the attacker
In-Reply-To: [EMAIL PROTECTED]
The following can be taken as an official response from the vendor:
M-Tech Information Technology, Inc. (http://mtechIT.com/) to this
vulnerability:
1) The actual risk of these issues to production deployments of
P-Synch is nil, as users do not normally, or in
It also fixes the following, which wasn't mentioned in the summary (or
elsewhere, as far as I can see):
Cross-site Scripting in PHP's Transparent Session ID Support
http://shh.thathost.com/secadv/2003-05-11-php.txt
Sverre.
--
[EMAIL PROTECTED]
http://shh.thathost.com/
In-Reply-To: [EMAIL PROTECTED]
The problem was related to an additional PathInfo=Yes
parameter in the PathMapper object for the WebRoot
mapping in version 2.0.1.
There is patch available for a longer time, which fixes
this issue in the administration client :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: apache2
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure.
Trying to access the ServerInfo.jsp with an suffixed %00 shows the source
code of this JSP. Seems to be a forgotten debug feature :-]
-
Red Hat Security Advisory
Synopsis: Updated ghostscript packages fix vulnerability
Advisory ID: RHSA-2003:181-01
Issue date:2003-05-30
Updated on:2003-05-30
Product:
pokleyzz wrote:
Products: b2 cafelog 0.6.1 (http://cafelog.com/)
Date: 29 May 2003
Author: pokleyzz pokleyzz_at_scan-associates.net
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net
Recently I advised Microsoft of a vulnerability in Internet Explorer
that would cause the browser to browse to one web site but display a
completely different URL in the address bar. Due to inconsistent
handling of authentication credentials in a URL, IE will parse the
URL one way when browsing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NSFOCUS Security Advisory(SA2003-05)
Topic: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability
Release Date: 2003-5-30
CVE CAN ID: CAN-2003-0224
Affected system:
===
- - Microsoft IIS 5.0
Unaffected system:
In-Reply-To: [EMAIL PROTECTED]
The vulnerability exists in Unix version of Pi3Web
2.0.1 only,
which use the one of the following configuration files
shipped
with the binary distributions for Linux or Solaris :
/usr/local/Pi3Web/Conf/Devel.pi3
/usr/local/Pi3Web/Conf/Features.pi3
Note, that the
-
Yahoo! Security Advisory
Subject:Yahoo! Voice Chat Control: buffer overflow
Announced: 2003-05-30
Affects:Yahoo! Audio Conferencing versions prior to 1,0,0,45
running on any version of Microsoft Windows
Luke,
I just wanted to mention something I noticed in my own testing.
When I compiled prog.c with -O3 optimizations it supplied the expected
response.
$ gcc -Wall -O3 prog.c -o prog ; ./prog
2 2 3
1 3 3
1 2 4
2 3 4
/**/
/* 29/05/2003 - The Matrix Reloaded -*/
/* Proof of concept exploit by Alumni*/
/*-\--/--\--/--\--/--\--/--\--/--\--/--\--/--\--/-*/
/* In brief: */
/* 1) spawns shell on port
15 matches
Mail list logo