st0ic wrote:
> Overview:
> Sierra's "StarSiege: Tribes" game is vulnerable to a DoS (Denial of
> Service) attack when running.
This game was released in 1998. The creators (Dynamix) have since dissolved.
When asked about open sourcing the game Sierra has replied "We don't have
any idea where
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 349-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 14th, 2003
--
- EXPL-A-2003-016 exploitlabs.com Advisory 016
--
-=- Looksmart / Grub Distributed Webcrawling Client -=-
Donnie Werner
http://exploitlabs.com
Vune
although it states impersonating system, in reality
cmd.exe is not launched as a cmd.exe process. Sorry folks
I should've done more testing on this one... I'll post the
new version on my site once it is finished.
http://sh0dan.org
thanks, and sorry again.
-wire
_
For
Asus have been notified but haven't even acknowledged yet alone mentioned a fix.
If the inbuilt webserver is activated, anyone on the local network can get the full
user/pass list from the router without any identification whatsoever by going to the
ip address of the router and appending /userda
Here's a quick summary of the amazingly high risk to the vast majority of
users running IE 5.5+ (including IE 6 SP1), even at the Medium security
level. This may be redundant to some, but I'm not sure the full impact is
obvious, especially since it's been around since 2001 and the advisories
Confirmed on Windows XP Professional with Tribes Release 1.11 4.28.00.
The PHP code would not work. The C code compiled without a hitch. It
promptly felled my local Tribes server.
I'll add further information to this...
Part of StarSiege spawned Tribes 2, which is where Dynamix dissolved
after being purchased by Sierra. (In France? WFT? Dynamix was located
in the US.)
Since then, another company now owns the Tribes 2 engine - Garage Games
(http://www.garagegames.com)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 348-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 11th, 2003
Follow @stakes advisory...
/* tac0tac0.c - pay no attention to the name, long
story...
*
* Author: Maceo
* Modified to take advantage of CAN-2003-0496 Named
Pipe Filename
* Local Privilege Escalation Found by @stake. Use with
their Advisory.
* [EMAIL PROTECTED] http://sh0dan.org
*
Title: IE chromeless window vulnerabilities
Affects: Internet Explorer 5.5 and later
Risk: Medium
Introduction
A window without a frame, title bar, toolbars or scroll bars is known as
a 'chromeless' window. If a chromeless window can be opened on top of
other windows, it is possible
Advisory name
=
Netscape 7.02 Client Detection Tool plug-in buffer overrun
Affected software
=
Netscape 7.02 for Windows
Problem description
===
Netscape 7.02 (and probably earlier versions) contains Client Detection
Tool plug-in that handles appl
On Tue, 08 Jul 2003 16:53:51 +0800, you wrote:
>Just modified WDAV exploit without netcat or telnet and with pretty magic number as
>RET ;P. Create on May, 2003.
I like people using copy&paste over another person's code, removing
credits and other useful information and sending a courtesy copy
Hello Scott,
Finjan Software may offer such a web proxy service in the future, using our gateway
product for behavior analysis.
You can also send me the details of the web site, and it will be analyzed in our
research center.
Please don't hesitate to ask questions.
--
Best Regards,
Menashe Eliez
ImageMagick's Overflow
Rosiello Security's Advisory
&
DTORS
http://www.rosiello.org
I. BACKGROUND
The ImageMagick (display) is an image viewer.
ImageMagick is part of the KDE desktop
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Red Hat Security Advisory
Synopsis: Updated nfs-utils packages fix denial of service vulnerability
Advisory ID: RHSA-2003:206-01
Issue date:
This has been possible for sometime now. Guninski originally showed that this could be
possible here:
http://www.guninski.com/popspoof.html
Date: 21 October 2001
Image moving over download/open dialog:
http://www.guninski.com/opf2.html
BSOD emulation:
http://www.guninski.com/bsod1.html
Al
TA-2003-07 Denial of Service Attack against Twilight WebServer 1.3.3.0
contributed by: rushjo
==
Tripbit Security Advisory
TA-2003-07 Denial of Service Attack against Twilight WebServer v1.3.3.0
==
sec-labs team proudly presents:
Remote DoS vulnerability in NeoModus Direct Connect 1.0 build 9
and probably newest version.
by Lord YuP
13/07/2003
I. BACKGROUND
Direct Connect is a windows (i've found also a linux version but
i don't have t
--
- EXPL-A-2003-015 exploitlabs.com Advisory 015
--
-= BlackBook =-
Donnie Werner
July 11, 2003
Vunerability(s):
--
Advisory Name: "Starsiege: Tribes" DoS
Release Date: 07/14/2003
Discovered: 06/09/2003
Application: Tribes.exe
Platform: PC with Windows 2k; others not tested
Severity: High
Discovery: JadaCyruS <[EMAIL PROTECTED]>
Author: st0ic <[EMAIL PROTECTED]>
Vendor: Sierra Entertainment - http://www.sierra.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Synopsis: Linux nfs-utils xlog() off-by-one bug
Product:nfs-utils
Version:<= 1.0.3
Vendor: http://sourceforge.net/projects/nfs/
URL:http://isec.pl/vulnerabilities/
CVE:CAN-2003-0252
Author:
22 matches
Mail list logo