Notepad popups in Internet Explorer and Outlook

Hi, Do Notepad popups represent a security risk or are they simply another way for spammers and marketers to annoy us? Because of a design flaw in Internet Explorer, Notepad popup windows can be displayed from an HTML email message or Web page regardless of browser security settings. In addition,

Re: Invision Board spoof and defacement

In-Reply-To: <[EMAIL PROTECTED]> You've got to be kidding me? >The vendor hasn't been notified because of their >handling of previous vulnerabilties I found in Invision >Board I am extremely responsible with regards to security and in most cases I've had a fix ready and available within 30 minu

[SECURITY] [DSA-368-1] New xpcd packages fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 368-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman August 8th, 2003

TSLSA-2003-0029 - postfix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2003-0029 Package name: postfix Summary: Denial of service Date: 2003-08-04 Affected versions: TSL 1.2, 1.

[SECURITY] [DSA-369-1] New zblast packages fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 369-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman August 8th, 2003

Re: Macromedia DW MX PHP Authentication Suit Vulnerabilities

In-Reply-To: <[EMAIL PROTECTED]> Thank you for bringing this to our attention. Macromedia has contacted the author to get more details, and will respond to the community with our findings as soon as possible. If you feel you have additional information on this or any other security concern, p

PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability

Ph4nt0m Security Advisory #2003--8-10 Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability By "jsk"

Chatserver - XSS ( push )

-- - EXPL-A-2003-019 exploitlabs.com Advisory 019 -- -= CHAT SERVER =- exploitlabs Aug 08, 2003 Product: Chat Serve

[RHSA-2003:241-01] Updated ddskk packages fix temporary file vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Red Hat Security Advisory Synopsis: Updated ddskk packages fix temporary file vulnerability Advisory ID: RHSA-2003:241-01 Issue date:2003

KaHT II - Massive RPC Dcom exploit..

multithreading &os detection && macros support... exploit can be found here: www.croulder.com/haxorcitos/kaht2.zip example: KaHT.exe 10.10.40.0 10.10.255.255 300 _ KAHT II - MASSIVE RPC EXPLOIT DCOM RPC exploit. Modified by [EMAIL PR

DCOM worm analysis report: W32.Blaster.Worm

A Bugtraq user has already pointed out that a worm has been discovered in the wild that exploits the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (Bugtraq ID 8205) to infect host systems. Symantec has been tracking its activity and is currently conducting analysis/full disass

ZH2003-23SA (security advisory): HostAdmin Path Disclosure

ZH2003-23SA (security advisory): HostAdmin Path Disclosure Published: 12 august 2003 Released: 12 august 2003 Name: HostAdmin Affected Systems: current version Issue: Remote attackers can know the path of the site Author: [EMAIL PROTECTED] Vendor: http://dreamcost.com/?page=hostadmin Des

Netris client Buffer Overflow Vulnerability.

-[INTRODUCTION]- Netris is a Linux clone of the classic infamous game Tetr*s, giving users three main game modes: play an individual game, server mode: bind to a port and wait for an incoming connection from an opponents Netris client, and connect mode: connect to an opponents Netris client which

Re: Buffer overflow prevention

Eygene A. Ryabinkin wrote: I have an idea on buffer overflow prevention. I doubt that it's new, but I haven't seen an implementation of it in any freely distributable Un*x system. So, I hardly need your comments on it. ... The idea itself: all (correct me if I'm wrong) buffer overflows are based o

Re: Buffer overflow prevention

On Wed, Aug 13, 2003 at 02:28:33PM +0400, Eygene A. Ryabinkin composed: > I have an idea on buffer overflow prevention. I doubt that it's > new, but I haven't seen an implementation of it in any freely > distributable Un*x system. So, I hardly need your comments on it. Then why post this to a p

Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalatio n Vulnerabilities

Portcullis Security Advisory CiscoWorks 2000 Priviledge Escalation Vulnerability Vulnerability discovery and development: [EMAIL PROTECTED] Affected systems: Ciscoworks 2000 Details: Portcullis have discovered that using the default Guest account which has no password set, that it is poss

RE: Microsoft MCWNDX.OCX ActiveX buffer overflow

I find no "MCWNDX.ocx" on my system nor on google. It may be a Windows locality issue. Microsoft Multimedia Control fits the description, though, as you noted. It does have a "FileName" method and uses the .mci filetype, but on Windows 2000 it is not a safe activex control for scripting on webpage

RE: Microsoft MCWNDX.OCX ActiveX buffer overflow

Hi Drew, Long time no speak. Blink coming along? MCI32.ocx is marked safe for initialization, so an attack is still possible. Doesn't seem like the filename argument suffers from an overflow tho'. Perhaps you could try this on 2k and see if this really is just a red herri

CERT Advisory CA-2003-21 GNU Project FTP Server Compromise

-BEGIN PGP SIGNED MESSAGE- CERT Advisory CA-2003-21 GNU Project FTP Server Compromise Original issue date: August 13, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Overview The CERT/CC has received a report that the syste

Re: Buffer overflow prevention

On Wed, 13 Aug 2003 [EMAIL PROTECTED] wrote: > Some languages offer runtime range checking, which should bring much > security, but often is really slow :( In the times of Java and XML used for almost everything, it's not like we strive for every single CPU cycle nowadays in common applications a

Re: Buffer overflow prevention

I think this is overkill and will probably cause your applications to run much slower than they already do. I don't see why one couldn't simply put the variable information *after* the rest of the stack information, instead of before, and have the kernel zero out the next stack frame before it get

Phrack #61 is OUT!

Hi, The Phrack Staff is proud to release the _original_ PHRACK #61 to the public. *** NOW AVAILABLE AT HTTP://WWW.PHRACK.ORG *** NOW AVAILABLE AT HTTP://WWW.PHRACK.ORG *** NOW AVAILABLE AT HTTP://WWW.PHRACK.ORG PHRACK MAGAZINE is one of the longest runni

Re: 3 Comprehensive links in combat with MSBlaster Worm

In-Reply-To: <[EMAIL PROTECTED]> > >And remember... PATCH and block the ports 135 - 139 -445 - 593 > In adition you should block ports 69 and Jean-Luc Cavey

Re: Buffer overflow prevention

On Wednesday, Aug 13, 2003, at 03:28 US/Pacific, Eygene A. Ryabinkin wrote: Hi! I have an idea on buffer overflow prevention. I doubt that it's new, but I haven't seen an implementation of it in any freely distributable Un*x system. So, I hardly need your comments on it. Preliminary: I'm ta

Buffer overflow prevention

Hi! I have an idea on buffer overflow prevention. I doubt that it's new, but I haven't seen an implementation of it in any freely distributable Un*x system. So, I hardly need your comments on it. Preliminary: I'm talking about Intel x86 architecture, but maybe it will be applicable to others a

RE: [Full-Disclosure] msblast.exe

Here is the latest on this from McAfee and Trend. http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547 http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSB LAST.A Rob. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Beh

Cisco IOS HTTP remote exploit

Hi there, finally released, the exploit for the Cisco IOS HTTP 2GB overflow http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml and the IOS 11.x remote sniffer using the bug described here: http://www.cisco.com/warp/public/707/cisco-sn-20030731-ios-udp-echo.shtml Exploit: h

Subnet Bandwidth Management (SBM) Protocol subject to attack via the Resource Reservation Protocol (RSVP)

Network Penetration www.networkpenetration.com Copyright (c) 2003 Ste Jones [EMAIL PROTECTED] Subnet Bandwidth Management (SBM) Protocol subject to attack via the Resource Reservation Protocol (RSVP) Introduction The resource reservation protocol (RSVP) is used within the Subnet

[SECURITY] [DSA-361-2] New kdelibs-crypto packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 361-2 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman August 9th, 2003

PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4

--- PUCCIOLAB.ORG - ADVISORIES --- PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4 --- PuCCiOLAB.ORG Security Advisories

Remote denial of service vulnerability in Meteor FTP Version 1.5

www.evicted.org [EMAIL PROTECTED] August 8, 2003 Meteor FTP Version 1.5 Remote Denial of Service Vulnerability 1. Introduction Meteor FTP is a personal ftp server that runs on Windows98/ME/2K/XP. 2. Vulnerability - A vulnerability exists in Meteor FTP Version 1.

Lotus Sametime 3.0 == vulnerable. Lotus lied.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The following is my response to IBM / Lotus concerning their denial reaction to the vulnerabilities disclosed in Sametime. This is not a flame / troll, and there is some new information here, including a packet level analysis of a CURRENT Sametime

FreeBSD Security Advisory FreeBSD-SA-03:10.ibcs2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-03:10.ibcs2 Security Advisory The FreeBSD Project Topic: K

Microsoft MCWNDX.OCX ActiveX buffer overflow

Microsoft MCWNDX.OCX ActiveX buffer overflow = PROGRAM: MICROSOFT MCIWNDX.OCX ACTIVEX BUFFER OVERFLOW HOMEPAGE: www.microsoft.com VULNERABLE VERSIONS: MCWNDX is an ActiveX shipped with Visual Studio 6 to support multimedia programming. DESCRI

re: rpc sdbot

I am sorry I typo'd that url: it's http://www.moosoft.com/thecleaner/rpcsdbot.zip Cursed dsylexia! Daniel

ZH2003-19SA (security advisory): BBPro Store Builder Path Disclosure

ZH2003-19SA (security advisory): BBPro Store Builder Path Disclosure Published: 10 august 2003 Released: 10 august 2003 Name: BBPro Store Builder Affected Systems: current version Issue: Remote attackers can know the path of the site Author: [EMAIL PROTECTED] Vendor: http://www.imediasoft

3 Comprehensive links in combat with MSBlaster Worm

More DCOM Fun, The boards and lists are flooded with data on this little bugger. Almost too much data, and vital stuff gets lost in the myriad email chains and re: threads. I summed up these 3 links for easy access. Hope it helps. DCOM ISS Scanner: http://www.iss.net/support/product_utilities/ms03

PostNuke Downloads & Web_Links ttitle variable XSS

PostNuke Downloads & Web_Links ttitle variable XSS -- Product: PostNuke Vendor: PostNuke WWW.POSTNUKE.COM Versions Vulnerable: PostNuke Phoenix 0.7.x.x Phoenix 0.7.2.3 with patches ( in all versions ) Phoenix 0.7.2.3 without patches (in all versions ) 0.7.2.1 (All prio

SuSE Security Announcement: kernel (SuSE-SA:2003:034)

-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:kernel Announcement-ID:SuSE-SA:2003:034 Date: Tue Aug 12

RE: Microsoft RPC DCOM exploit descriptions

Internet Security Systems (http://www.iss.net) has released a scan tool to check for the MS03-026 patch on Windows servers. I've downloaded and run this tool, command-line only, on my servers and it reports correctly that they are patched. Running a scan on the 35-10.40.x range though yields 5 sy

Re: Microsoft MCWNDX.OCX ActiveX buffer overflow

In-Reply-To: <[EMAIL PROTECTED]> Does anyone know what the guid for this control is? I don't have it on XP with Visual Studio 6 installed. Could this be the same as the Microsoft Multimedia Control, aka MCI32.OCX? Cheers, ~ol > Microsoft MCWNDX.OCX ActiveX buffer overflow > ===

Re: Buffer overflow prevention

On Wed, Aug 13, 2003 at 12:13:27PM -0700, Nicholas Weaver wrote: > This only stops attacks which overwrite the return address pointers on > the stack, it doesn't stop heap overflows or other control-flow > attacks. ACK. Often there are function pointers stored on the heap - so this does not reall

Xprobe2 0.2rc1 release, white paper release, and Blackhat presentation availability

We are pleased to announce the immediate availability of Xprobe2 v0.2 rc1, which has been officially released at the Blackhat briefings USA 2003. Xprobe2 is a remote active operating system fingerprinting tool with a different approach to operating system fingerprinting. Information on Xpr

[SECURITY] [DSA-371-1] New perl packages fix cross-site scripting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 371-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman August 11th, 2003

DameWare Mini-RC Shatter

Program: DameWare Mini Remote Control Server Version: Prior to 3.71.0.0 Impact: Users can escalate to SYSTEM Discovered: ash Writeup and exploits: ash 1) Background From DameWare Development web site: A lightweight remote control intended primarily for administrators and help desks for q

Re: question about oracle advisory

David: Do you have any plans to release proof of concept code for the Oracle exploit? The reason I ask is that "due to architectural constraints," Oracle is not planning on releasing a patch for 8i releases. We contacted them about this, but they're sticking to their guns about the exploit requi

[OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

New Windows DCOM Worm - msblast.exe (fwd)

David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- The battle for the past is for the future. We must be the winners of the memory war. -- Forwarded message -- Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED

Immunix Secured OS 7+ wu-ftpd update

[Please do not set your mail system to send out-of-office autoreplies on public mail lists. It is inconsiderate. Whichever mail list you received this mail from should include headers that you can use to select whether vacation(1) or procmail(1) should respond. procmail users, please see procmailex

[SECURITY] [DSA-365-1] New phpgroupware package fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 365-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman August 5th, 2003

[CLA-2003:720] Conectiva Security Announcement - lynx

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : lynx SUMMARY : CRLF injection local vulnerab

RE: Notepad popups in Internet Explorer and Outlook

The problem at hand is not one of Notepad or the view-source protocol, but of the behavior inherant to Internet Explorer on how to handle certain mimetypes and protocols. Your advisory (good as it is) highlights an example of the problem, but disregards the larger picture. Whether or not a specifi

ZH2003-18SA (security advisory): News Wizard Path Disclosure

ZH2003-18SA (security advisory): News Wizard Path Disclosure Published: 10 august 2003 Released: 10 august 2003 Name: News Wizard Affected Systems: 2.0 Issue: Remote attackers can know the path of the site Author: [EMAIL PROTECTED] Vendor: http://www.imediasoftware.com/products/newswizard

ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure

ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure Published: 11 august 2003 Released: 11 august 2003 Name: Zorum Affected Systems: v.3.4 Issue: Remote attackers can inject XSS script and know the path of the site. Author: [EMAIL PROTECTED] Vendor: http://zoru

Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1all binaries

Title:Local Vulnerability in IBM DB2 7.1 - 8.1 all binaries Date: 27-07-2003 Platform: Only tested in Linux but can be exported to others. Only versions 7.1 and Enterprise Server Edition v8.1 were checked but could affect other versions. Impact: Slight privi

Directory Traversal in Sun iPlanet Administration Server 5.1

Text of original posting to Sun: >>Originator: EDS Information Assurance Group - Jim Hardisty, Mark Brewis >>Date of Contact: 22nd April 2003 >>Issue:During a recent Penetration Test, a member of the team, Jim Hardisty, identified an issue with an installation of >>iPlanet Administration Express

mod_dosevasive v1.6: Apache DoS Evasive Maneuvers Module

Date: 8/6/2003 @ 17:30 Version: 1.6 Website URL: http://www.networkdweebs.com/stuff/security.html Download URL: http://www.networkdweebs.com/stuff/mod_dosevasive.tar.gz Description: mod_dosevasive is a module for Apache 1.3 giving Apache the ability to detect and fend off request-based DoS/DDoS

Virginity Security Advisory 2003-001 : Hola CMS - Admin Password Disclosure by Include vulnerability

- - - Virginity Security Advisory 2003-001 - - - DATE : 2003-08-13 03:11 GMT TYPE : remote VERSIONS AFFECTED : <== hola-cms-1.2.9-10

TSLSA-2003-0030 - stunnel

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2003-0030 Package name: stunnel Summary: Denial of service Date: 2003-08-07 Affected versions: TSL 1.2, 1.

ZH2003-17SA (security advisory): geeeekShop Shopping Cart Path Disclosure

ZH2003-17SA (security advisory): gkShop Shopping Cart Path Disclosure Published: 9 august 2003 Released: 9 august 2003 Name: gkShop Shopping Cart System Affected Systems: 1.4.0 Issue: Remote attackers can know the path of the site Author: [EMAIL PROTECTED] Vendor: http://www.geee

ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak

ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak Published: 10 august 2003 Released: 10 august 2003 Name: Stellar Docs Affected Systems: v1.2 Issue: Remote attackers can know the path of the site and access the administrative section Author: [EMAIL PROTECTED

[SECURITY] [DSA-367-1] New xtokkaetama packages fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 367-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman August 8th, 2003

RE: [Full-Disclosure] Microsoft MCWNDX.OCX ActiveX buffer overflow

What about pointing the OBJECT tag codebase to a known, or probable, location on the victim's own hard drive? ActiveX never implemented any type of "same origin policy" the way JavaScript does, so a local codebase reference should work as a technique to silently activate any Microsoft-signed Activ

FreeBSD Security Advisory FreeBSD-SA-03:09.signal

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-03:09.signal Security Advisory The FreeBSD Project Topic: I

netris[v0.5]: client/server remote buffer overflow exploit.

/*[ netris[v0.5]: client/server remote buffer overflow exploit. ]* * * * by: vade79/v9 [EMAIL PROTECTED] (fakehalo/realhalo) * * * * netris homepage/URL:

man-db[v2.4.1-]: open_cat_stream() privileged call exploit.

#!/bin/bash # xmandb.sh: shell command file. # # man-db[v2.4.1-]: local uid=man exploit. # by: vade79/v9 [EMAIL PROTECTED] (fakehalo) # # open_cat_stream() privileged call exploit. # # i've been conversing with the new man-db maintainer, and after the # initial post sent to bugtraq(which i forgot

Re: Buffer overflow prevention

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is not a complete solution. It's just like non-executable stack that prevents a certain number of buffer overflows in the stack. Heap overflows, or some advanced buffer overflow attacks can easily bypass this approach. Furthermore, let's suppose w

CERT Advisory CA-2003-20 W32/Blaster worm

-BEGIN PGP SIGNED MESSAGE- CERT Advisory CA-2003-20 W32/Blaster worm Original issue date: August 11, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected * Microsoft Windows NT 4.0 * Microsoft Windows 2000

BBCode XSS in XOOPS CMS

Informations : ° Language : PHP Bugged Versions : 1.3.x and less (+ 2.0.x and less ? not checked) Safe Version : 2.0.3 Website : http://www.xoops.org Problem : BBcode XSS PHP Code/Location : °°° This hole can be used in modules : - Private Messages - News - NewBB (forum)

ZH2003-15SA (security advisory): IdealBB XSS Vulnerability

ZH2003-15SA (security advisory): IdealBB XSS Vulnerability Published: 7 august 2003 Released: 7 august 2003 Name: IdealBB Affected Systems: 1.4.9 beta Issue: Remote attackers can inject XSS script Author: [EMAIL PROTECTED] Vendor: http://www.idealbb.com Description *** Zone-h

Re: man-db[v2.4.1-]: open_cat_stream() privileged call exploit.

In article <[EMAIL PROTECTED]>, Vade 79 wrote: ># man-db[v2.4.1-]: local uid=man exploit. Correction: 2.3.12 (a beta release) and 2.3.18 to 2.4.1. >echo "[*] making runme, and mansh source files..." >cat #include >#include >#include >#include >#include >int main(int argc,char **arg

Re: bug in Invision Power Board

In-Reply-To: <[EMAIL PROTECTED]> To repair Bug to edit the file admin.php and to add after the line: $IN['AD_SESS'] = $HTTP_POST_VARS['adsess'] ? $HTTP_POST_VARS['adsess'] : $HTTP_GET_VARS['adsess']; To add this : if (isset($IN['AD_SESS'])) { $IN['AD_SESS'] = htmlspecialchars($IN['AD_

Buffer Overflow in NetSurf 3.02

# # ZUD SECURITY TEAM PRESENT # #bug found by nimber# # Email : [EMAIL PROTECTED]# # Site:www.zudteam.org # # HomePage: www.nimber.plux.ru # # 7.08.2003

Re: Cisco CSS 11000 Series DoS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is to acknowledge your postings regarding a Denial of Service vulnerability in the Cisco CSS 11000 platforms located at: Vulnwatch list: http://lists.insecure.org/lists/vulnwatch/2003/Jul-Sep/0073.html BUGTRAQ: http://www.securityfocus.com/ar

[RHSA-2003:255-01] up2date improperly checks GPG signature of packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Red Hat Security Advisory Synopsis: up2date improperly checks GPG signature of packages Advisory ID: RHSA-2003:255-01 Issue date:2003-08-

Re: Buffer overflow prevention

There is a flag for the Gnu C/C++ compilers, -fstack-protector, that will implement ProPolice stack protection. It should prevent stack smashing techniques. On Wednesday 13 August 2003 05:28 am, Eygene A. Ryabinkin wrote: > Hi! > I have an idea on buffer overflow prevention. I doubt that it

Halflife exploit that provides a shell in fbsd

hk-vig of UHAGr and wsxz of Priv8security published a high risk remote root exploit (if running by root) against Halflife <= 1.1.1.0 (including all mods like CS, DoD) and dedicated server 3.1.1.1c1/4.1.1.1a. Exploitation successfully tested on FreeBSD.This code is based upon the recent halfli

MDaemon 5.0.5 authentication vulnerability

Hello, There is a security problem on MDaemon 5.0.5 (maybe other versions affected as well) regarding smtp authentication. Blank password authenticates any valid user: For primary domain: User: VALIDUSER or [EMAIL PROTECTED] Password: blank password For secondary

Cisco Security Advisory: CiscoWorks Application Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: CiscoWorks Application Vulnerabilities Revision Numeral 1.0: INTERIM = For Public Release 2003 August 13 UTC 1500 - ---

[OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

Apology re: Buffer Overflow Prevention

On Wed, Aug 13, 2003 at 02:28:33PM +0400, Eygene A. Ryabinkin composed: > I have an idea on buffer overflow prevention. I doubt that it's > new, but I haven't seen an implementation of it in any freely > distributable Un*x system. So, I hardly need your comments on it. Please accept my apology

rpc sdbot

This sdbot variant has been spreading around Undernet and is a combination of the msblast worm, sdbot and spybot. It installs as a service and triggers WFP which I think was a mistake. Termination of the process causes an immediate reboot. Samples are available here: http://www.moosoft.com/t

ZH2003-24SA (security advisory): ChitChat.NET XSS Vulnerability

ZH2003-24SA (security advisory): ChitChat.NET XSS Vulnerability Published: 13 august 2003 Released: 13 august 2003 Name: ChitChat.NET Affected Systems: 2.0 Issue: Remote attackers can inject XSS script Author: [EMAIL PROTECTED] Vendor: http://clickcess.com/ Description *** Zo

Re: Buffer overflow prevention

On Wed, 13 Aug 2003, Eygene A. Ryabinkin wrote: [ BUGTRAQ is probably not the best place for such a discussion, but I'm not sure SECPROG is still alive and kicking, so... ] > I have an idea on buffer overflow prevention. Well, no, strictly speaking, you don't =) You have an idea for preventing

Denial of Service Vulnerability in NFS on IRIX

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: Denial of Service Vulnerability in NFS XDR decoding Number : 20030801-01-P Date : August 13, 2003 Reference: