On Mon, Apr 17, 2006 at 10:03:54PM +0200, Felix von Leitner wrote:
> static inline int range_ptrinbuf(const void* buf,unsigned long len,const
> void* ptr) {
> register const char* c=(const char*)buf; /* no pointer arithmetic on
> void* */
> return (c && c+len>c && (const char*)ptr-c }
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Title: Symantec LiveUpdate for Macintosh Local Privilege Escalation
Threat: Moderate
Impact: Local Privilege Escalation
Product: LiveUpdate for Macintosh
Situation Overview:
Some components of Symantecs LiveUpdate for Macintosh do not set their
David Litchfield of NGSSoftware has discovered multiple critical and high
risk vulnerabilities in Oracle's Database Server. Versions affected include
Oracle Database 10g Release 2, versions 10.2.0.1, 10.2.0.2
Oracle Database 10g Release 1, versions 10.1.0.4, 10.1.0.5
Oracle9i Database Release 2,
Felix von Leitner wrote:
...
> Here is one of my functions:
>
> static inline int range_ptrinbuf(const void* buf,unsigned long len,const
> void* ptr) {
> register const char* c=(const char*)buf; /* no pointer arithmetic on
> void* */
> return (c && c+len>c && (const char*)ptr-c }
>
> Of
KAPDA New advisory
Mambo website : http://www.mamboserver.com
Bug: Path Disclosure & Remote Denial Of Service
Exploitation: Remote with browser
Exploit: available
Description:
Mambo is a feature-rich dynamic portal engine/content
management tool capable of building sites from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:072
http://www.mandriva.com/security/
___
Website : www.phplister.org
Version : 0.4.1
Credits : B3g0k,Nistiman,Flot,Netqurd and other
my friends
Original Advisory :
http://advisory.patriotichackers.com/index.php?itemid=3
XSS :
http://www.site.com/[path]/index.php?page=XSS
* Felix von Leitner:
> static inline int range_ptrinbuf(const void* buf,unsigned long len,const
> void* ptr) {
> register const char* c=(const char*)buf; /* no pointer arithmetic on
> void* */
> return (c && c+len>c && (const char*)ptr-c }
It seems that the problem is that
c + len >
Are you certain that should fail?
(unsigned long)-1 is a word with all bits set (on a twos-complement machine),
so I believe the result should be undefined with regard to overflow adding a
pointer.
It certainly seems reasonable for a compiler to optimize away a test for a
pointer in the range
On 2006-04-15 Thor (Hammer of God) wrote:
> It's a simple method to bypass malicious host file modification.
Make that "pointless method" and it's correct. To modify the hosts file
(or its location) malware would need administrative privileges. With
admin privileges the malware can do whatever it
exploit creates a frameset and redirects to
http://w00tynetwork.com/x/ ,it's interesting that the
redirects to http://211.22.14.50/.yahoomail/x.htm and spoofs a Yahoo login
page.
upon entering credentals, the site redirects back to http://mail.yahoo.com
so it simply looks like a bad login.
2
blur6ex Local File Inclusion and SQL injection .
A blog and simple content engine. Supports many
features found in larger systems
such as CSS layouts, RSS feeds, comments, trackbacks,
categories, archives, drafts, searching
MMS posting, and a multi-user permissions system.
Still in development and
Discovered by: Qex
Date: 18 April 2006
/axoverzicht.cgi?maand=[XSS]
Hi list,
To rgod: it would have been *very* nice to contact us before posting
this here...
The problem has been confirmed from release 0.9.9 up to 0.9.12-rc1, the
final 0.9.12 (which came out yesterday night) does fix the problem (+
another one of the same type introcuced in the 0.9.12 branch wh
https://bugzilla.mozilla.org/show_bug.cgi?id=334341
It is possible by a malicious web site to open local content in the browser by
tricking a user into right-clicking and choosing "View Image" on a broken
image, which is referencing a local resource (e.g. via the file: URI handler).
This may be
reflecting on this...
the offending url you give is http://w00tynetwork.com/x/
which contains a fake yahoo login ( for webmail )
(( and other exploits embedded within the site ))
you state this is a Yahoo Email vulnerability.
stop me if im wrong...
why would anyone be vulnerable to a Yahoo log
/*
*
$ An open security advisory #16 - Xine Media Player Format String Bug
**
On Mon, 17 Apr 2006, Felix von Leitner wrote:
> static inline int range_ptrinbuf(const void* buf,unsigned long len,const
> void* ptr) {
> register const char* c=(const char*)buf; /* no pointer arithmetic on
> void* */
> return (c && c+len>c && (const char*)ptr-c }
>
> [...]
>
> assert(
Linpha 1.1.0 - XSS Vulnerabilities
Software: Linpha
Version: 1.1.0
Type: Cross Site Scripting Vulnerability
Date: Mon Apr 17 22:59:39 CEST 2006
Vendor: The LinPHA developers
Page: http://linpha.sourceforge.net/
Risc: Low
credits:
---
> From: Felix von Leitner [mailto:[EMAIL PROTECTED]
> Sent: Monday, 17 April, 2006 16:04
>
> static inline int range_ptrinbuf(const void* buf,unsigned
> long len,const void* ptr) {
> register const char* c=(const char*)buf; /* no pointer
> arithmetic on void* */
> return (c && c+len>c
Felix von Leitner wrote:
I wrote a small library of functions to do typical range checks as they
are needed in code that handles incoming packets or messages from
untrusted sources. My impetus was SMB code, in case you want to know.
Here is one of my functions:
static inline int range_ptrinbuf
21 matches
Mail list logo
