DoS attacks on MIME-capable software via complex MIME emails

== DoS attacks on MIME-capable software via complex MIME emails == == Preface == On the phneutral 0x7d8 and RSS 08, I gave short talks on a widely unregarded problem with MIME software. Due to popular demand, I decided to publish a short writeup of the talk. == What is MIME? == MIME is

[ MDVSA-2008:236-1 ] vim

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:236-1 http://www.mandriva.com/security/

PHP safe_mode can be bypassed via proc_open() and custom environment.

This *should* work provided that you have met the following requirements: 1) A writable directory under documentroot to place those files (obviously) 2) You don't have proc_open in your disabled_functions list 3) You are able to compile a shared library on the same platform as the target web

SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability

SEC Consult Security Advisory 20081209-0 = title: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability program

rPSA-2008-0332-1 kernel

rPath Security Advisory: 2008-0332-1 Published: 2008-12-09 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Local User Non-deterministic Privilege Escalation

Re: DoS attacks on MIME-capable software via complex MIME emails

Dear [EMAIL PROTECTED], Idea is not new. Same vulnerabilit was reported for Agnitum Outpost by Alexander Andrusenko in 2004, http://securityvulns.com/news3687.html Also, same vulnerabilities were reported and fixed in Sendmail (CVE-2006-1173). --Tuesday, December 9, 2008, 1:52:17

Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-

Litel Update. in the previous advisory there was some wrong report because of, the update of anti-virus product version. Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass

Secunia Research: Microsoft Word RTF Polyline/Polygon Integer Overflow

== Secunia Research 09/12/2008 - Microsoft Word RTF Polyline/Polygon Integer Overflow - == Table of Contents Affected

Secunia Research: Microsoft Excel NAME Record Array Indexing Vulnerability

== Secunia Research 09/12/2008 - Microsoft Excel NAME Record Array Indexing Vulnerability - == Table of Contents Affected

CORE-2008-1127 - Vinagre show_error() format string vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Vinagre show_error() format string vulnerability 1. *Advisory Information* Title: Vinagre show_error() format string vulnerability Advisory ID:

iDefense Security Advisory 12.09.08: Microsoft Internet Explorer 5.01 EMBED tag Long File Name Extension Stack Buffer Overflow Vulnerability (iDefense Exclusive)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 12.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 09, 2008 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since

iDefense Security Advisory 12.09.08: Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 12.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 09, 2008 I. BACKGROUND Microsoft Windows graphics device interface (GDI) enables applications to use graphics and formatted text on both the video

Secunia Research: Microsoft Hierarchical FlexGrid Control Integer Overflows

== Secunia Research 09/12/2008 - Microsoft Hierarchical FlexGrid Control Integer Overflows - == Table of Contents Affected

ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability

ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-083 December 9, 2008 -- CVE ID: CVE-2008-4255 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows XP -- TippingPoint(TM) IPS

ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability

ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-084 December 9, 2008 -- CVE ID: CVE-2008-4027 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Word Microsoft Outlook --

ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability

ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-085 December 9, 2008 -- CVE ID: CVE-2008-4028 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Word Microsoft Outlook -- TippingPoint(TM) IPS

ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability

ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-086 December 9, 2008 -- CVE ID: CVE-2008-4837 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Word -- Vulnerability Details: This

ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability

ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-087 December 9, 2008 -- CVE ID: CVE-2008-4259 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM)