Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
Roller 4.0.0 to Roller 4.0.1
Roller 5.0
The unsupported Roller 3.1 release is also affected
Description:
HTTP POST interfaces in the Roller admin/editor console were not
protected from CSRF attacks. This issue has been
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
Roller 4.0.0 to Roller 4.0.1
Roller 5.0
The unsupported Roller 3.1 release is also affected
Description:
Roller trusts bloggers to post HTML and JavaScript code in the weblog
and for some sites this can be a problem be
On 8 September 2010 05:17, dave b wrote:
> On 8 September 2010 05:09, dave b wrote:
>> etax 2010[0]
>
> Minor edit :)
> "> (note: you need a certificate for _any_ domain signed by a CA"
> should be:
> "> (note: you need a certificate for a doma
etax 2010[0]
1.fails to properly check the remote https server has a valid
certificate for the host it claims to be from.
Test case:
edit the hosts file like this:
IP_OF_HTTPS_SERVER_HERE etaxservices10.etax.ato.gov.au
e.g. 203.0.178.114
(note: you need a certificate for _any_ domain signed by a
On 8 September 2010 05:09, dave b wrote:
> etax 2010[0]
Minor edit :)
"> (note: you need a certificate for _any_ domain signed by a CA"
should be:
"> (note: you need a certificate for a domain that has been signed by
a signed by a CA installed on the client pc"
Summary:
In the default setup of wsgi, apache and django (at least on
ubuntu and debian) by default there are no limits on the size of a
file that an attacker can upload.
http://cwe.mitre.org/top25/#CWE-770 and see example 2 at
http://cwe.mitre.org/data/definitions/770.html
Vendor response:
"
If y
Sounds like you can fix this also with the Apache configuration directives you
list in the report. So, it seems that you simply need to update your httpd.conf
to proper settings for shared hosting and that there is no vulnerability,
except that your configuration is vulnerable.
so not vulnerable. Multikill is displayed correctly &
Nesty is partially displayed, after a warning that the message is too
complex.
== Credit ==
This bug was discovered by Bernhard 'Bruhns' Brehm at Recurity Labs.
Company page: http://www.recurity-labs.com
Eric Rescorla wrote on 08 August 2008 17:58:
> At Fri, 8 Aug 2008 17:31:15 +0100,
> Dave Korn wrote:
>>
>> Eric Rescorla wrote on 08 August 2008 16:06:
>>
>>> At Fri, 8 Aug 2008 11:50:59 +0100,
>>> Ben Laurie wrote:
>>>> However, sin
Eric Rescorla wrote on 08 August 2008 16:06:
> At Fri, 8 Aug 2008 11:50:59 +0100,
> Ben Laurie wrote:
>> However, since the CRLs will almost certainly not be checked, this
>> means the site will still be vulnerable to attack for the lifetime of
>> the certificate (and perhaps beyond, depending on
Ali,
I'm unable to reproduce such an issue on multiple servers running different
versions of cPanel. Does this reseller have the access to the 'all features'
privilege?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As of today, one of the best hacker books ever, long out of print and
unavailable except from eBay and crusty used book stores in the East
Village, is now available for free download here:
http://www.immunityinc.com/downloads/TheLongRun.pdf
Dave
I'm looking for technical contacts at Secure Computing in the Snap Gear
and Cyberguard product divisions who would be familiar with IP version 6
support.
Please reply directly, thank you!
begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;
No hang or crash in Webkit trunk builds.
(tested build 20943 from 2007-04-19)
-d.w.
On Apr 19, 2007, at 12:00 AM, Kevin Finisterre (lists) wrote:
Safari thinks it is sexy
On Apr 18, 2007, at 4:14 PM, Rob Bartlett wrote:
> IV. Proof
> http://www.infiltrated.net/stupidInternetExplod
chmod 711 dir
sets permissions: drwx--x--x
But for directories the x doesn't mean executable, it means
searchable. from man ls:
The file mode printed under the -l option consists of the entry type,
owner permissions, and group permissions. The entry type character
describes the type of
[EMAIL PROTECTED] wrote:
> very easy, in fact in less than two minute. The problem is similar to
> the bug I found in PGP last year.
The bug you did *NOT* find in PGP last year. All you did was bypass a
sanity check and show that you could decrypt a file with the wrong password
and get garba
, the "fdf" parameter
provides another mechanism for injecting a URL to exploit XSRF.
Dave F.
On 1/3/07, RSnake <[EMAIL PROTECTED]> wrote:
It's not a part of the URL string that is passed to the header:
http://www.google.com/appliance/pdf/google_gsa_datasheet.pdf#blah=javasc
Everyone's favourite native Win32 proxy: Bigger, better, faster, more...
http://www.bindshell.net/odysseus
And announcing Telemachus, a companion utility for Odysseus, allowing
further analysis and manipulation of the HTTP transactions that have passed
through Odysseus.
Telemachus can co
Juha-Matti Laurio wrote:
> Related to the newest MS Word 0-day
> http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx
>
> US-CERT Vulnerability Note VU#166700 released today lists the
> following new technical detail:
> "Microsoft Word fails to properly handle malform
Steven M. Christey wrote:
> In "Re: IE ActiveX 0day?" to Bugtraq on September 18, Alexander
> Sotirov asked:
>
>> What is your definition of memory corruption? How can a buffer
>> overflow not be a memory corruption error?
>
> The term "buffer overflow" continues to be too general for the variety
>
Successfully Exploited: High
Impact: Attacker impersonates legitimate user
Mitigating Factors: Requires discovery of a valid LtpaToken to exploit.
Discovery: Dave Ferguson, Security Consultant, FishNet Security
Initial Notification of Vendor: 08/28/2006
Permanent Advisory Location:
http
attendees.
The full conference description is available at:
http://www.owasp.org/index.php/OWASP_AppSec_Seattle_2006
Please contact me with any questions. Looking forward to seeing you all
there!
Thanks, Dave
p.s. I'd encourage everyone to sign up for the dinner event on Tuesday
night.
laces.
Thanks, Dave
Dave Wichers
OWASP Conferences Chair
-Original Message-
From: Dave Wichers [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 26, 2006 2:57 PM
To: 'SC-L@securecoding.org'; '[EMAIL PROTECTED]'
Subject: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct
tion is
open. In the mean time, I'd recommend booking your hotel and flights to
lock in advanced pricing
Thanks, Dave
Dave Wichers
OWASP Conferences Chair
-Original Message-
From: Dave Wichers [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 26, 2006 2:57 PM
To: 'SC-L@secure
On which version of phpBB was this tested?
Hey, guess what I just found out: Microsoft have deliberately sabotaged
their DNS client's hosts table lookup functionality.
Normally you can override DNS lookup by specifying a hostname and IP
directly in the hosts file, which is searched before any query is issued to
your dns server; th
Matthijs wrote:
> I hope nobody generates passwords with ANY kind of pseudo-RNG.
This is the main point, anyway.
> By the way, if the random function can only generate numbers between 0
> and 32767, won't 2 bytes be enough then? The algorithm will perform a
> modulo calculation anyway, so 4 byt
. In that
case then, seeding with more than 15 bits would be worthwhile.
I have not looked at Bash myself, to see what it actually does
--
Dave English Senior Software & Systems Engineer
Internet Platform Development, Thus plc
signature.asc
Description: PGP signature
John Richard Moser wrote:
> Here is a simple hack to break sudo and su to get free root. Add this
> to ~/.bashrc and fill in the following blanks:
>
> * ~/.root_kit/rk_su
> Your hacked su to give root on su --now-dammit
> * ~/.root_kit/silent_install_root_kit
> Your script to silently install rk
[EMAIL PROTECTED] wrote:
> Title : PasswordSafe 3.0 weak random number generator allows
> key recovery attack
> Date : March 23, 2006
> Product : PasswordSafe 3.0
Say, are you referring to /the/ PasswordSafe 3.0, you know, the one by
that Schneier guy, the one that's on s
d07rEQYkT4
i8KPrM9QjdvgIjKd6O/VAOkzBc3DqV7KNVR2Hewa3jOigTm7Yxil9o/nZt1TLxAI
9TN0uduc13WHC8WE2N41I8MQ+VdGTX3ANZkfgR90lua4A2E1ab9kCN2qbg+E7Cus
SkwsKp0qSH7bl8v0/R6c1hsYG0T1RwSWU6arAEliqzrrIbCm0Yxtgwp/CYFWC46j
TQNCcppNgcr/pVPojACy8WFtQ3wEb6rJ4ZjH1C5nOem2EoCBh10WFw==
=1Ww0
-END PGP SIGNATURE-
- End forwar
azurIt wrote:
> But everything has an other side..
Same goes for any other executable. This isn't news and it isn't unique
to firefox. If you download and install programs, or extensions, or
plugins, or active x objects, or any other kind of executable code, it can
be malicious. Why aren't
hnsqGA1LciGrVNua9SNMNLWCKf5Vo7Z0yXnlr2kJvkmvwJeBJ7o9/O0obCZ88dsi
pWrzg1GfHUSOhz4LJbPNoIi0u8PeRn1UwHCCPKt7OCq2Pe74iufXiTmTGkDPCMRj
ZKiMUnaDdjvw8v1Z+o/dGzv69/QYqBeew6IRRCZ6bhvk6waR54pRphIQx3AMpoJ7
jrtu1DzrsA61t/vN+OMVd0XRXboPFw6vpNDD47QodU8WOl5VjD6NMg==
=gW4T
-END PGP SIGNATURE-
- End forwarded message -
--
Dave McKinney
Symantec
keyID: BF919DD7
key fingerprint = 494D 6B7D 4611 7A7A 5DBB 3B29 4D89 3A70 BF91 9DD7
You don't have 300 dollars for vmware so you break into others people
systems to learn...That makes no since. If breaking into another persons
computer doesn't seem wrong then applying a serial/crack found at
astalavista.com or the bugs etc should not seem out of the question.
Better to screw a
Marcus,
You use the analogy of trespassing to describe unauthorized access to a
computer system or it's resources. I agree with you but I think a point
was missed...
The laws being passed today against *cyber crime* far exceed the basic
property laws. If someone gains access to a system he d
[EMAIL PROTECTED] wrote:
> (Windows boxes don't seem to send out a frag time exceeded on
> anything other than the first fragment.)
That's what the host requirements RFC demands: see e.g.
http://www.rfc-editor.org/rfc/rfc1122.txt
--quote--
3.2.2 Inte
[EMAIL PROTECTED] wrote in
news:[EMAIL PROTECTED]
> Because the buffer is only very small, I had to write small shellcode.
> The code is less than 100 bytes, and there are 6 bytes left. So there
> is still space to improve it. The stack seems to be static, every run
> at the exact same location.
[EMAIL PROTECTED] wrote in
news:[EMAIL PROTECTED]
> Just n' update:
> DAP searches for all its mirrors from mirrorsearch.speedbit.com
>
> I have no knowledge about HOW the mirrors are gathered.
Then your report should have been titled "Maybe DAP can be tricked to
download malicious file, maybe n
Evans, Arian wrote in
news:[EMAIL PROTECTED]
> Here, let's make the rendering issue simple:
>
> Due to IE being so content help-happy there are a
> myriad of IE-friend file types (e.g.-.jpg) that one
> can simply rename a metafile to for purpose of web
> exploitation, and IE will pull out the wond
Rainer,
They keep a good list of Computer Forensic events at:
http://www.forensicfocus.com/computer-forensics-events
Regards,
Dave
-Original Message-
From: Rainer Duffner [mailto:[EMAIL PROTECTED]
Sent: Monday, November 14, 2005 06:39
To: bugtraq@securityfocus.com
e format signatures, a vendor could presumable include
multiple virus definitions for one virus, one per file format, as
required
...
For more details, screenshots and examples please read my article "The Magic
of magic byte" at www.securityelf.org
...
--
Dave English
A Bugtraq user has already pointed out that a worm has been
discovered in the wild that exploits the Microsoft Windows DCOM RPC
Interface Buffer Overrun Vulnerability (Bugtraq ID 8205) to infect
host systems. Symantec has been tracking its activity and is
currently conducting analysis/full disass
m with Microsoft SMTPSVC(5.0.2195.6713);
Mon, 11 Aug 2003 13:55:33 -0700
Received: by stork.mightyoaks.local with Internet Mail Service (5.5.2656.59)
id ; Mon, 11 Aug 2003 13:55:32 -0700
Message-ID: <[EMAIL PROTECTED]>
From: David Vincent <[EMAIL PROTECTED]>
To: 'Dave A
Originally reported as affecting only WU-FTPD. It seems that the bug
is in code borrowed from the BSD C library. NetBSD, FreeBSD and OpenBSD
announcements attached.
David Mirza Ahmad
Symantec
PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the pas
David Mirza Ahmad
Symantec
PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the past is for the future.
We must be the winners of the memory war.-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Description
- ---
The following products
-- Forwarded message --
Date: Thu, 17 Jul 2003 XX:XX:XX
To: Dave Ahmad <[EMAIL PROTECTED]>
Subject: FW: Windows Update - Unsafe ActiveX control
Hi,
I would prefer not to reply to this post directly, but if possible can
you please mention the following (anony
This is a troll for out-of-office autoreplies, bounces, list
unsubscription acknowledgements, list rejection replies, support ticket
generation notices and other irritating junk-mail responses that are
triggered by Bugtraq posts.
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 E
been audited recently.
Dave Aitel
Immunity, Inc.
Hack Like You're In the Movies: http://www.immunitysec.com/CANVAS/
>
> The Sharp Zaurus is a linux-based PDA running Embedix. In the May
> version of the Sharp Zaurus newsletter, version 3.1 of the flash
> ROM was announced with v
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
Sabbe Dhamma Anatta-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 06.16.03:
http://www.idefense.com/advisory/06.16.03.txt
Linux-PAM getlogin() Spoofing Vulnerability
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
Sabbe Dhamma Anatta-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 05.30.03:
http://www.idefense.com/advisory/05.30.03.txt
Apache Portable Runtime Denial of Service a
d in the appendix."
That would be, uh, ALL NT applications?
Dave Aitel
SVP Research and Engineering
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ <--"Exploits that don't have to brute
force."
On Fri, 28 Mar 2003 09:30:23 -0600
"Eric Hines" <[EMAIL PROTECTED
ode manually, just
out of curiosity?
Dave Aitel
Advanced Engineering Directorate
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hacking like it's done in the
movies."
On Wed, 26 Mar 2003 22:55:12 +0900
¿ÀÁ¤¿í <[EMAIL PROTECTED]> wrote:
> my @return_addresses=(
> &
ave a chance to use the encoder sometime soon, I'm sure.
I'm not having the same problem you are with characters > 0x7f though.
Did you use the % character in your shellcode?
Dave Aitel
VP of Research and Development
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hacking l
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
-BEGIN PGP SIGNED MESSAGE-
- ---
Title: Flaw In ISA Ser
ently than previously hoped? I'm really
curious.
Also in the article is a insanely optimistic belief that most
vulnerabilities are found first by "researchers who publish them" and that
"it's been about a year since a significant 0day exploit was revealed."
Da
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
SSRT0845.txt.asc
Description: SSRT0845.txt.asc
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--- Begin Message ---
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0
Original issue date: March 17, 2003
Last rev
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--- Begin Message ---
A bounds check that was added to lprm in 1996 does its checking too
late to be effective. Because of the insufficient check, it may
be possible for a
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Snort Vulnerability Advisory [SNORT-2003-001]
Date: 2003-03-03
Affected Snort Vers
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--- Begin Message ---
Anyone using Snort might want to have a look at the latest ISS Advisory. There
is a vulnerability in Snort 1.8.0 - 1.9.0 in the RPC preprocessor, which
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 5016 invoked by alias); 24 Feb 2003 19:30:11 -
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
Date: Thu, 20 Feb 2003 14:04:01 -0800
From: Robert Moskowitz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [saag] Of potential interest -- Citibank tr
bility, which is very similar, I did a
quick sweep of other interesting programs.)
In fact, back in the day, I'd almost succeeded in getting a server to send
out the modified map file and automatically exploit connecting clients.
Dave Aitel
Immunity, Inc.
>Subject: Re: Epic G
m seeing with Windows 2000 SP3 here in my lab.
(I spent a while trying to track down what a particular field with the
Locator traffic was, but it turned out to be just a part of my stack.)
In practice, you would want to get the address of the data segment for
RPCRT4, I imagine, rather than the a
inputs to a program can be reduced intelligently by a
tester, compensating for incomplete knowledge of the target's
implementation or design.
Thank you,
Dave Aitel
Public and Media Relations
Immunity, Inc.
http://www.immunitysec.com/
917-545-4742
state of the locator service
until a local user binds to it to begin a lookup.
Other than this, the RPC Locator Service exploit is available as a
CANVAS module. (http://www.immunitysec.com/CANVAS/)
-dave
the end of
February (during BlackHat).
Thanks,
Dave Aitel
Media Relations
Immunity, Inc.
http://www.immunitysec.com/
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 1157 invoked by alias); 26 Jan 2003 04:53:18 -
Received: (qmail 1154 in
he Hello bug, I hereby pre-name it the "Yo
G! What's up! SQL!" worm.
Dave Aitel
Immunity, Inc.
On Sat, 25 Jan 2003 13:56:36 -0500
"trent dilkie" <[EMAIL PROTECTED]> wrote:
> Can anybody confirm that this worm is spreading on the Desktop Engine
> too?(MSDE)
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
--
Foundstone Research Labs Advisory - FS2002-10
Advisory Name: Multiple Exploitable
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
--
Foundstone Research Labs Advisory - FS2002-11
Advisory Name: Exploitable Windows X
. "LINES TERMINATED BY
> '__THIS_NEVER_HAPPENS__'",
>
>"SELECT a FROM $tbl LIMIT 1"
> );
Umm, this is my code. Please check any good Bugtraq archive for proof of
this fact. This is pretty much identical, except my English is better
:-).
> Luke (HVA)
> http://www.hackervn.net
Dave Wilson.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN: SSRT2301 - HP Tru64 UNIX uudecode
Potential Security
Vulnerability
REVISION: 0
NOTICE: There are no restrictions for distribution
of this Bulletin provided that it remains
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN: SSRT2385 OSIS V5.4 LDAP Module for
System Authentication Potential Security
Vulnerability
REVISION: 0
NOTICE: There are no restrictions for distribution of this
Bulletin provided that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN: SSRT2266 HP Tru64 UNIX IGMP Potential
(DoS) Security
Vulnerability
REVISION: 0
NOTICE: There are no restrictions for distribution of this Bulletin
provided that it remains
Infested Nexus. Infested Nexus AIM: Infested Nexus
Be well!
~Dave
platforms fuzzers are happily picking out stack
overflows in initial handshake messages.
Were you comparing a vendor's internal bug database to various bugzillas
you might have a better case.
Dave Aitel
Immunity, Inc.
On Tue, 26 Nov 2002 19:17:56 +1300 (NZDT)
zen-parse <[EMAIL PROTECTED]&
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-BEGIN PGP SIGNED MESSAGE-
ISS X-Force Security Brief
November 25, 2002
Solaris fs.auto Remote Compromise Vulnerability
Synopsis:
ISS X-Force has discovered a vulnerability in the Sun
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 24024 invoked by alias); 21 Nov 2002 18:36:26 -
Delivered-To: [EMAIL P
So. Yet another way to execute script code in the "My Computer"
Zone.
According to Microsoft (based on the response described in the Andreas
Sandblad advisory [1]), the Sandblad method of executing commands with
parameters employed in the "format C:" attack is not a vulnerability.
Technically, th
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-- Forwarded message --
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 800 invoked from network); 12 Nov 2002 17:04:55 -
Received: from atla-
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
REVISION: 0
TITLE: SSRT2265 HP TruCluster Server Interconnect
Potential Security Vulnerability
NOTICE: There are no restr
have the random seed that crashed it. Then
you can do some more work to manually isolate the exact packet or
sequence that crashes it.
On Tue, 2002-10-22 at 14:25, lion wrote:
> *
> * MS WIN RPC DoS CODE FROM SPIKE v2.7
> *
--
Dave Aitel <[EMAIL PROTECTED]>
Immunity, Inc
signa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
REVISION: 1
SSRT0818U HP Tru64 UNIX V5.1A zlib
Potential Security Vulnerability
NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact.
RELEASE DATE: Oct
Immunity Advisory to the General Public
Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3
Author: Dave Aitel
Date: October 18, 2002
Because the default SPIKE 2.7 run has been able to discover this
vulnerability, and various people have contacted me regarding it, I
offer this
David Mirza Ahmad
Symantec
KeyID: 0x26005712
Fingerprint: 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
REVISION: 0
TITLE: SSRT2339 (ypxfrd) and SSRT2368 (ypserv) HP Tru64 UNIX
Potential Security V
David Mirza Ahmad
Symantec
KeyID: 0x26005712
Fingerprint: 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
REVISION: 0
TITLE: SSRT2208 - HP Tru64 UNIX /usr/sbin/routed Potential
Security Vulnerabilit
David Mirza Ahmad
Symantec
KeyID: 0x26005712
Fingerprint: 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--- Begin Message ---
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution
Original release date: October 08, 2002
Last re
t one case, they succeed.
You can verify all Immunity packages with hashdb
( http://www.immunitysec.com/hashdb.html ). A full changelog
is available at http://www.immunitysec.com/CHANGELOG.txt .
Dave Aitel
Immunity, Inc.
I've run into, gives you
LOCAL/SYSTEM. LOCAL/SYSTEM usually has significant privileges.
Dave Aitel
Immunity, Inc.
"Unchecked buffer in SQL Server 2000 authentication function
(CAN-2002-1123):
Whats the scope of this vulnerability?
This is a buffer overrun vulnerability. By send
I have confirmed this on a fresh Solaris 8/sparc install.
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SunOS 5.8
bin c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
Last login: Wed Oct 2 1
David Ahmad
Symantec
KeyID: 0x26005712
Fingerprint: 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
REVISION: 0
Title: SSRT2371 HP OpenVMS Potential POP server local vulnerability
NOTICE: There are no restri
gainst 192.168.1.100 after setting up PPTP on that
machine. It's a good idea to set up SoftIce as well.
bash$ ./generic_send_tcp 192.168.1.100 1723 ./pptp.spk 0 0
#wait for crash. It's in the second packet, I believe.
Dave Aitel
Immunity, Inc.
References
-
54] (account <[EMAIL PROTECTED]>)
by gator.darkhorse.com (CommuniGate Pro WebUser 3.5.9)
with HTTP id 7910895 for <[EMAIL PROTECTED]>; Fri,
27 Sep 2002 09:42:17 -0700
From: "wirepair" <[EMAIL PROTECTED]>
Subject: Re: Hacking Citrix Faq
To: Dave Ahmad <[EMAI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
SSRT2362 WEBES Service Tools (HP Tru64 UNIX,
HP OpenVMS, Windows) Potential File
Access Vulnerability
REVISION: 0
NOTICE: There are no restricti
That is correct. The flaw appears to be in the extraction
of the domain from the URI string and it can be exploited to fool the SOP
check. The MSIE Zone checks stop attempts to access local file content
and can't be fooled because there is no domain comparison.
The other vulnerability was that
. SPIKE Proxy now includes a crawler, and dcedump now
includes a Unix port of ifids.
A full changelog is available at:
http://www.immunitysec.com/CHANGELOG.txt
There's also a new SPIKE mailing list at:
http://www.immunitysec.com/mailman/listinfo/spike
Dave Aitel
Immunity, Inc.
(P.
I am surprised that nobody has yet commented on this rather serious issue.
It appears that MSIE fails to properly extract the correct domain from the
URI string in the parent window when evaluating it against the child
domain to determine whether access is to be permitted. This seems to be
becau
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
SSRT2310a - HP Tru64 UNIX & HP OpenVMS Potential
== OpenSSL Security Vulnerability
The HP Security Bulletin has been posted to the support
website -
http://thenew.hp.com/country/us/eng/support.html
Use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
SSRT2275 HP Tru64 UNIX - Potential Buffer Overflows
& SSRT2229 Potential Denial of Service
NOTICE: There are no restrictions for distribution of
this Bulletin provided that it remains complete and
1 - 100 of 157 matches
Mail list logo
