On 4/3/07, Stefan Kelm [EMAIL PROTECTED] wrote:
Has anyone actually checked what this patch does? Who are ZERT and
ISOTF respectively (About ISOTF at http://www.isotf.org/?page_value=0
says a lot...)?
...or is this an April Fool's joke?
The patch is 100% real and it is effective. I've seen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
List Readers:
I've posted a new blog entry on SecuriTeam regarding the Internet
Explorer VML issue:
http://blogs.securiteam.com/index.php/archives/624
It details mitigation steps you can take to prevent or mitigate the
exploitation of this
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
My apologies to those who are receiving this late or are otherwise
inconvenienced by the staggered release. I had unexpected, last-minute
travel issues that interfered somewhat with today's release.
Of note since the initial drafting of the
- Windows XP
- Windows Server 2003
Risk: Medium
Impact: Potential remote code execution with some user interaction
Status: Uncoordinated Release
Author: Matthew Murphy ([EMAIL PROTECTED])
II. VULNERABILITY OVERVIEW
Microsoft Internet Explorer suffers from a vulnerability in its
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
With all the misinformation and theorizing going around, I figured the
community might be interested in some... you know, accurate information.
It's really refreshing, sometimes.
So, SecuriTeam blogs has posted an interview with Ilfak Guilfanov
Multiple Vulnerabilities in mod_gzip Debugging Routines
I. Synopsis
Affected Systems: mod_gzip 1.3.26.1a and prior
Risk:
* Development: High
* Production: Minimal
Developer URL: http://www.sourceforge.net/projects/mod-gzip
Status: Vendor is not supporting project at this time.
II.
There are multiple buffer overflow bugs in pServ that could lead to a remote
(root?) compromise of public servers running the daemon:
ABSTRACT
Pico Server (pServ) is a freeware web server available at
pserv.sourceforge.net running on many POSIX compliant platforms. The
package contains several
ABSTRACT
Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft
Foundation Classes (MFC). It runs on Windows 95, 98, NT, 2000, Me, and XP
platforms. It was first published as a sample application in Microsoft
Journal (MSJ). Multiple security flaws have been identified in
Advisory: Moby NetSuite POST Denial of Service Vulnerability
Moby NetSuite is an HTTP/SMTP package designed for simplicity. It supports
CGI, including POST form submissions. A vulnerability in the POST handler
could lead to denial of service against the server.
When faced with a POST request,
BadBlue is a P2P/Web server offered for Microsoft Windows operating systems
by Working Resources. It has a bad security record -- file disclosure,
remote administration, denials of service, buffer overflows, directory
traversals, and more cross-site scripting flaws than I care to count. We
can
Product Information
acFreeProxy (aka acfp) is an HTTP/1.x proxy for Microsoft Windows
environments. It offers caching, and several other features, and has a
plug-in format designed for extensibility. A flaw in the product may allow
attackers to execute content across domains.
Description
The
acFTP is an open-source FTP daemon for Windows platforms
(http://www.sourceforge.net/projects/acftp) that offers more functionality
than many proprietary servers (including the MS FTP service). The
authentication code of acFTP contains a flaw -- specifically, the server
treats users as logged in
phpNuke Module Vulnerabilities Enable Identity Theft
Systems Affected: phpNuke 6.5b1 and prior (all operating systems)
Risk: High
Impact: Identity Theft/Impersonation/Privilege Elevation
Scenario: Cross-site scripting flaws enabling cookie theft
Description
phpNuke is a popular, and very
There are three different places in the directory index of LiteServe where
unsanitized user input is returned to the browser. The first is yet another
wildcard DNS vulnerability, the second centers around query strings.
Write-Up: http://www.techie.hopto.org/vulns/2002-37.txt
* DNS Wildcard XSS
Lycos offers several advanced web applications through a service called
HTMLGear. Among the services offered are guestbooks. A vulnerability
exists in the Lycos guestbook that could enable someone to launch an attack
against visitors whose browsers supported inline CSS (IE, for example).
By
Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is
quite basic, but offers good CGI support. A vulnerability in Null HTTPd may
allow cross-site scripting via a 404 page:
http://localhost/a?x=SCRIPTalert(document.URL)/SCRIPT
You have to place this in the query string so
FactoSystem CMS Contains Multiple Vulnerabilities
Impact: Multiple vulnerabilities -- all allowing manipulation of the backend
database
Risk: High
Class: Input Validation Error
Affected System: IIS 4.0 or later with ASP enabled and FactoSystem CMS
installed
Description
Multiple SQL injection
phpReactor has recently been updated to eliminate several known cross-site
scripting vulnerabilities. Among these changes was to reduce the tags
allowed in posts, profiles, etc. down to B, I, and FONT. However, using the
STYLE attribute, one can still defeat this:
b
OmniHTTPd's Test.shtml sample is also vulnerable to a similar issue:
http://localhost/test.shtml?%3CSCRIPT%3Ealert(document.URL)%3C%2FSCRIPT%3E=x
Will pop up an alert containing the above URL. Of course, this has other
uses (cookie theft, faking sources, etc.)
I've discovered another vulnerability in one of the OmniHTTPd sample apps.
This time, the culprit is /cgi-bin/redir.exe. This app is vulnerable to a
newline injection issue. The vulnerability occurs because the URL query
parameter (case sensitive) is decoded and placed directly into the
Security Advisory: Multiple Vulnerabilities in CafeLog Weblog Package
Additional Details: http://www.murphy.101main.net/vulns/2002-26.txt
Issue: Multiple vulnerabilities -- the most serious could allow malicious
users to execute commands against a web server running the vulnerable
package.
From Developer:
Falcon Web Server is running under Windows NT/2000/XP as well as Windows
95/98. It supports ISAPI and WinCGI, and it is a fully functional web
server which is capable of running a small / medium scale website of about
50-80 hits per minute. The real advantage of Falcon Web
Affected Systems
--
The vulnerability was discovered on Xitami 2.5b5 for Win32,
so this may (not) be a Win32-specific issue. No data has been
collected on other versions, so such a determination would be
purely speculation and therefore not helpful to those running
potentially
Advisory: Working Resources BadBlue Multiple Vulnerabilities
Issue: Three vulnerabilities; a denial of service, an insecurity in password
storage, and a file disclosure vulnerability that could allow viewing of the
password file.
Risk: Critical
SecurityFocus: Working Resources BadBlue Invalid
I have been working on a piece of test code for the MFC
buffer overflow reported in BID 5188. The code has now
been completed.
The exploit is simply a DoS exploit that will overwrite heap
data in a vulnerable ISAPI with 0x41 characters ('A').
The overwritten data contains pointers accessed by
Recently, I reported on a vulnerability in the Urlcount.cgi script of
Lil'HTTP Server (Summit Computer Networks). This time, another
CGI (pbcgi.cgi) has been found vulnerable to cross-site scripting.
Some versions of this CGI will take the form input you POST/GET
to it, and break it into
I have produced an exploit, based on Thor's advisory about
the OBJECT Cross-Domain scripting attack, that allows users
to read some types of files (e.g, INI, BAT, ...) that aren't
normally readable through most vulnerabilities.
The exploit is available at:
ALERT: Working Resources BadBlue #2
Vendor Notified: July 8, 2002
Working Resources have been informed of a
pair of denial of service conditions in
the BadBlue PWS.
The first vulnerability lies in the way a
GET request is handled. A specially
crafted GET request can crash the target
server.
ALERT: Lil'HTTP Server (Summit Computer Networks)
Vendor Notified: June 26
I have informed Summit of a flaw in its Lil'HTTP
Server. The vulnerability lies in the REPORT
functionality of urlcount.cgi.
The flaw may allow malicious webmasters to
script actions across domains.
Users can protect
I have notified iMatix via [EMAIL PROTECTED] of multiple
flaws in the GSL templates of Xitami 2.5 Beta. The e-mail
was sent out today, so I will release technical details later
on, but I did want to release a workaround:
In defaults.cfg, users can set use-error-script in the [Server]
section to
vqServer is a Windows web server written in Java. It is an innovative
product, with support internally for Servlets, and external support for many
kinds of CGI, (EXE, Perl, ...)
However, some of the examples shipped in a default configuration of
vqServer contain multiple cross-site
Lil' HTTP Server is a Windows HTTP server that supports several features in
a relatively compact application. It is vulnerable to a classic (stupid)
attack:
http://[target]/../../windows/win.ini
This link will read WIN.INI on Windows 95/98/Me, and with a slight
modification (winnt instead of
The Flaw
OBJECT elements are used for embedded OLE in HTML documents. A flaw in
the way Microsoft Internet Explorer processes this directive allows a page
that causes a loop in object dependancy, or loads itself in a certain manner
in an OBJECT, to completely crash Internet Explorer.
The
33 matches
Mail list logo