Dear Alexandr Polyakov,
AFAIK, SMB NTLM relaying was closed with MS08-068 and Kerberos was never
possible to relay. Are you sure authentication is really possible with
patched windows systems?
--Monday, April 25, 2011, 12:21:57 PM, you wrote to bugtraq@securityfocus.com:
AP> Digital Security
Dear zgm...@mail.ustc.edu.cn,
This is stack overflow (stack memory exhaustion), most probably because
of recursion. This is not buffer overflow (stack overrun).
--Monday, March 21, 2011, 10:11:17 AM, you wrote to bugtraq@securityfocus.com:
zmuec> ==1812== Access not within mapped region at ad
27;hello world');
JS>
JS> Done!
JS> Workaround:
JS> None very intuitive. Maybe allow the user to terminate the script at every
JS> iteration? specific time period? etc...
JS> --
JS> From: "Vladimir '3APA3A&#x
Dear John Smith,
Actually, browser DoS may be quite serious vulnerability, depending on
nature of DoS. Think about e.g. banner or content exchange network,
social networks, web boards, etc where browser vulnerability may be
used against site or page because it will harm any visito
Dear Secunia Research,
SR> The vulnerability is caused by KGet downloading files without the
SR> user's acknowledgment, overwriting existing files of the same name
SR> when displaying a dialog box that allows a user to choose the file to
SR> download out of the options offered by a metalink fil
Dear Protek Research Lab,
I have a deja-vu. http://securityvulns.ru/Odocument175.html Same problem
existed since 2006. With same reaction (total ignorance) from Panda
developers.
--Saturday, October 31, 2009, 5:24:38 PM, you wrote to
bugtraq@securityfocus.com:
PRL>
###
Dear Thierry Zoller,
I think yes, MKDIR is required. It should be variation of
S99-003/MS02-018. fuzzer should be very smart to create directory and
user both oversized buffer and ../ in NLST - it makes path longer than
MAX_PATH with existing directory.
--Monday, August 31, 20
./A*/../A*/../A*/../A*/../A*/../A*/../A*/\r\n
GL> At least on win2k3. Therefore, the workarounds for kb975191 on
GL> microsoft.com are wrong.
GL> Guido Landi
GL> Vladimir '3APA3A' Dubrovin wrote:
>> Dear Thierry Zoller,
>>
>> I think yes, MKDIR
Thierry,
I think inability of antivirus / intrusion detection to catch something
that is not malware/intrusion or malware in the form unused in-the-wild
is not vulnerability. Antivirus (generally) gives no preventive
protection. They can add signatures for your PoCs to their database
Dear Cru3l.b0y,
And this "new bug" was reported 4 years ago by Donnie Werner aka
morning_wood http://securityvulns.ru/Idocument295.html
XAMP latest version is 1.7.1.
trolling?
--Tuesday, June 30, 2009, 7:21:52 PM, you wrote to bugtraq@securityfocus.com:
Cb> Hi Dear,
Cb> I found new bug
Dear Cru3l.b0y,
This vulnerability was reported by the.leo.008_(at)_gmail.com 3 years
ago: http://securityvulns.com/Odocument224.html
--Tuesday, June 30, 2009, 7:20:48 PM, you wrote to bugtraq@securityfocus.com:
Cb> Hi Dear,
Cb> Please publish this bug.
Cb> Thank you
--
Skype: Vladimir.Du
Dear Tom Neaves,
It still can be exploited from Internet even if "remote management" is
only accessible from local network. If you can trick user to visit Web
page, you can place a form on this page which targets to router and
request to router is issued from victim's browser.
--Tuesday
Dear Jim Parkhurst,
It may depend on video card and video drivers and/or amount of
memory/video memory. 9 years ago there was vulnerability in Internet
explorer with displaying scaled image:
http://securityvulns.com/advisories/ie5freeze.asp results
Dear Stefan Kanthak,
As far as I can see, Internet Explorer actually uses flash10b.ocx.
Adobe
Flash Player 10.0 r22
--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
SK> Windows Update (as well as Microsoft Update and the Automatic Update)
SK> installs an outdated (an
Dear Eric C. Lukens,
US-CERT note TA09-051A on this issue beeing exploited in-the-wild was
issued on February, 20.
http://www.us-cert.gov/cas/techalerts/TA09-051A.html
--Wednesday, March 25, 2009, 10:20:40 PM, you wrote to
bugtraq@securityfocus.com:
ECL> I noticed that as well, but suspecte
Dear Steven M. Christey,
--Thursday, March 5, 2009, 9:41:00 PM, you wrote to bugtraq@securityfocus.com:
SMC> Note that a Google search for phrases like "Initialize and script ActiveX
SMC> controls not marked as safe for scripting" with "Enable" will return an
SMC> unsettling number of documents
Dear Ansgar Wiechers,
--Friday, February 27, 2009, 12:15:50 AM, you wrote to
bugtraq@securityfocus.com:
>>
>> Just wonder: how can firewall to protect against XSS/response splitting?
AW> You don't give the bad guys access to your UPS's web interface?
In case of non-persistant XSS, form redi
Dear Digital Security Research Group,
--Thursday, February 26, 2009, 7:40:50 PM, you wrote to
bugtraq@securityfocus.com:
DSRG> Application:APC PowerChute Network Shutdown's Web
Interface
DSRG> Vendor URL: http://www.apc.com/
DSRG> Bug:
Dear jplop...@gmail.com,
Stack exhaustion and stack overflow are 2 names for same thing.
stack _buffer_ overflow aka stack overrun - is different thing.
--Thursday, January 29, 2009, 6:31:05 PM, you wrote to
bugtraq@securityfocus.com:
jgc> According to MS, is stack exhaustion and not overflow
Dear [EMAIL PROTECTED],
According to current practices, it's considered as a security
vulnerability. The fact you must be logged in to device in browser is a
mitigation factor.
To protect routers against attacks like this either generate some kind
of non-predictable session id
Dear [EMAIL PROTECTED],
Idea is not new. Same vulnerabilit was reported for Agnitum Outpost by
Alexander Andrusenko in 2004, http://securityvulns.com/news3687.html
Also, same vulnerabilities were reported and fixed in Sendmail
(CVE-2006-1173).
--Tuesday, December 9, 2008, 1:52:17 AM,
Dear iDefense Labs,
--Thursday, October 30, 2008, 11:24:35 PM, you wrote to
bugtraq@securityfocus.com:
iL> VII. CVE INFORMATION
iL> The Common Vulnerabilities and Exposures (CVE) project has assigned the
iL> name CVE-2008-6432 to this issue. This is a candidate for inclusion in
iL> the CVE l
or Orinoco these settings are
read/write:
http://support.ipmonitor.com/mibs/ORINOCO-MIB/oids.aspx
see e.g. oriDHCPServerPrimaryDNSIPAddress
--Friday, October 10, 2008, 1:24:27 AM, you wrote to [EMAIL PROTECTED]:
lercg> -----"Vladimir '3APA3A' Dubrovin" <[EMAIL PROTEC
Dear ProCheckUp Research,
What can you achieve with script injection you can not achieve with
SNMP write access?
--Thursday, October 9, 2008, 5:02:44 PM, you wrote to bugtraq@securityfocus.com:
PR> $ snmpset -v1 -c public 192.168.1.100 sysName.0 s
'">>alert(1)'
--
~/ZARAZA http://securi
Dear [EMAIL PROTECTED],
--Saturday, October 4, 2008, 11:49:42 PM, you wrote to
bugtraq@securityfocus.com:
clgc> Name : AyeView v2.20 (malformed gif image) DoS Exploit
DoS vulnerability in computer security is blocking legitimate access to
some data or service. What kind of service
Dear Seth Fogie,
In a same way you can plug an USB Ethernet network adapter with
notebook attached. No active sync required at all. This is a question
of physical security.
--Tuesday, September 30, 2008, 6:08:05 PM, you wrote to
bugtraq@securityfocus.com:
SF> White Wolf Labs #08092
Dear [EMAIL PROTECTED],
That's nice, but don't you think admin:admin user can do much better
things by e.g. changing router's firmware?
--Monday, September 8, 2008, 5:35:51 PM, you wrote to bugtraq@securityfocus.com:
zun> curl -u admin:admin
--
~/ZARAZA http://securityvulns.com/
Впрочем,
Dear Ghost hacker,
Old. Was reported by Kacper in 2006
http://securityvulns.ru/Ndocument286.html
--Wednesday, June 25, 2008, 4:17:38 PM, you wrote to bugtraq@securityfocus.com:
Gh> Exploit :
Gh> http:///[Path]/include.php?gorumDir=[EVIL]
--
~/ZARAZA http://securityvulns.com/
Таким
28 matches
Mail list logo
