seen it in the wild? When did it appear?
Alla Bezroutchko
Scanit
http://www.scanit.be/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
1) Summary
Affected software: Microsoft Windows 2003 SP2, Microsoft Windows 2000
SP4 Server
Vendor URL: www.microsoft.com
Severity: Medium
References: Microsoft Security Bulletin MS07-062, CVE-2007-3898
2) Vulnerability Description
Microsoft DNS server generates predictable DNS transaction IDs.
it.
Cheers,
Alla Bezroutchko
Scanit - http://www.scanit.be/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
,
Alla Bezroutchko
Scanit
http://www.scanit.be/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
1) Summary
Affected software: Stalker CommuniGate Pro version 5.1.8 and below
Vendor URL:www.stalker.com
Severity: Medium
2) Vulnerability Description
CommuniGate Pro is a communication server supporting a large number of
protocols. It includes a web mail system. The web mail
--
6/2/2006 - Vendor Reply.
16/3/2006 - Public Disclosure.
--
Contact
--
Alla Bezroutchko [EMAIL PROTECTED]
1-888-565-9428
CISSP GSAE CSFA SSP-MPA
___
Full-Disclosure - We believe in it.
Charter: http
Frank Knobbe wrote:
The proposed fix is -- besides being only specific to this example --
equally flawed. The underlying issue is that you trust user supplied
data. When a user supplies a user name for login purposes, you should
only use that input to perform a search in your database. If a
will keep its stuff in $_SESSION[register][login]
and authentication will keep its stuff in $_SESSION[auth][login]
Regards,
Alla Bezroutchko
Scanit
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html