-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files
with multiple extensions in JSBoard
Revision 1.0
Date Published: 2004-12-15 (KST)
Last Update: 2004-12-15
Disclosed by SSR Team ([EMAIL PROTECTED])
Summary
JSBoard is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files
with multiple extensions in phpBB Attachment Mod
Revision 1.0
Date Published: 2004-12-15 (KST)
Last Update: 2004-12-15
Disclosed by SSR Team ([EMAIL PROTECTED])
Summary
===
Product:Gadu-Gadu, build 155 and older
Vendor: SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
Impact: Script execution in local zone,
Remote DoS
Severity: High
Authors:Blazej Miga <[EMAIL PROTECTED]>,
Jaroslaw Sajko <[EMAIL PROTECTED
Hello, all!
On one of our IIS servers (W2K fully patched, IIS Lockdown tool is
installed) I have found in WWW root directory a file named KIT.GED and
having size 834552 bytes.
This is a RAR-packed self-executable containing these files:
01.03.2004 18:16 10240 caclsENG.exe
18.01.20
Greetings Paul and Stephen and List...
Paul thanks for clearing that up. SuSE 9.0 Pro (at least the way two
boxes I take care of are set up) have
/proc/net/igmp
/proc/net/mcfilter
but 'mcfilter' is empty.
No local users other than myself... At least that I can tell... :)
TîMöTH¥ Hª££
>>>
On Wed, Dec 15, 2004 at 01:31:30PM +0100, Paul Starzetz ([EMAIL PROTECTED])
wrote:
> I don't think this is practicable, since the bugs reside in deep kernel
> functions. You can not fix it just by disabling a particular syscall. You
> have patch a running kernel binary, maybe someone comes up wi
Why can't the MS be given an IP connection through a NAT with a
private IP class? (removing the specific attack vector described as
the range could be made much larger). Obviously this is less
preferential for financial transactions as one would desire to know
more about the endpoint, however it co
Paul Starzetz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Synopsis: Linux kernel scm_send local DoS
Product: Linux kernel
Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9
Vendor:http://www.kernel.org/
URL: http://isec.pl/vulnerabilities/isec-0019-scm.tx
I've posted the final versions of a few simple, free shell scripts that i've
been working on to make data hygiene more convenient on *nix systems. Thanks
to list members who helped test them and contributed improvements.
Download them at http://basicsec.org/tools.html The file is called
Linux
