CVE-2001-1519

CVE-2001-1519 affects Windows 2000 RunAs (runas.exe). Multiple sources describe a local-privilege issue where, if the RunAs service is stopped, a local attacker can create a spoofed named pipe and potentially capture cleartext usernames and passwords when clients connect. The Red Hat and CVE/CVE-...

mozilla security update

CentOS Errata and Security Advisory CESA-2005:386 Updated mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup...

Important: Red Hat Security Advisory: Mozilla security update

Updated mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Vladimir V...

Important: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Vladimir V. Perepelitsa discovered a bug in the way Firefox handles...

Javascript "lambda" replace exposes memory contents — Mozilla

A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to a server without user interaction or knowledge...

mozilla -- javascript "lambda" replace exposes memory contents

A Mozilla Foundation Security Advisory reports: A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to...

HTTP auth prompt tab spoofing — Mozilla

The HTTP authentication prompt appears above the currently open tab regardless of which tab triggered it. A spoofer who could get a user to open a high value target in another tab might be able to capture the user's ID and password. HTTP auth dialogs are visually distinct from the web form logins...

CVE-2004-2383

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain...

Low: Red Hat Security Advisory: tcpdump security update

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP parsing. Tcpdump is a command-line tool for monitoring network traffic. Tcpdump v3.8.1 and earlier versions contained multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially...

Microsoft Internet Explorer 56 - Cross-Domain Event Leakage

Microsoft Internet Explorer 56 - Cross-Domain Event Leakage source: https://www.securityfocus.com/bid/9761/info Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains. This issue could permit framesets in different domains to lea...

YAK! 2.1.0 still vulnerable

YAK! 2.1.0 still vulnerable =========================== for file transfer yak uses ftp mode. Yak! listens on port 3535 for file transfer in ftp mode. vulnerability in the previous version was, they were using constant username and pass combination for ftp login. 2.1.0 version seems to overcome th...

DEBIAN-CVE-2003-0489

tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute...

CVE-2003-0489

CVE-2003-0489 applies to tcptraceroute 1.4 and earlier, where the program’s privilege-dropping after obtaining a file descriptor for raw packet capture is incomplete. Several connected sources document that a local attacker could potentially access the capture descriptor via a separate vulnerabil...

DSA-330 tcptraceroute - failure to drop root privileges

Bulletin has no description...

Win32: Postmessage API security flaw

Hello, I would like to bring to your notice a certain vulnerability that has existed in Win 9x platforms for many years and now in Win2k/XP. Most of us our familiar with password revealers and password stealing trojans. Though flaws in Windows Messaging API have been show before this one relates ...

DEBIAN-CVE-2002-1976

ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKETMRPROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap...

MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-

My first post, please bare with me. -/-About.-/- I found this problem auditing a webserver, it’s a standard bufferoverflow i guess, but i am not sure how to find all the technical information but if anyone knows what to do i would like to know, if some one have the time to send a brief mail or...

Re: хэндшейк ICQ

Hello, 3APA3A! Если не сложно, кинь advisory на [email protected]. Можно вместе с программой, положу на www.security.nnov.ru. See attach. Адвайз писать смысла нет, ибо тезис про "шифрование" в аське касается всех версий протокола, его использовавших. Насколько я знаю, в 7 версии эту фигню...

PT-2001-2604 · Microsoft · Windows 2000

Name of the Vulnerable Software and Affected Versions: Windows 2000 Description: The issue allows local users to create a spoofed named pipe when the RunAs service is stopped, then capture cleartext usernames and passwords when clients connect to the service. The vendor disputes this issue, sayin...

CVE-2001-0435

The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate...