1791 matches found
PHP Security Advisory - Apache Module bugs
Problems ========= 1 PHP supports a configuration mechanism that allows users to configure PHP directives on a per-directory basis. Under Apache, this is usually done using .htaccess files. Due to a bug in the Apache module version of PHP, remote 'malicious users' might be able to create a specia...
BFTPd - vsprintf() Format Strings
BFTPd - vsprintf Format Strings / Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt the...
Explanation Authentix Input Validation Error
Hi there, Yesterday I posted an advisory concerning a bug in Authentix that would allow users to bypass authentification. When I contacted the vendor about this they were very responsive and after some emails going here and there we agreed to postpone the bugtraq-posting for two weeks and give th...
Security issue with Compaq Easy Access Keyboard software
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Compaq's Easy Access Keyboard software version 1.3 contains a bug which could allow a privilege escalation on the local machine or domain. I have confirmed the bug running the Easy Access Keyboard software on Windows 2000 Professional SP1, but I suspe...
boa.server.txt
ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt Release: Public S 2 1 S E C http://www.s21sec.com...
Vulnerability in BOA web server v0.94.8.2
ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt Release: Public S 2 1 S E C http://www.s21sec.com...
Format strings: bug #1: BSD-lpr
Hi, INTRO ----- Welcome to a short series of security bugs, all involving mistakes with "user supplied format strings". This class of bug is very popular on Bugtraq at the moment, so what an ideal time for a few examples. BSD-lpr ------- If we look into lpr/lpd/printjob.c, we can find the followi...
Microsoft refuses to fix a security bug in Windows 2000
Microsoft refuses to fix a security bug in Windows 2000 Eugene Kalinin Medical Informatics Laboratory Moscow, Russia Aug 16, 2000 Yesterday Microsoft refused to fix a security problem in Windows 2000 RPC service. The bug in RPC service allows an attacker to put a Windows 2000 server out of servic...
Kerberos security vulnerability in SSH-1.2.27
I am writing to report a security bug in SSH 1.2.27. SOFTWARE AFFECTED: SSH 1.2.27 with Kerberos authentication support compiled in i.e. "configure --with-kerberos5". I have contacted SSH Communicators Security http://www.ssh.com about this, and they have just released ssh-1.2.28, which fixes thi...
Linux news 3.07.00
WU-FTPD 2.6.1 Вышла новая версия популярного FTP сервера WU-FTPD - WU-FTPD 2.6.1. В данной версии появилась поддержка virtual passwd/virtual shadow как в BeroFTPD. Кроме того пофиксен серьезный security баг, благодаря которому пользователь мог получить права root-а. Также пофиксен баг с возможной...
glftpd.privpath.txt
Glftpd 1.18 till 1.21b8 current beta have a serious problem with the privpath directives.... It will probably be fixed in the comming 1.21b9 but i have included a quick fix in this one to prevent exploits of this bug. Thanx for Hoopy for the quick fix glftpd dev team. Problem: When you know the...
smartftp.txt
I found a bug in the SmartFTP-D Server which will give an attacker full access to the server, if he has the right to write files on the server. For every user, the program is checking if a special Userfile exists Sample: Username=hacker & Userfile=hacker.FTPUser. If it exists, the configuration,...
SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
I found a bug in the SmartFTP-D Server which will give an attacker full access to the server, if he has the right to write files on the server. For every user, the program is checking if a special Userfile exists Sample: Username=hacker & Userfile=hacker.FTPUser. If it exists, the configuration,...
Security Bug in Jana HTTP Server
Hello Bugtraqers, I found a directory travelling bug again, this time in JANA HTTP Server software available as freeware from http://www.jana-server.ocm.de . Here is a copy of the mail I sended to the author. eAX -------------------------------------------- Hello Thomas, I got your proxy/perver...
Security bug in Apache project: Jakarta Tomcat
The Apache project: Jakarta Tomcat contains a serius security bug. Tomcat is used together with the Apache web server to serve Java Server Pages and Java servlets. Summary from the Tomcat development team advisory is posted below: Advisory: Delivered with Tomcat is an example jsp/source.jsp that...
zeus.null.txt
This morning Zeus Technology Limited was informed of a serious security bug in the Zeus Webserver by 'The Relay Group' http://relaygroup.com. This document describes the scope of the problem and its solution. Versions affected ----------------- Zeus 3.1.x / 3.3.x Severity -------- High- this bug...
omnis.txt
I'm not sure of the complete extent of applications written in Omnis, but from what I understand, it's a multi-platform Rapid Application Development environment. Essentially, from what I understand having no personal experience with the product, you create one program in Omnis, and it's portable...
glibc_exploit.txt
Subject: Linux glibc 2.1.x / wu-ftpd =2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x To: [email protected] First of all, something less or more personal - sorry to all [email protected] people for this post. I'm really angry, as this stuff become well-known without my knowledge... so, only a...
openbsdreadv.txt
Date: Mon, 27 Jul 1998 12:26:36 +0100 BST From: [email protected] To: [email protected] X-Send-Pr-Version: 3.97 Subject: kernel/549: Any user can panic OpenBSD machine Sender: [email protected] Number: 549 Category: kernel Synopsis: readv with -ve block size panics kernel Confidential: yes...
dpec-course-passwds.txt
Date: Fri, 15 Jan 1999 21:45:24 -0700 From: Joel Knight To: [email protected] Subject: DPEC Online Courseware DPEC's www.dpec.com Online Courseware has a nasty bug in it that allows anyone to change anyone elses password without knowing what their current password is. This is NOT limited to...