7104 matches found
Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior
Vulnerable Products: Outpost Firewall Pro ver. 3.51.759.6511 462 And Lavasoft Personal Firewall ver. 1.0.543.5722 433 Summary of problem: The firewall runs its windows under a SYSTEM context. A user with lower privileges than SYSTEM could locate the open folder control on some of these windows,...
[slackware-security] Apache httpd redux
New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and glibc that breaks wildcards in Include directives. It may not occur with all versions of glibc, but it has been verified on -current using an Include within a file...
[Full-disclosure] Fun with DHTML
How bugs can you find in your browser? The recent IE issues only scratched the service of the DHTML/behavior bugs. The HTML/JS page below can be used to find all sorts of bugs in different browsers. I stopped caring about these after the first three invalid derefences...
[SA18846] Libapreq2 Unspecified Vulnerability
TITLE: Libapreq2 Unspecified Vulnerability SECUNIA ADVISORY ID: SA18846 VERIFY ADVISORY: http://secunia.com/advisories/18846/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: Libapreq2 2.x http://secunia.com/product/8138/ DESCRIPTION: A vulnerability has been reported in Libapreq2...
Authentication flaw
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are not...
CVE-2006-0724
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are not...
A springboard for attack and Defense-bug warning-the black bar safety net
Hackers in the attack will borrow from other systems to their own purposes, such as for the next target of the attack and occupied the computer itself use, and so on. This article describes the common hacker to the usurped computer use and Security Administrator to the appropriate response method...
Double-clicking a link can run a program from the Internet
Links in Web pages only require a single click. When a userdouble-clicks on a Web link, that action is taken as twoseparate clicks: One to follow the link, and the other toany dialog that might appear where the link was.A specially crafted page can place the link so that the"Open" button in the...
Fedora Core 3 : perl-5.8.5-22.FC3 (2005-1145)
o Updated upstream fix for sprintf integer overflow vulnerabilities CVE-2005-3962 and CVE-2005-3912, including new Sys::Syslog 0.08 o Updated fix for bug 136009 / MakeMaker LDRUNPATH issue: restore previous default Red Hat behavior of removing the MakeMaker generated LDRUNPATH setting from the li...
Kadu remote DoS
Hi. Kadu is a Gadu-Gadu instant messaging open source client. By sending message with richtext ,image basic informations and nothing else to speciffic UIN thru Gadu-Gadu server Kadu is stopping to respond or is shutting down immidietly. Behavior depends on version 0.4.2 In most cases Kadu freezes...
FreeBSD : squid -- confusing results on empty acl declarations (a30e5e44-5440-11d9-9e1e-c296ac722cb3)
Applying an empty ACL list results in unexpected behavior : anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src '/path/to/emptyfile.txt' httpaccess allow something somewhere gets parsed wit...
Standalone applications can run arbitrary code through the browser — Mozilla
Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...
Microsoft Outlook Express 4.x5.x6.0 - Attachment Processing File Extension Obfuscation
Microsoft Outlook Express 4.x5.x6.0 - Attachment Processing File Extension Obfuscation source: https://www.securityfocus.com/bid/13837/info Microsoft Outlook Express is prone to an attachment file extension obfuscation vulnerability that may present a risk under certain configurations. The issue...
squid -- confusing results on empty acl declarations
Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src "/path/to/emptyfile.txt" httpaccess allow something somewhere gets parsed with...
Unchecked returns from kernel_read() in linux-2.6.10-rc2 kernel
Greetings, Fortify Software engineering team has looked at linux-2.6.10-rc2 and performed static analysis of the code. We have discovered several instances of the same potential vulnerability in the kernel code. Below we provide a more detailed description of the issues. 1. We have found several...
VulnCheck KEV: CVE-2004-0839
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup...
Cyrus IMAPd -- APPEND command uses undefined programming construct
To support MULTIAPPENDS the cmdappend handler uses the global stage array. This array is one of the things that gets destructed when the fatal function is triggered. When the Cyrus IMAP code adds new entries to this array this is done with the help of the postfix increment operator in combination...
CAN-2004-0814: Linux terminal layer races
Linux 2.6.9 fixes a set of race conditions in the Linux terminal subsystem which are believed to go back to 2.2 kernels if not earlier. The race shows up problematically in two places. Firstly a user can cause crashes and other undefined behaviour by issuing a TIOCSETLD ioctl on a terminal...
RKDetect - behaviour based rootkit detection utility
Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender. Tool very simply. It enumerates services on remote computer through WMI user level and Services Control Manager kernel level, compare result and display difference. In this...
MS Internet Explorer Overly Trusted Location Cache Exploit
No description provided by source. html body bfont size="5"Overly Trusted Location Variant Method Cache Vulnerability/font/b brbr a href="refresh" onclick="setTimeout'document.execCommand'Refresh'',1000;"font size=4 color=redGO!/font/abr +br This vulnerability seems to be unstable. For some...