apache mod_proxy brief analysis-vulnerability warning-the black bar safety net

These days to be continuous training for 5 days, in the afternoon at the venue quickly stuffy dead. Okay see modproxy vulnerability announcement, just download the apache code and looked, and spent long listening to people crap time. Generally the process is as follows: First look at the...

[Full-disclosure] CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability

CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability BACKGROUND: =========== BlueSkychat is a professional voice and video chat software widely used by large chat websites in china. DESCRIPTION: ============ Code Audit Labs Code Audit for BlueSkyCat ActiveX Control and discovered ...

SOL7009 - Statement on ACL bypass using trailing NULL byte - MNIN/NNL Advisory

A January 2007 security advisory describes several security issues present in some versions of FirePass software. One section in the document, titled ACL Filter bypass with URL de-normalization, states that Portal Access ACL filters can be bypassed if a user appends a trailing NULL byte after the...

[Full-disclosure] gnupg diff available

Hi! I did a gnupg audit recently. I was, frankly, appalled by the code quality. It is a desert of pointer manipulation, string copying, memcpy and strcpy are used all over the place, and sprintf, too. You can find my diff at http://dl.fefe.de/gnupg.dif Please note that a I might have missed...

[CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0

X.Org Security Advisory, March 20th 2006 Local privilege escalation in X.Org server 1.0.0 and later; X11R6.9.0 and X11R7.0 CVE-ID: CVE-2006-0745 Overview: During the analysis of results from the Coverity code review of X.Org, we discovered a flaw in the server that allows local users to execute...

nCipher Advisory #14: Presence of flaws in firmware security

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nCipher Security Advisory No. 14 Presence of flaws in firmware security -------------------------------------- Note ==== nCipher is publishing three advisories numbered 12, 13 and 14 simultaneously. You are advised to review all three before taking an...

lha buffer overflow(s) again

i posted it yesterday to [email protected] but mailbox is disabled for that recipient :-/ Date: Sat, 15 May 2004 00:24:09 +0200 CEST From: Lukasz Wojtow [email protected] To: [email protected] Subject: LHA buffer overflow not the last one already fixed it seems that lha is quite poorly written...

PGPsdk Key Validity Vulnerability

http://www.pgp.com/support/product-advisories/pgpsdk.asp A vulnerability in PGP's display of key validity has been discovered that could allow an attacker to fool users into thinking that a valid signature was created by what is actually an invalid user ID. If the attacker can obtain a signature ...

RFP2101.txt

-----/ RFP2101 /-------------------------------/ rfp.labs / wiretrip/---- RFPlutonium to fuel your PHP-Nuke SQL hacking user logins in PHP-Nuke web portal ------------------------------------/ rain forest puppy / [email protected] Table of contents: -/ 1 / Standard advisory information -/ 2 / High...

Redhat Linux 6.x remote root exploit

Hi, Included below is an exploit for the recently exposed linux rpc.statd format string vulnerability0. I have tailored it towards current Redhat Linux 6.x installations. It can easily be incorporated into attacks against the other vulnerable Linux distributions. I am not a security expert, but...