Excel XP xml stylesheet problems

Georgi Guninski security advisory 55, 2002 Excel XP xml stylesheet problems Systems affected: Excel XP Risk: Low user interaction required Date: 24 May 2002 Legal Notice: This Advisory is Copyright c 2002 Georgi Guninski. You may distribute it unmodified. You may not modify it and distribute it o...

FreeBSD k5su problems

Wheel group membership is not checked fo k5su...

Security holes : D-Book, CBook, IcrediBB

Product 1 : D-Book http://www.smartbb.net Versions : 1.4 and less ? Problems : - XSS - Admin access Exploits : - img=javascript:alert27hum27 - Cookie "logged,anyvalue" on admin.php More details in french : http://www.ifrance.com/kitetoua/tuto/D-Book.txt translated by Google :...

More Office XP problems (Version 2.0)

Georgi Guninski security advisory 53 Version 2.0, 2002 More Office XP problems Systems affected: Office XP Risk: High Date: 31 March 2002 Updated: 3 April 2002 check corrections, 3 is added Legal Notice: This Advisory is Copyright c 2002 Georgi Guninski. You may distribute it unmodified. You may...

Linux kernel d_path problems

On long path a part of path is returned instead of error code...

SunSolve CD cgi scripts...

Sun never responded to this mail so I guess they don't consider the bug too be serious ... could be worth mentioning though. ----- Forwarded message from Fyodor [email protected] ----- Date: Sat, 16 Jun 2001 23:24:45 +0700 From: Fyodor [email protected] To: [email protected] Subject:...

mod_php update fixes security problems

A new modphp PHP4 package is available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Sat Mar 2 22:45:25 PST 2002 patches/packages/modphp.tgz: Upgraded to PHP 4.1.2. This fixes several security problems in the POST handling code use...

Remote crashes in Yahoo messenger

All versions of Yahoo messenger version 5. Listens on port 5101 on client machine. obviously to offload server traffic for IMs problems: for all of the problems listed below, the traffic is sent to the yahoo messenger opened port, 5101 1. One can crash yahoo messenger by overflowing the message...

Four More ScriptEase MiniWeb Server v0.95 DoS Attacks

The following are four more Server Denial of Service Attacks against ScriptEase MiniWeb Server 0.95. These attacks do not make the server point to an invalid memory address like the previous post. I believe the first two attacks I describe are internal server problems due to either coding errors ...

Проблемы ptrace() в OpenBSD/NetBSD (privelege escalation)

С помощью ptrace можно изменить последовательность выполнения suid-приложения...

Много дырок в ssh (ssh1, ssh2, openssh)

Проблемы с перезаписью памяти, проблемы с обменом ключей, позволяющие перехватить сеансовый ключ...

RADIUS protocol and implementation weakness

There are few cryptographic problems allow to analize sniffed traffic. There is a possibility of request spoofing. Some implementation problems allow to DoS server or to elevate priveges...

OpenSSH & S/Key information leakage

FIRST: Neither of these information leakage issues is a security bug in itself. Both S/Key and OpenSSH are secure even with this issue. However, this information leakage may assist a hostile attacker. General S/Key Information Leakage: As is commonly known, the S/Key and OPIE one-time password...

Проблемы в скриптах начальной загрузки Red Hat (symbolic link)

Небезопасная работа с временными файлами в скрипте setserial...

Ошибки форматной строки в screen (format string)

Ошибка форматной строки при работе с TERMCAP И другие проблемы...

Проблемы с mana в OpenServer (privelege escalation)

No description provided...

Groupwise Webaccess, NetWare web server, and Novell

No idea if this is what the Groupwise Padlock http://www.novell.com/padlock thing is about, since Novell is not only vague in the issues, but never acknowledged Adept's findings. - Simple Nomad - "No rest for the Wicca'd" - - [email protected] - - - [email protected] - www.nmrc.org...

groupwise.disclosure.txt

No idea if this is what the Groupwise Padlock http://www.novell.com/padlock thing is about, since Novell is not only vague in the issues, but never acknowledged Adept's findings. - Simple Nomad - "No rest for the Wicca'd" - - [email protected] - - - [email protected] - www.nmrc.org...

Проблемы с шифрованием в qmail (weak encryption)

Не инициализируется генератор псевдо-случайных чисел...

ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS

=== Alliance Security Labs === === ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS === Advisory ID: ASLabs-2001-01 Vendor: eEye http://www.eEye.com Product: SecureIIS http://www.eeye.com/html/Products/SecureIIS/index.html Versions: v1.0.2 latest available - probably relevant for 1.0....