roundUP.txt

Vickenty Fesunov 2004-05-27 04:51 random filesystem access Roundup uses /home/@@file/ prefix to get static files from the filesystem. It does not restrict in any way the files that are handled. I have a roundup tracker home at /home/kent/cit, then I do the following: kent@kent:$ nc localhost 8080...

DSA-506 neon - buffer overflow

Bulletin has no description...

SUN jdk crossite scripting

jdk undocumented static variable may allow data exchange between sites...

ActivCard password cache memory leakage

In December of the 2002 I was analysing the ActivCard product for a client. During the analysis I noticed that making a memory dump of the process "scardsrv" was possible to obtain the users stored staticaly in the card. This issue at first, could seem smaller, although in depth already it has a...

[LSD] Technical analysis of the remote sendmail vulnerability

Hello, We have done some brief analysis of the potential remote Sendmail vulnerability that has been reported lately. Below you can read about our findings with regard to this isse. We reserve the right not to be correct in whatever we write below. This is mainly due to the fact that we did not...

solaris 9 sparc rcp

hallo, freshly installed solaris 9 sparc. one more suid segfault: bash-2.05$ uname -a SunOS solaris9 5.9 Generic sun4u sparc SUNW,Ultra-510 bash-2.05$ ls -l /usr/sbin/static/rcp -r-sr-xr-x 1 root bin 787700 Apr 6 16:58 /usr/sbin/static/rcp bash-2.05$ /usr/sbin/static/rcp perl -e 'print "A" x 1000...

CVE-2002-0258

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs...

CVE-2002-0258

Merak Mail IceWarp Web Mail uses a static user session ID that does not change across sessions. This could allow remote attackers who obtain the session ID to elevate privileges as the targeted user (e.g., via IDs exposed in answers or forward URLs). Affected product: Merak Mail IceWarp Web Mail....

Security Issue in Icewarp

Icewarp is one the world's most used web mail software. It's another product of Merak Mail developers. There is an seccurity issue in Icewarp. It's like this: When you create a new user , icewarp gives him a static number. If this user does not logout after checking his inbox you can access his...

Caldera Systems security advisory: libcurses, atcronsh, rtpm

Caldera Systems, Inc. Security Advisory Subject: curses library, rtpm, atcronsh Advisory number: CSSA-2001-SCO.1 Issue date: 2001 June, 22 Cross reference: 1. Problem Description A buffer overrun vulnerability has been found in the curses library. A malicious user could attack a setuid,gid comman...

CVE-1999-0764

NetBSD allows ARP packets to overwrite static ARP entries...

CVE-1999-0764

NetBSD ARP handling allows ARP packets to overwrite static ARP entries. This can affect ownership of IP-to-MAC mappings, with partial integrity and availability impact as per NVD metrics. The exact affected NetBSD versions, vulnerable code path, exploit details, and official remediation are not p...

netbsd.arp.table.txt

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 1999-010 ================================= Topic: ARP table vulnerability Version: NetBSD-1.3 Severity: Denial of service or traffic hijacking from local network cable is possible Abstract ======== The implementation of ARP packet...

ms-proxy2.0-attack.txt

MSProxy 2.0 can be used to attack hosts on internal network Microsoft's Proxy server 2.0 can be used as a "gateway" to attack local networks from the outside, bypassing the proxy, even if IP forwarding is not enabled. MS Proxy has a bug that causes information whose origin is from an outside...

CVE-1999-0764

NetBSD allows ARP packets to overwrite static ARP entries...