Securities 썸네일형 리스트형 Multiple vulnerabilities in libnemesi 0.6.4-rc1 ####################################################################### Luigi Auriemma Application: libnemesi http://live.polito.it/documentation/libnemesi Versions: 더보기 Multiple vulnerabilities in Feng 0.1.15 ####################################################################### Luigi Auriemma Application: Feng http://live.polito.it/documentation/feng Versions: in_buffer, " %31s %u %s %s %u\n%255s ", ver, &stat, trash, trash, &seq, msg); ... ---------------------------------------------------- B] second buffer-overflow in RTSP_valid_response_msg ---------------------------------------------------- A.. 더보기 Latest round of web hacking incidents for 2007 & Project news The last month was very active in the web application security field and at the Web Hacking Incidents Database Project we have collected numerous new incidents, listed below. It is very evident that both the rate of incidents as well the amount of information about each one is on the rise. We have also started adding more classifications to each incident. In addition to the attack method we now .. 더보기 Buffer-overflow in Extended Module Player 2.5.1 ####################################################################### Luigi Auriemma Application: Extended Module Player (XMP) http://xmp.sourceforge.net Versions: 263) return -1; fseek(f, -4, SEEK_CUR); fread(buf, ilen, 1, f); /* instrument header */ ... The same problem is located in decrunch_oxm() which naturally is not so important in this case since test_oxm() is called before it. -------.. 더보기 PHP -> set_time_limit when safe_mode = on, set_time_limit is "off", then we can use ini_set("max_execution_time", 90000000); suppose the server is vulnerable PHP injection, then an attacker make a backdoor in PHP and register it in SCM of windows with win32service extension. the backdoor need wait for connections, if safe_mode = on, then it can use ini_set("max_execution_time", quantity) instead set_time_limit(0), be.. 더보기 [SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities Debian Security Advisory DSA-1437-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Moritz Muehlenhoff December 26, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cupsys Vulnerability : several Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5849 CVE-2007-6358 Several loca.. 더보기 Bugtraq: America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution AOL instant messenger인 AIM6.0, 6.5, 그이상의 버전에서 크로스사이트 리모트 excution이 발생한다. America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution Dec 21 2007 11:15PM evanchik gmail com Sorry for the brief post but Im still able to bypass filters that aol has put in place. So again with frustration I come to FD to imply pressure on a company to patch correct. From reading feedback from A.. 더보기 Bugtraq: Word 2003 denial of service word 2003에서 DoS 가 가능하다는 bugtraq 특정조건하에서 파일을 만들면, 오류를 일으킨다고 한다. 새로운 워드파일을 만들고, A로 채운 'wordart'를 만든다. 그런후에 문자 A를 헥사에디터로 열고, 000014E0에서 00002A80까지 덮어씌운다. Word 2003 denial of service Dec 21 2007 10:13PM jplopezy gmail com Apparently, the word causes a fault when we create a malformed file in the following way. It creates a new file word and he inserts a "wordart" which completely stuffed with letter.. 더보기 Bugtraq: HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access 2007-12-22 HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access Dec 21 2007 10:12PM security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01311918 Version: 1 HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, G.. 더보기 Bugtraq: [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability Dec 21 2007 07:26PM Williams, James K (James Williams ca com) Title: [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability CA Vuln ID (CAID): 35970 CA Advisory Date: 2007-12-19 Reported By: Ingres Corporation Impact: Attacker can gain elevated privileges. Summary: A potential vulnerability exists in the I.. 더보기 Bugtraq: Buffer-overflow in WinUAE 1.4.4 Buffer-overflow in WinUAE 1.4.4 Dec 21 2007 07:00PM Luigi Auriemma (aluigi autistici org) WinUAE 1.4.4 버전의 버퍼오버플로우. 이 프로그램은 윈도우용 Amiga emulator로 꽤 유명한 프로그램. Luigi Auriemma는 이 프로그램이 보안버그를 찾아냈다고 한다. 윈도우용 WinUAE는 다양한 압축된 플로피디스크 이미지를 제공한다는데, Gzip의 경우 내부함수인 zfile_gunzip을 호출해 핸들링되는데, 이 함수는 스택 버퍼가 1000(MAX_DPATH)바이트를 가진다. 파일의 이름을 버퍼로 옮기는 과정에서 길이를 체크하지 않아서, 이를 이용해 버퍼오버플로우를 일으켜, exploit 을 만들수 있다. #######.. 더보기 Bugtraq: Cryptome: NSA has real-time access to Hushmail servers NSA가 Hushmail 서버에 실시간 접속을 한다는 내용의 포스트. 현재 2개의 replies 가 달렸다. 이메일 호스팅 서비스하는 곳이 NSA에 의해 좌지우지된다는 정보. NSA에 의해 컨트롤된다고 리포트된 서비스들은 캐나다의 Hushmail http://www.hushmail.com 미국의 Guardster http://www.guardster.com 이스라엘의 SAFe-mail.net http://www.safe-mail.net 현재 답글에서는 뚜렷한 증거없이(not facts) 포스팅을 하였다고 답변들을 달았다. 아직은 확실치 않는모양.(Hammder of God, Jim isatools org) Cryptome: NSA has real-time access to Hushmail servers .. 더보기 이전 1 2 다음
