search for: vulnerabilites

Over the last several day, we''ve been getting pretty regular scans from a non-existant host on our port 7. Any idea what they are looking for/what are some of vulnerabilites with echo? Thanks Coral Cook

Hi, FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct in presuming it will soon? https://rhn.redhat.com/errata/RHSA-2006-0604.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694 cheers, -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 AusCERT - Australia's national

Hi all, I am trying to find out how to disable rquotad and pop (port 443) for rquotad /etc/sysconfig/nfs has it quoted out but yet it is running? How do I disable it? also what about pop? Jerry

...ably fairly well known, I found it by accident while reading about the 0xFF command sperator in older version of bash shell. The newer phf cgi that comes with some versions of picasso and rembrant have been patched for the obvious 0x0A newline escape, but can still be escaped using 0xFF. It takes vulnerabilites in both phf and bash for it to work. I have tested this very successfully on many linux machines. I would imagine that most people are aware of the 0x0A escape and so when they test it on their own box they think they are safe from phf exploitation. The syntax for the exploit is almost identical...

yes unless you use the version as of :> 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) check it out with uname -a if it does not say -p1 it affects you. My guess, you are affected :) cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van:

Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This

...er, I had the impression that you were marking it only because it > was listed in the VuXML document. Sure. Severity is subjective, and I'm not in the position to decide what is considered severe enough to advise people to not use it. The security team are the people who should judge which vulnerabilites are severe enough to issue a warning, not the users. That is what they are there for. Users can ignore advisories if they decide to do so. FORBIDDEN is black-and-white, like an entry in the VuXML database is. FORBIDDEN means: do not install this port, or you are on your own. What is the meaning of...

On Thu, Jan 13, 2000 at 17:34:10, Andre Lucas wrote: > Subject: /dev/urandom > On Thu, Jan 13, 2000 at 09:24:01AM -0700, SysProg - Nathan Paul Simons wrote: > > On Thu, 13 Jan 2000, Ben Taylor wrote: > > > > > On Thu, 13 Jan 2000, Max Shaposhnikov wrote: > > > > why ssh1.27 doesn't requre /dev/urandom on solaris? > > > > i think the

...r: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal X-moderate: yes Over the last several day, we've been getting pretty regular scans from a non-existant host on our port 7. Any idea what they are looking for/what are some of vulnerabilites with echo? Thanks Coral Cook