similar to: FYI: Possible information disclosure in cfingerd.

Displaying 20 results from an estimated 120 matches similar to: "FYI: Possible information disclosure in cfingerd."

1998 Aug 07
4
SMB printing server problem... HELP ME !!!
-------------- next part -------------- Hello everybody!!! First of all I must say that I'm not an English speaker, so this text may sound a little extrange. I apollogize..... Well, I'm having problems with the SMB printing system. I have spent a lot of time (nearly 15 hours and a houndred of configurations) in it but I could not use it as a printing server. System Configuration: One
2012 Dec 03
0
Uncontrolled disclosure of advisories XSA-26 to XSA-32
We just sent the message below to the security advisory predisclosure list, relating to the release of XSA-26 to XSA-32. As you will see, these have now been publicly released. We''ll have a proper conversation about this in a week or two. Thanks for your attention, Ian. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We regret to announce that a member of the predisclosure list
2013 Feb 06
0
Response to France Telecom disclosure
Hi, For those who heard of the recent France Telecom IPR disclosure against Opus, here's our response: https://hacks.mozilla.org/2013/02/defending-opus/ Cheers, Jean-Marc
2003 Sep 16
0
two potentially troubling posts to full-disclosure
I haven't seen anything about this here and thought I should pass it along. christopher neitzert <chris at neitzert.com> made two postings to the full-disclosure list earlier today. They stated, in part: ***** Does anyone know of or have source related to a new, and unpublished ssh exploit? An ISP I work with has filtered all SSH connections due to several root level incidents
2020 Jul 18
2
[Bug 3196] New: [Information Disclosure] OpenSSH_7.4p1 Raspbian-10+deb9u7 discloses OS version
https://bugzilla.mindrot.org/show_bug.cgi?id=3196 Bug ID: 3196 Summary: [Information Disclosure] OpenSSH_7.4p1 Raspbian-10+deb9u7 discloses OS version Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Other Status: NEW Severity: security Priority: P5
2018 Jun 11
0
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
Asterisk Project Security Advisory - AST-2018-008 Product Asterisk Summary PJSIP endpoint presence disclosure when using ACL Nature of Advisory Unauthorized data disclosure Susceptibility Remote Unauthenticated Sessions Severity Minor
2003 Sep 17
0
Fwd: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
More patch-o-rama :-( ---Mike >From: Michal Zalewski <lcamtuf@dione.ids.pl> >To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>, > <full-disclosure@netsys.com> >X-Nmymbofr: Nir Orb Buk >Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) >[CAN-2003-0694] >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere:
2003 Sep 15
1
Fwd: Re: [Full-Disclosure] new ssh exploit?
Has anyone around here heard of this ? ---Mike >Subject: Re: [Full-Disclosure] new ssh exploit? >From: christopher neitzert <chris@neitzert.com> >Reply-To: chris@neitzert.com >To: full-disclosure@lists.netsys.com >X-Mailer: Ximian Evolution 1.4.3.99 >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere: full-disclosure@lists.netsys.com
2006 Aug 10
0
DHH''s Post on Ruby Talk -- Rails 1.1.6: Stronger fix, backports, and full disclosure
The cat is out of the bag, so here''s the full disclosure edition of the current security vulnerability. With Rails 1.1.0 through 1.1.5 (minus the short-lived 1.1.3), you can trigger the evaluation of Ruby code through the URL because of a bug in the routing code of Rails. This means that you can essentially take down a Rails process by starting something like /script/profiler, as the code
2009 Jan 22
0
Unintended key info disclosure via ForwardAgent?
It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for
2005 Jul 07
1
[Fwd: [Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow]
Has Centos been tested for this yet? -------- Original Message -------- Subject: [Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow Date: Wed, 06 Jul 2005 16:23:20 +0200 From: Thierry Carrez <koon at gentoo.org> Organization: Gentoo Linux To: gentoo-announce at lists.gentoo.org CC: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com, security-alerts at
2012 Aug 01
5
[Full-disclosure] nvidia linux binary driver priv escalation exploit
Hi all! I found this today on FD: http://seclists.org/fulldisclosure/2012/Aug/4
2006 Aug 10
4
Rails 1.1.6: Stronger fix, backports, and full disclosure
The cat is out of the bag, so here''s the full disclosure edition of the current security vulnerability. With Rails 1.1.0 through 1.1.5 (minus the short-lived 1.1.3), you can trigger the evaluation of Ruby code through the URL because of a bug in the routing code of Rails. This means that you can essentially take down a Rails process by starting something like /script/profiler, as the code
2007 May 04
1
ASA-2007-013: IAX2 users can cause unauthorized data disclosure
> Asterisk Project Security Advisory - ASA-2007-013 > > +----------------------------------------------------------------------------------+ > | Product | Asterisk | > |----------------------+-----------------------------------------------------------| > | Summary | IAX2
2007 May 04
1
ASA-2007-013: IAX2 users can cause unauthorized data disclosure
> Asterisk Project Security Advisory - ASA-2007-013 > > +----------------------------------------------------------------------------------+ > | Product | Asterisk | > |----------------------+-----------------------------------------------------------| > | Summary | IAX2
2002 Sep 06
3
error starting client-server protocol (code 5)
I'm running FreeBSD 4.6.2 on two different machines. Both machines have rync installed by way of the ports library, but one of them is running it as a server. I followed the directions in the man pages for running the server using inetd. Here is what happens: rsync rsync://myusername@10.0.0.8/ rsync: server sent "rysnc version 2.5.5 protocol version 26" rather than
2005 Apr 21
6
Information disclosure?
Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the
2016 Mar 02
2
problem restoring ssl and vlc
greeting. a short while ago, i may have gone to a site i should not have. maybe. after visiting, i decided i would check for rpm updates. when yumex opened to available packages, it showed that; openssl.x86_64 0:1.0.1e-42.el6_7.4 was available, so i checked it, then clicked install button. during log display, i got error message, tried again. still got error. seems that there is a
2002 Mar 09
1
smbd and login scripts
Hello I've two strange problems: - smbd I've attached you my smb.conf, inetd.conf and my log file. Sometimes smbd and nmbd run and somtimes only nmbd run (I check it with ps -ax). But I have access over my shares (I test it with my Win95 machine). Also in my log file there're some error messages (I don't now from where the came). - login scripts My scripts won't run but if
2005 Jun 02
1
Re: Reboots -- everything's a file
From: Rodrigo Barbosa <rodrigob at suespammers.org> > Actually, there is another neat trick for rpm based systems. > You see, rpm, prior to removing anything, will rename that to ${NAME}.OLD. > So, libc.so.6 becomes libc.so.6.OLD, and then removed. > As we all know, if that library is currently open by any running process, > it won't be imediately removed (even tho you