lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <199096299.20030904093646@kryptocrew.de>
From: momolly at kryptocrew.de (Redaktion-Kryptocrew)
Subject: [Update]: Code executing in  RAV's virus encyclopedia fixed

Vulnerability:     Code executing in  RAV's virus encyclopedia
Found:             30 Aug 2003
Vendor:            RAVantivirus
Vendor notified:   03 Sept 2003
Vendor response:   no
Public release:    04 Sept 2003



A further crazy leak:
RAV's virus encyclopedia gives attackers possibilities to inject even
harmful scripts, too.
RAVantivirus overlooked this fault in their virus Information websites.



[Example]:
http://www.ravantivirus.com/virus/by-keyword.php?k=Sobig<br><br><b>if%20you%20recieve%20a%20error%20above%20you%20must</b><br><h3><a%20href=http://www.kryptocrew.de/badfile.exe>download%20this%20removal%20tool!%20NOW!!!</a><br>testing%20your%20saftey...%20%20test


[Update]:
RAV fixed


Thanks to:
Donnie Werner (exploitlabs.com), Roland Brecht (kryptocrew.de) & Alexander Mueller
(ec-security.com)


Regards
G.P

--
======================================================================

G.P.
Online-Redaktion
                  
===============================

Kryptocrew                                 http://www.kryptocrew.de
.: your security advisor team :.           mailto:momolly@...ptocrew.de

======================================================================


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ