BugTraq Mode:
(Page 1059 of 1748)  < Prev  1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064  Next >
[SECURITY] [DSA 1180-1] New bomberclone packages fix several vulnerabilities 2006-09-19
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1180-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 19th, 2006

[ more ]  [ reply ]
Innovate Portal v2.0 Index.PHP Xss Vuln. 2006-09-19
meto5757 hotmail com
Xss Founded in Innovate Portal Index.php

venedor : http://www.innovate-board.de

Example :

http://www.example.com/[path]/index.php?content=[xss]

----------------

Discoverd by meto5757

[ more ]  [ reply ]
White paper release: Bypassing network access control (NAC) systems 2006-09-19
Ofir Arkin (ofir sys-security com)
Dear all,

I am pleased to announce the availability of a new white paper
"Bypassing network access control (NAC) systems".
The paper discusses weaknesses and ways to bypass existing NAC
solutions.

From the abstract:
The threat of viruses, worms, information theft and lack of control
of the

[ more ]  [ reply ]
Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability 2006-09-19
idontthinkso example com
I fail to see how this affects PunBB. The first thing PunBB does after receiving an uploaded avatar is:

move_uploaded_file($uploaded_file['tmp_name'], $pun_config['o_avatars_dir'].'/'.$id.'.tmp')

After that, $uploaded_file['tmp_name'] isn't used anymore. Am I missing something here or what?

[ more ]  [ reply ]
Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit 2006-09-19
saudi unix hotmail com
#====================================================================

#Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit

#====================================================================

#

#Critical Level : Dangerous

#

#By Saudi Hackrz

#

#http://www.doodlebabies.com/

#

#======

[ more ]  [ reply ]
PT News 1.7.8 (Search.php) XSS Vulnerability 2006-09-18
Snake Apollyon Yahoo com
PT News 1.7.8 (Search.php) XSS Vulnerability

-----------------------------------------------------------

PT News

Version: 1.7.8

Website URL:http://www.openbg.net/ptsite/

-----------------------------------------------------------

Discoved by Snake

[Unkn0wn Security Researcher]

The original

[ more ]  [ reply ]
[ECHO_ADV_47$2006] WAP Y! Messenger Cross-Site Scripting Vulnerability 2006-09-17
erdc echo or id
ECHO_ADV_47$2006

------------------------------------------------------------------------
------

[ECHO_ADV_47$2006] WAP Y! Messenger Cross-Site Scripting Vulnerability

------------------------------------------------------------------------
------

Author : Dedi Dwianto

Date Found : Sep, 14th

[ more ]  [ reply ]
NextAge Cart Cross-Site Scripting multiple Vulnerabilities 2006-09-15
meto5757 hotmail com
Vulnerable:NextAge Cart Cross-Site Scripting Vulnerability.

Venedor site : http://www.nextagecart.com

Critical Level : Dangerous

Exploiting this issue could allow an attacker to steal cookie-based

authentication credentials and to launch other attacks.

Exploit :

http://www.example.com/[pat

[ more ]  [ reply ]
Site@School 2.4.02 and below Multiple remote Command Execution Vulnerabilities 2006-09-15
simo64 morx org
# Title: Site@School 2.4.02 and below Multiple remote Command Execution Vulnerabilities

# Vendor: Site@School

# webiste : http://siteatschool.sourceforge.net/

# Version : <= 2.4.02

# Severity: Critical

# Discovered by: Simo64 <simo64_at_morx_org>

# Exploit writting by: Simo Ben youssef <sim

[ more ]  [ reply ]
Yet another 0day for IE 2006-09-19
Gadi Evron (ge linuxbox org)
Sunbelt Software released a warning on a new IE 0day they detected
in-the-wild, to quote them:
"The exploit uses a bug in VML in Internet Explorer to overflow a buffer
and inject shellcode. It is currently on and off again at a number of
sites.
Security researchers at Microsoft have been informed

[ more ]  [ reply ]
eSyndiCat Portal System XSS Vuln. 2006-09-19
meto5757 hotmail com
eSyndiCat Portal System has an xss bug in search.php

can be exploited from web interface

http://www.example.com/[path]/search.php?what=[xss]&search_top.x=0&searc
h_top.y=0&search_top=GO

--------------------

Discovered by meto5757

Rootshell Security Group

[ more ]  [ reply ]
[USN-349-1] gzip vulnerabilities 2006-09-19
Martin Pitt (martin pitt canonical com)
===========================================================
Ubuntu Security Notice USN-349-1 September 19, 2006
gzip vulnerabilities
CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337,
CVE-2006-4338
===========================================================

A security issue affect

[ more ]  [ reply ]
[RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature? 2006-09-18
rfdslabs rfdslabs com br
*** rfdslabs security advisory ***

Title: OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature? [RLSA_02-2006]

Versions: OSU/3.11alhpa, OSU/3.10a (probably others)

Vendor: David Jones, Ohio State University

(http://www.ecr6.ohio-state.edu/www/doc/serverinfo

[ more ]  [ reply ]
Apple Remote Desktop root vulneravility 2006-09-18
fribitch organic com
Background:

ARD allows unix commands to be remotely sent from an admin workstation. These commands can be run as root, because the ard administrator can be given sudo access. This exploit involves sending a unix command as root to install a package that was copied to /tmp/. In this case, the app is

[ more ]  [ reply ]
New PowerPoint 0-day Trojan in the wild 2006-09-19
Juha-Matti Laurio (juha-matti laurio netti fi)
New zero-day vulnerability in Microsoft PowerPoint has been disclosed.

This vulnerability is being exploited by Trojan horse Trojan.PPDropper.E.
This dropper type file reportedly works in all Windows systems,
but the vulnerability itself has been confirmed in PowerPoint 2000 Chinese version.
Possib

[ more ]  [ reply ]
[ GLSA 200609-12 ] Mailman: Multiple vulnerabilities 2006-09-19
Sune Kloppenborg Jeppesen (jaervosz gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
[SECURITY] [DSA 1179-1] New alsaplayer packages fix denial of service 2006-09-19
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1179-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 19th, 2006

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-06:21.gzip 2006-09-19
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-06:21.gzip Security Advisory
The FreeBSD Project

Topic: Mu

[ more ]  [ reply ]
[ MDKSA-2006:165 ] - Updated mailman packages fix multiple vulnerabilities 2006-09-19
security mandriva com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:165
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]
[Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability 2006-09-16
botan linuxmail org
------------------------------------------------------------------------
---------

* Kurdish Security Advisory

* Author : Botan

* Script : Artmedic Links

* Site : http://www.artmedic.de

* Version : 5.0

* Risk : High

* Class : Remote

* Contact : botan (at) linuxmail (dot) org [email concealed] and irc.gigachat.net #kurd

[ more ]  [ reply ]
[SECURITY] [DSA 1178-1] New freetype packages fix execution of arbitrary code 2006-09-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1178-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
September 16th, 2006

[ more ]  [ reply ]
HP-UX X.25 Denial of Service Vulnerability 2006-09-17
oktayonur superposta com
TITLE:

HP-UX X.25 Denial of Service Vulnerability

CRITICAL:

Not critical

IMPACT:

DoS

WHERE:

Local system

DESCRIPTION:

A vulnerability has been reported in HP-UX, which can be exploited by

malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused du

[ more ]  [ reply ]
ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability 2006-09-17
ajannhwt hotmail com
Vulnerability Report

************************************************************************
*******

# Title : ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability

# Author : ajann

# Script Page : http://www.keyvan1.com

# Exploit;

*******************************************

[ more ]  [ reply ]
PHP-Post Multiple Input Validation Vulnerabilities 2006-09-16
security soqor net
Hello,,

PHP-Post Multiple Input Validation Vulnerabilities

Discovered By : HACKERS PAL

Copy rights : HACKERS PAL

Website : http://www.soqor.net

Email Address : security (at) soqor (dot) net [email concealed]

variables over write,,

this php script is injected with variables over write bug

try to make a new vari

[ more ]  [ reply ]
PHPQuiz Multiple Remote Vulnerabilites 2006-09-16
simo64 morx org
######################################################

#

# Title: PHPQuiz <= v.1.2 Remote SQL injection/Code Execution Exploit

# Vendor : PHPQuiz

# webiste : http://www.phpquiz.com

# Version : <= v.1.2

# Severity: Critical

# Author: Simo64 / simo64_at_morx_org

# MorX Security Reseach Team

[ more ]  [ reply ]
Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability 2006-09-17
ajannhwt hotmail com
Vulnerability Report

************************************************************************
*******

# Title : Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability

# Author : ajann

# Script Page : http://www.t-dreams.com

# Exploit;

[ more ]  [ reply ]
NixieAffiliate all version bypass admin and xss 2006-09-16
ali hackerz ir
NixieAffiliate all version

vendor : idevspot.com

By : s3rv3r_hack3r

www: hackerz.ir & h4ckerz.com

Bypass for delete any aff ID :>>

www.domain.com/NixieAffiliate/delete.php?id=1

Xss :>>

www.domain.com/NixieAffiliate/forms/lostpassword.php?error=[xss]

[ more ]  [ reply ]
Symantec Security Advisory: Symantec AntiVirus Corporate Edition 2006-09-18
secure symantec com


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Symantec AntiVirus and Symantec Client Security Elevation of Privilege

September 13, 2006

Overview

An elevation of privilege vulnerability in Symantec Client Security and

Symantec AntiVirus Corporate Edition could potentially allow a local

[ more ]  [ reply ]
AzzCoder => PNphpBB (Latest) Remote File Include 2006-09-18
azzcoder hotmail com
Vendor: http://www.pnphpbb.com/

Vulnerable File: includes/functions_admin.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );

Method To Use:

http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpb

[ more ]  [ reply ]
(Page 1059 of 1748)  < Prev  1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus