- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Full path disclosure in webcalendar

Author : Rusydi Hasan M
a.k.a : cR45H3R
Location : Indonesia, Cilacap
Date : March,28th 2006
Version : 1.1.0-CVS

--- (software description)

WebCalendar is a PHP application used to maintain a
calendar for one or more persons and for a variety of purp

[ more ]  [ reply ]

Tõnu Samuel wrote:
>
> Nice! I was really nervous already as I got bombed with e-mails and I
> really did not knew much more than was discovered. Meanwhile I am bit
> disappointed that we had nearly month such a bug in wild and software
> distributors like SuSE in my case did not published patch

[ more ]  [ reply ]

[+]PhxContacts
[+]website of software:http://www.phoetux.net/
[+]founded by Morocco Security Team
[+]special 10x to:all friends ww.lezr.com & www.cim-team.org
[+]xss
[+]http://[target]/login.php?m=[xss]
[+]SQL
[+]http://[target]/carnet.php?view_cat=&all_lines=true&motclef=[sql]
[+]http://[target]ca

[ more ]  [ reply ]

My phpBB is 2.06, however, when I implement the script to test the vulnerability of my site, there is no result coming out, is that means that my website is OK?

Besides, what do we need to change of the value of these serizable string in order to make it work?

What is the difference between "a:1:{

[ more ]  [ reply ]

C|Net Exclusive Headline News: http://tinyurl.com/l5wbf

CastleCops, a globally oriented security and privacy site, and Sunbelt
Software, a leading provider of Windows security software, announced today
a new anti-phishing task force designed to help consumers and businesses
combat the unending s

[ more ]  [ reply ]

New eVuln Advisory:
Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection
http://evuln.com/vulns/105/summary.html

--------------------Summary----------------
eVuln ID: EV0105
CVE: CVE-2006-1328
Software: Skull-Splitter's PHP Downloadcounter for Wallpapers
Sowtware's Web Site: http://www

[ more ]  [ reply ]

New eVuln Advisory:
Skull-Splitter's PHP Guestbook XSS Vulnerability
http://evuln.com/vulns/104/summary.html

--------------------Summary----------------
eVuln ID: EV0104
CVE: CVE-2006-1256
Software: Skull-Splitter's PHP Guestbook
Sowtware's Web Site: http://www.boysen.be/
Versions: 2.6 2.7
Critical

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Enova hardware encryption: False sense of security

Classification:
===============
Level: Informational
ID: HEXVIEW*2006*03*28*1
URL: http://www.hexview.com/docs/20060328-1.txt

Overview:
=========
Enova Technology is a manufacturer of the X-Wall ASIC

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[xfocus-SD-060329]MPlayer: Multiple integer overflows

MPlayer is a media player capable of handling multiple multimedia file
formats.

XFOCUS team (http://www.xfocus.org/) had discovered
Multiple integer overflows .Those can lead to a heap-based

[ more ]  [ reply ]

http://www.example.com/include.php?path=login/login.php&error=<script>al
ert(document.Cookie)</script>

Discovered by BadNet !!!!

[ more ]  [ reply ]

Internet Explorer 6 on XP SP2 portuguese seems not vulnerable to code execution, that´s what I conclude after several tests on 4 machines. the vulnerability exists, but it causes IE to crash after some time and Windows alerts about low virtual memory. some times while IE was frozen and windows alert

[ more ]  [ reply ]

Hi everybody!

I want to tell that pretty nasty bug was discovered in PHP (all tested
versions were vulnerable). I do not want to disclose much details as it may
hurt many websites. I expect PHP team to make patch first.

There is simple way to protect yourself against this bug if you put some cod

[ more ]  [ reply ]

Hello,

just to stop this:

The bug is a binary safety issue in html_entity_decode. A function that
is not usually used on user input, because user input is usually not
expected in HTML format and then decoded. Even if the function is used
on user input it can only leak memory to a potential attacke

[ more ]  [ reply ]

All bug was fixed in 0.1.9.1b
http://www.phpstats.net

[ more ]  [ reply ]

>So, in other words, all you need in order to get root access is a
>rootkit, your shell script, and root access? Ummm... I don't get it.

I was also confused by this. However, one guess is that by
compromising an unprivileged account and creating command aliases to
run trojaned su and sudo program

[ more ]  [ reply ]

March 27, 2006

Determina Fix for CVE-2006-1359
(Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution)

Overview & Instructions On Downloading The Free Determina Shield For
CVE-2006-1359

Based on the same technology used in the VPS LiveShield product, Determina
has engineere

[ more ]  [ reply ]

Quick Summary:
************************************************************************

Product : Movilnet's Web SMS.
Version : In-production versions.
Vendor : Movilnet - http://www.movilnet.com.ve/
Class : Remote
Criticality : High
Operating System(s) : N/A.

Synopsis
***************************

[ more ]  [ reply ]

"The web hacking incident database (WHID) is a Web Application Security Consortium project
dedicated to maintaining a list of web applications related security incidents. The goal
is to serve as a tool for raising awareness of the web application security problem and
provide the information for stat

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

the correct URL for the full advisory should be
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.2

7.html

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)

iQA/AwUBRCl0MpIF/uvuJQrOEQJJkACg1cuOuGWn7e90QLgkmjwA

[ more ]  [ reply ]

ArabPortal 2.0 Stable .. The Best Arbian Portal & Forums System

* The Bug Is XSS *

[code]
online.php?&title=D3vil-0x1</title><XSS>CODE</XSS>
download.php?action=byuser&userid=1&title=D3vil-0x1</title><XSS>CODE</XS
S>
[/code]

[center]
^^ Secumod 0.1 Anti-XSS & SQL Injection ^^
[ Get It For Free !!

[ more ]  [ reply ]

======================================================================

Secunia Research 28/03/2006

- Blazix Web Server JSP Source Code Disclosure Vulnerability -

======================================================================
Table of Contents

Affected Software..

[ more ]  [ reply ]