|
|
Prev week |
Colapse all |
Post message
[ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities 2007-11-28 security mandriva com Re: Gekko <=0.8.2 (temp directory) Path Disclosure 2007-11-28 J. Carlos Nieto (xiam menteslibres org) Hi. You forgot to mention that this happens only when Gekko is not installed under Apache server. The file temp/.htaccess contains the following lines: Order Allow,Deny Deny from all So if you try to get any file under the "temp" directory it will trow you a 403 error. If you are using Apa [ more ] [ reply ] [ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities 2007-11-28 security mandriva com Some Data of POC2007 2007-11-28 poc2007 gmail com POC2007 ended on November 16, 2007 in Seoul, Korea. POC is an international hacking and security conference. POC2007 is the second of POC. The main feature of POC is that most of speakers should show real hacking in the site. You can get the presentations and some stuffs of POC2007 in t [ more ] [ reply ] [ MDKSA-2007:232 ] - Updated kernel packages fix multiple vulnerabilities and bugs 2007-11-28 security mandriva com SYM07-029 Symantec BEWS Multiple DoS in Job Engine 2007-11-28 Secure (secure symantec com) Symantec Security Advisory SYM07-029 http://www.symantec.com/avcenter/security/Content/2007.11.27.html 27 Nov 2007 Symantec Backup Exec for Windows Server: Multiple Denial of Service Issues in Job Engine Revision History None Severity Medium Remote Access Yes Local Access NoAuthenticat [ more ] [ reply ] Gekko <=0.8.2 (temp directory) Path Disclosure 2007-11-28 sys-project hotmail com # Gekko <=0.8.2 (temp directory) Path Disclosure # Download: # http://www.gekkoware.org/ # Bug found by JosS / Jose Luis Góngora Fernández # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecure # d0rk: "Powered by G [ more ] [ reply ] RE: Win2K3 Priv Escalation 2007-11-28 Thor (Hammer of God) (thor hammerofgod com) It's good that he got it running (it's easy enough with physical access), but your friend should probably plan for a rebuild in the near future, or at least a comprehensive audit against the systems. If the ex-admin deleted accounts and changed passwords (which, btw, will land him in jail if the co [ more ] [ reply ] Secunia Research: Symantec Backup Exec Job Engine Denial of Service 2007-11-28 Secunia Research (remove-vuln secunia com) Microsoft FTP Client Multiple Bufferoverflow Vulnerability 2007-11-28 Rajesh Sethumadhavan (rajesh sethumadhavan yahoo com) Re: Win2K3 Priv Escalation 2007-11-28 Justin@ESC (justin escracing com) Thanks for all the replies, he got himself in, and they should be contacting local authorities or at least a lawyer today. It's a manufacturing company and for some reason 2 of the key services were ran under a user acct that once had admin permissions, without the administrative rights it w [ more ] [ reply ] RE: Win2K3 Priv Escalation 2007-11-28 Matt Ausmus (mausmus chapman edu) http://mcpmag.com/columns/article.asp?EditorialsID=1369 ____________________________ Matt Ausmus Network Administrator Chapman University 635 West Palm Street Orange, CA 92868 (714)628-2738 mausmus (at) chapman (dot) edu [email concealed] "You can lead a horse to water, but if you can get him to float on his back, you've [ more ] [ reply ] Win2K3 Priv Escalation 2007-11-27 justin escracing com Alright, i follow bugtraq rather extensively and really never had much to say, but a friend of mind just contacted me earlier with a problem and i can't really think of a simple solution. Anyway, I'm hoping someone can help. Scenario Companies previous net admin was ticked he was getting laid off [ more ] [ reply ] [SECURITY] [DSA 1415-1] New tk8.4 packages fix arbitrary code execution 2007-11-27 Moritz Muehlenhoff (jmm debian org) PHPSlideShow XSS Update 2007-11-27 morin josh gmail com Vendor Site: http://www.zinkwazi.com/wp/scripts/ Version affected: 0.9.9.2 URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photo s BID ref: 26576 By Jose Luis Góngora Fernández PHPSlideShow is also susceptible the following inputs: 1.http://www.yoursite.com/scripts/demo/ [ more ] [ reply ] [SECURITY] [DSA 1416-1] New tk8.3 packages fix arbitrary code execution 2007-11-27 Moritz Muehlenhoff (jmm debian org) Liferay Enterprise Portal multiple XSS 2007-11-27 morin josh gmail com Vendor Site: Liferay.net Version affected: Liferay Enterprise Portal 4.3.1 Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password Class: Input Validation Error Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send [ more ] [ reply ] PHPkit 1.6.1 (include.php?path=) Remote File Inclusion 2007-11-27 sys-project hotmail com # PHPkit 1.6.1 (include.php?path=) Remote File Inclusion # Download: # http://www.webmasternet.de/ # Bug found by Jose Luis Góngora Fernández / JosS! # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecure # d0rk: "P [ more ] [ reply ] CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor 2007-11-27 Core Security Technologies Advisories (advisories coresecurity com) Re: Creating Backdoors in Cisco IOS using Tcl 2007-11-27 michael cleverly com A quick comment on the TclShell source code (v0.1) included in http://www.irmplc.com/content/pdfs/Creating_Backdoors_in_Cisco_IOS_using _Tcl.pdf The echo procedure fails to close the client socket on EOF. This will cause the readable fileevent to trigger repeatedly consuming CPU and never freeing [ more ] [ reply ] Re: [Full-disclosure] Creating Backdoors in Cisco IOS using Tcl 2007-11-27 Nicolas FISCHBACH (nicolist securite org) IRM Research wrote: > Tcl (Tool Command Language) is a scripting language used extensively in > embedded systems, which is easy to use and has some powerful features. > The language has been supported by Cisco IOS for some time now and is > used, for example, in IOS IVR configuration as well as for [ more ] [ reply ] Announce: RFIDIOt release RFIDIOt-0.1r, November 2007 2007-11-27 Adam Laurie (adam algroup co uk) Folks, I'm please to bring you the latest update to RFIDIOt, the open source python library for RFID exploration... This release is brought to you courtesy of United Airlines, who bumped me from my flight thereby condemning me to 8 hours in the largest, shiniest, emptiest and most soul-destroyi [ more ] [ reply ] National Computer and Information Security Conferences ACIS 2008 - COLOMBIA 2007-11-27 Jeimy Cano (jjcano yahoo com) http://www.acis.org.co/index.php?id=1068 - Call for Papers- National Computer and Information Security Conferences ACIS 2008 Bogotá, D.C - COLOMBIA Luis Angel Arango Library June 18, 19 and 20/2008 The Eighth National Computer and Information Security Conference ACIS 2008 (NCIS 2008) as a Colo [ more ] [ reply ] [security bulletin] HPSBUX02251 SSRT071449 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning 2007-11-27 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01123426 Version: 3 HPSBUX02251 SSRT071449 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Rel [ more ] [ reply ] [USN-547-1] PCRE vulnerabilities 2007-11-27 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-547-1 November 27, 2007 pcre3 vulnerabilities CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 ===================================================== [ more ] [ reply ] OWASP Israel Conference 2007, Dec 3rd 2007 2007-11-27 Ofer Shezaf (ofer shezaf com) I am proud to announce the program for OWASP Israel 2007 conference to be held on Dec 3rd 2007 at the Interdisciplinary Center (IDC) Herzliya in participation with the ICD's Efi Arazi Computer Science School. The conference is free and open for everyone. You are also most welcomed to send this invi [ more ] [ reply ] Ruby/Gnome2 0.16.0 Format String Vulnerability 2007-11-27 chris rohlf gmail com RubyGnome2 0.16.0 Format String Vulnerability In Gtk::MessageDialog http://em386.blogspot.com Ruby Gnome2 is a project to provide GTK2 bindings to ruby scripts so you can write GUI code in less time. There is a format string vulnerability in Gtk::MessageDialog(). This design flaw does not allo [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:233
http://www.mandriva.com/security/
____________________________________________________________________
[ more ] [ reply ]