|
|
Prev week |
Colapse all |
Post message
Internet Communication Manager Denial Of Service Attack 2007-07-05 NGSSoftware Insight Security Research (mark ngssoftware com) SAP Internet Graphics Server XSS and Heap Overflow 2007-07-05 NGSSoftware Insight Security Research (mark ngssoftware com) ======= Summary ======= Name: SAP Internet Graphics Server XSS and Heap Overflow Release Date: 5 July 2007 Reference: NGS00487 Discover: Mark Litchfield <mark (at) ngssoftware (dot) com [email concealed]> Vendor: SAP Vendor Reference: SECRES-288 Systems Affected: Risk: Medium Status: Fixed ======== TimeLine ======== Discovere [ more ] [ reply ] SAP Message Server Heap Overflow 2007-07-05 NGSSoftware Insight Security Research (mark ngssoftware com) ======= Summary ======= Name: SAP Message Server Heap Overflow Release Date: 5 July 2007 Reference: NGS00485 Discover: Mark Litchfield <mark (at) ngssoftware (dot) com [email concealed]> Vendor: SAP Vendor Reference: SECRES-292 Systems Affected: All Versions Risk: Critical Status: Fixed ======== TimeLine ======== Discovered: [ more ] [ reply ] EnjoySAP, SAP GUI for Windows - Stack Overflow 2007-07-05 NGSSoftware Insight Security Research (mark ngssoftware com) ======= Summary ======= Name: EnjoySAP, SAP GUI for Windows - Stack Overflow Release Date: 5 July 2007 Reference: NGS00483 Discover: Mark Litchfield <mark (at) ngssoftware (dot) com [email concealed]> Vendor: SAP Vendor Reference: SECRES-289 Systems Affected: All Versions Risk: High Status: Fixed ======== TimeLine ======== Di [ more ] [ reply ] [NETRAGARD SECURITY ADVISORY][Maia Mailguard 1.0.2 Arbitrary Code Execution][NETRAGARD-20070628] 2007-07-05 Netragard Security Advisories (advisories netragard com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 *************************** NETRAGARD ADVISORY ************************ http://www.netragard.com "We make IT Safe" [Advisory Summary] - ----------------------------------------------------------------------- Advisory Author : Adriel T. Desau [ more ] [ reply ] Redirection Vulnerability in wp-pass.php, WordPress 2.2.1 2007-07-05 Nick S. Coblentz (ncoblentz securityps com) The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely t [ more ] [ reply ] Re: Serious holes affecting JFFNMS 2007-07-05 not themoment thanks Per the following comments... "Finally, the auth.php PHP script also includes the following code: if (($jffnms_version=="0.0.0") && ($_SERVER["REMOTE_ADDR"]=="128.30.52.13")) { which could be considered a backdoor althought it does not appear to be exploitable in a typical installation." ...it s [ more ] [ reply ] [security bulletin] HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access 2007-07-05 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01077597 Version: 1 HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be [ more ] [ reply ] Session fixation in Zen Cart CMS 2007-07-05 tomaz bratusa teamintell com ======================================================================== ============ Team Intell Security Advisory TISA2007-05 ------------------------------------------------------------------------ ------------ Zen Cart 1.3.7 - Session fixation Issue in backend Administration interface ============ [ more ] [ reply ] [ MDKSA-2007:142 ] - Updated apache packages fix multiple security issues 2007-07-05 security mandriva com [ MDKSA-2007:141 ] - Updated apache packages fix multiple security issues 2007-07-05 security mandriva com [ MDKSA-2007:139 ] - Updated MySQL packages fix multiple security issues 2007-07-04 security mandriva com [ MDKSA-2007:140 ] - Updated apache packages fix multiple security issues 2007-07-05 security mandriva com [USN-480-1] Gimp vulnerability 2007-07-04 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-480-1 July 04, 2007 gimp vulnerability CVE-2007-2949 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 [ more ] [ reply ] Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c 2007-07-04 NGSSoftware Insight Security Research (nisr ngssoftware com) ======= Summary ======= Name: Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c Release Date: 4 July 2007 Reference: NGS00497 Discover: Barrie Dempster <barrie (at) ngssoftware (dot) com [email concealed]> Vendor: Digium Vendor Reference: ASA-010 Systems Affected: Asterisk < 1.4.3; AsteriskNOW < Beta6; Ast [ more ] [ reply ] Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure 2007-07-04 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure RedTeam Pentesting discovered an information disclosure in the Fujitsu- Siemens BX300 Switch Blade during a penetration test. By accessing URLs of the web interface directly and aborting the authentication dialog [ more ] [ reply ] Fujitsu-Siemens ServerView Remote Command Execution 2007-07-04 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Fujitsu-Siemens ServerView Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Fujitsu- Siemens ServerView during a penetration test. The DBAsciiAccess CGI script is vulnerable to a remote command execution because of a parameter which is not properly [ more ] [ reply ] Re: Remote File Include In Script SoftNews Media Group 2007-07-04 foster ghc ru [quote] By Hasadya Raed ... Script : SoftNews Media Group ... Exploits: http://www.Victim.com/engine/init.php?root_dir=[Shell-Attack] http://www.Victim.com/engine/Ajax/editnews.php?root_dir=[Shell-Attack] ------------------------------------ By Hasadya Raed [/quote] fake, obviously [quote] Vulnera [ more ] [ reply ] PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27) 2007-07-04 Dragos Ruiu (dr kyx net) PacSec CALL FOR PAPERS World Security Pros To Converge on Japan TOKYO, Japan -- To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practi [ more ] [ reply ] MySQLDumper vulnerability: Bypassing Apache based access control possible 2007-07-03 bugtraq henningpingel de A critical security issue has been found in the Open Source PHP backup tool MySQLDumper [0]. The issue allows to bypass an Apache based access control created with MySQLDumper. Through this an attacker can easily gain full control about all features of MySQLDumper. The authors of MySQLDumper were i [ more ] [ reply ] [ MDKSA-2007:138 ] - Updated kdebase packages fix Flash Player interaction vulnerability 2007-07-03 security mandriva com Cross Site Scripting in Oliver Library Management System 2007-07-03 A. R. (r00t northernfortress net) BACKGROUND ========== "Oliver is the web-based Library Management System for Schools. Softlink has built on the understanding of thousands of school clients, over many years, and has designed a new system for school libraries and learning resource centres in the 21st century" -- from http://www.soft [ more ] [ reply ] Security on AIR: Local file access through JavaScript 2007-07-03 fukami (fukami sektioneins de) Hi! It's just a very first look to AIR (Adobes Integrated Runtime) and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. ## What is AIR? Quote from Adobe: "Adobe Integrated Runtime (AIR) is a cross- operating system runtime that allows [ more ] [ reply ] Re[2]: Light Blog 4.1 XSS Vulnerability 2007-07-03 BlackHawk (hawkgotyou gmail com) Hello prodigy, i suggest to not download it at all.. look at main.php, no check for admin rights, you can post up every php files you want.. ;) Saturday, June 30, 2007, 8:39:49 PM, you wrote: > The information on this website is incorrect. Do not download this > version as it is not fixed. For a [ more ] [ reply ] Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control 2007-07-03 NGSSoftware Insight Security Research (nisr ngssoftware com) John Heasman of NGSSoftware has discovered a high risk vulnerability in the HP Instant Support Driver Check (SDD) ActiveX control, which is marked safe for scripting. The vulnerability affects the following version of the SDD control: HP Instant Support Driver Check versions prior to 1.5.0.3 Th [ more ] [ reply ] Moodle XSS / Liesbeth base CMS sensitive information disclosure 2007-07-03 3APA3A (3APA3A SECURITY NNOV RU) Dear bugtraq (at) securityfocus (dot) com [email concealed], 1. MustLive (mustlive at websecurity.com dot ua) reported crossite scripting vulnerability in Moodle 1.7.1 via search parameter of index.php, example: http://host/user/index.php?contextid=4&roleid=0&id=2&group=&perpage=20&s earch=%22style=xss:ex [ more ] [ reply ] |
|
Privacy Statement |
Summary
=======
Name: Internet Communication Manager Denial Of Service Attack
Release Date: 5 July 2007
Reference: NGS00484
Discover: Mark Litchfield <mark (at) ngssoftware (dot) com [email concealed]>
Vendor: SAP
Vendor Reference: SECRES-287
Systems Affected: Confirmed on Windows (unconfirmed on *NIX)
Risk: High
Statu
[ more ] [ reply ]