|
|
Colapse all |
Post message
Windows VML security update MS06-055 released 2006-09-26 Juha-Matti Laurio (juha-matti laurio netti fi) Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability 2006-09-26 Bastian Ahrens (mail b3cks com) Hi again, I had some time to research into this. I tested about ten boards with different versions from 2.3.3 to 2.3.5. On some this bug works on some it doesn't, independent of the version! On pages this doesn't work you will only get an empty thread without any posts as I told, otherwise you [ more ] [ reply ] Re: Re: Apple Remote Desktop root vulneravility 2006-09-26 securityfocus firefiter com This is not so much a vulnerability as an oversight. Who's oversight is up to you, but if you run a process remotely as root, and it has a GUI, then the GUI will appear on the screen, as a root process. This usually involves a menubar, adn thereby access to System Preferences. An easy demonstrati [ more ] [ reply ] rPSA-2006-0173-1 openoffice.org 2006-09-26 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2006-0173-1 Published: 2006-09-26 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: openoffice.org=/conary.rpath.com@rpl:devel//1/2.0.3-1.6-1 References: http://www.cve.mitre.or [ more ] [ reply ] VML Exploit vs. AV/IPS/IDS signatures 2006-09-26 avivra (avivra gmail com) (1 replies) The code for exploiting the unpatched VML vulnerability is in-the-wild for a week or so. This was enough time for Anti Virus, IPS/IDS and other reactive security products' vendors to create a signature for the in-the-wild exploit. So, I put my hand on one of the in-the-wild and tested it using Virus [ more ] [ reply ] [Whitepaper] - Access over Ethernet: Insecurities in AoE 2006-09-26 Morgan Marquis-Boire (morgan security-assessment com) Access over Ethernet: Insecurities in AoE ------------------------------------------ ATA over Ethernet (AoE) is an open standards based protocol which allows direct network access to disk drives by client hosts. AoE has been incorporated into the mainstream Linux kernel, recently been the subject [ more ] [ reply ] PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln. 2006-09-26 meto5757 hotmail com ################################################## description : ------------- PHP Invoice designed to automate your entire account, order, billing, ticket system needs. From displaying your sales content, to ordering, PHP Invoice will handle all your billing and authentication requirements with [ more ] [ reply ] [SECURITY] [DSA 1184-2] New Linux 2.6.8 packages fix several vulnerabilities 2006-09-26 joey infodrom org (Martin Schulze) SolpotCrew Advisory #13 - phpMyChat 0.1 (ChatPath) Remote File Inclusion 2006-09-26 chris_hasibuan yahoo com #############################SolpotCrew Community################################ # # phpMyChat 0.1 (ChatPath) Remote File Inclusion # # vendor : http://www.phpheaven.net/phpmychat:home # ######################################################################## ######### # # # Bug Fo [ more ] [ reply ] Vbulletin 2.X sql injection 2006-09-26 security soqor net Hello,, Vbulletin 2.X sql injection Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] This is sql injection in vbulletin systems the injection is in the global.php file we can use it global.php?templatesused= [ more ] [ reply ] CubeCart Multiple input Validation vulnerabilities 2006-09-26 security soqor net Hello,, CubeCart Multiple input Validation vulnerabilities Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] Sql injection admin/forgot_pass.php?submit=1&user_name=-1'or%201=1/* it will reset the password for t [ more ] [ reply ] [ GLSA 200609-16 ] Tikiwiki: Arbitrary command execution 2006-09-26 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Back-end => 0.4.5 Remote File Include Vulnerabilities 2006-09-25 h4ck3riran yahoo com # Back-end => 0.4.5 Remote File Include Vulnerabilities # Script.............. :Back-end # Discovered By.... : Root3r_H3ll # Location .......... : Iran # Class.............. : Remote # Original Advisory : http://Www.PersainFox.com # We ArE : Root3r_H3LL & Arash.Rj # <Spical TNX Irania H [ more ] [ reply ] php_news => 2.0 Remote File Include Vulnerabilities 2006-09-25 h4ck3riran yahoo com # php_news => 2.0 Remote File Include Vulnerabilities # Script.............. :php_news # Discovered By.... : Root3r_H3ll # Location .......... : Iran # Class.............. : Remote # Original Advisory : http://Www.PersainFox.com # We ArE : Root3r_H3LL & Arash.Rj # <Spical TNX Irania Hac [ more ] [ reply ] QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities 2006-09-25 h4ck3riran yahoo com # QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities # Script.............. :QB ( QuickBlogger ) # Discovered By.... :You_You # Location .......... : Iran # Class.............. : Remote # <Spical TNX : O.U.T.L.A.W , A.r.i.a , Sh3ll , T3rr0r1st # CodE : <? include $page; ?> [ more ] [ reply ] WebspotBlogging => 3.0 Remote File Include Vulnerabilities 2006-09-25 h4ck3riran yahoo com # WebspotBlogging => 3.0 Remote File Include Vulnerabilities # Script.............. :WebspotBlogging # Discovered By.... : Root3r_H3ll # Location .......... : Iran # Class.............. : Remote # Original Advisory : http://Www.PersainFox.com # We ArE : Root3r_H3LL & Arash.Rj # ExPl [ more ] [ reply ] Ruxcon 2006 2006-09-26 cfp ruxcon org au Hi, RUXCON 2006 will be held this weekend over the 30th of September to the 1st of October at the University of Technology, Sydney. Doors will open at 8:30am and the first presentation commences at 9:30am. Our presentation list is complete. RUXCON 2006 Presentations [1]: 1. Java Class Deobfusc [ more ] [ reply ] [ GLSA 200609-14 ] ImageMagick: Multiple Vulnerabilities 2006-09-26 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200609-15 ] GnuTLS: RSA Signature Forgery 2006-09-26 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Uninformed Journal Release Announcement: Volume 5 2006-09-26 H D Moore (sflist digitaloffense net) Uninformed is pleased to announce the release of its fifth volume. The articles included in this volume are: - Exploitation Technology: Implementing a Customer X86 Encoder Author: skape - Exploitation Technology: Preventing the Exploitation of SEH Overwrites Author: skape - Fuzzing: Effectiv [ more ] [ reply ] iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Signedness Vulnerability 2006-09-25 iDefense Labs (labs-no-reply idefense com) FreeBSD i386_set_ldt Integer Signedness Vulnerability iDefense Security Advisory 09.23.06 http://www.idefense.com/intelligence/vulnerabilities/ Sep 23, 2006 I. BACKGROUND FreeBSD is a modern operating system for x86, amd64, Alpha, IA-64, PC-98 and SPARC architectures. It's based on the UNIX opera [ more ] [ reply ] iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability 2006-09-25 iDefense Labs (labs-no-reply idefense com) FreeBSD i386_set_ldt Integer Overflow Vulnerability iDefense Security Advisory 09.23.06 http://www.idefense.com/intelligence/vulnerabilities/ Sep 23, 2006 I. BACKGROUND FreeBSD is a modern operating system for x86, amd64, Alpha, IA-64, PC-98 and SPARC architectures. It's based on the UNIX operati [ more ] [ reply ] [security bulletin] HPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges 2006-09-25 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00774481 Version: 1 HPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges NOTICE: The information in this Security Bulletin should be acted upon a [ more ] [ reply ] [security bulletin] HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code 2006-09-25 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00768776 Version: 1 HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon a [ more ] [ reply ] |
|
Privacy Statement |
Fix is available via Microsoft Update or downloadable with links included to MS06-055:
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx
Fix information has been added to Windows VML Vulnerabil
[ more ] [ reply ]