|
|
Colapse all |
Post message
RE: [Full-disclosure] Yet another 0day for IE 2006-09-23 Bill Stout (bill stout greenborder com) Hi all, If anyone finds a site where the 0day still lives, please let me know. All the URLs I've found are off the air. I did find a websense update not listed here: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=632 There's another websense blog says the code has been posted (w [ more ] [ reply ] Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS) 2006-09-22 pdp (architect) (pdp gnucitizen googlemail com) hi there, personally I don't care if it is a new or old vector :) to be completely honest with you but thanks for the clarifications. I will leave it to you guys to decide. cheers Tim On 9/22/06, Tim <tim-security (at) sentinelchicken (dot) org [email concealed]> wrote: > > Hello pdp, > > > http://www.gnucitizen.org/blog/sel [ more ] [ reply ] tech support being flooded due to IE 0day 2006-09-22 Gadi Evron (ge linuxbox org) For orgs which are not ISP's, I just emailed this to nanog. ----- Hi guys, several ISP's are experiencing a flood of calls from customers who get failed installations of the recent IE 0day - VML - (vgx.dll). If you are getting such floods too, this is why. This is currently discussed on the botne [ more ] [ reply ] [ MDKSA-2006:169 ] - Updated Thunderbird packages fix multiple vulnerabilities 2006-09-22 security mandriva com PhotoStore Multiple Cross-Site Scripting Vulnerabilities 2006-09-23 meto5757 hotmail com ################################################# PhotoStore Multiple Cross-Site Scripting Vulnerabilities ------------------------------------------------- site : http://www.ktools.net/photostore/ ------------------------------------------------- Exploiting these issues could allow an attacker [ more ] [ reply ] Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns. 2006-09-23 meto5757 hotmail com ################################################ web application : Opial Audio/Video Download Management Version : 1.0 site : http://www.opial.com ------------------------------------------------ Exploit : --------- http://www.example.com/[path]/index.php?view=Login&destination=[xss] ---- [ more ] [ reply ] [SECURITY] [DSA 1184-1] New Linux 2.6.8 packages fix several vulnerabilities 2006-09-25 joey infodrom org (Martin Schulze) Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0 2006-09-25 Moritz Naumann (security moritz-naumann com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3. This extension is part of a default Typo3 4.0.x installlation. Typo3 4.0.2 fixes it. http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/ Credits go to Mr. Ekkehar [ more ] [ reply ] [USN-352-1] Thunderbird vulnerabilities 2006-09-25 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-352-1 September 25, 2006 mozilla-thunderbird vulnerabilities CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4567, CVE-2006-4570, CVE-2006-4571 ======================================= [ more ] [ reply ] [SECURITY] [DSA 1183-1] New Linux 2.4.27 packages fix several vulnerabilities 2006-09-25 joey infodrom org (Martin Schulze) Windows VML Vulnerability FAQ (CVE-2006-4868) written 2006-09-24 Juha-Matti Laurio (juha-matti laurio netti fi) I have posted Frequently Asked Questions document about the unpatched Windows VML vulnerability. The document entitled as Windows VML Vulnerability FAQ (CVE-2006-4868) is located at my SecuriTeam Blogs section, http://blogs.securiteam.com/?p=640 The document describes related malware, 3rd party fi [ more ] [ reply ] ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] 2006-09-24 Gadi Evron (ge linuxbox org) (1 replies) On Sun, 24 Sep 2006, Bill Stout wrote: > http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be > ing.html > "This exploit can be mitigated by turning off Javascripting. > > Update: Turning off Javascripting is no longer a valid mitigation. A > valid mitigation is unregistering [ more ] [ reply ] Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] 2006-09-25 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (1 replies) Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] 2006-09-25 Gadi Evron (ge linuxbox org) (1 replies) Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] 2006-09-25 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) Jamroom Media Content Management System Login.php Xss Vuln. 2006-09-23 meto5757 hotmail com ############################################# Jamroom Media Content Management System Xss Vuln. ------------------------------------------------- http://www.jamroom.net. ------------------------------------------------- Jamroom is a Website Management tool (a Media Content Management System) th [ more ] [ reply ] Re: [Full-disclosure] Yet another 0day for IE (Disabling Javascript no longer a fix) 2006-09-25 Nick FitzGerald (nick virus-l demon co uk) Bill Stout wrote: > http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be > ing.html > "This exploit can be mitigated by turning off Javascripting. > > Update: Turning off Javascripting is no longer a valid mitigation. ... Well, to pick a nit, the Sunbelt blog entry is corre [ more ] [ reply ] [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability 2006-09-23 advisories risesecurity org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RISE-2006002 FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability Released: September 23, 2006 Last updated: September 23, 2006 INTRODUCTION There exists a vulnerability within a architecture dependent function of the FreeBSD kernel (Free [ more ] [ reply ] |
|
Privacy Statement |
Here is our fix:
-------------------------------------
if ($_GET['page'] < "0")
{
$this->page = 1;
}
-------------------------------------
Add this near line 480 in function getPostIds()
And by the way this isn't critical, because intval is used before, not becaus
[ more ] [ reply ]