|
|
Colapse all |
Post message
unauthorized VNC access in AK-Systems Windows Terminals 2006-08-22 Victor Sudakov (sudakov sibptus tomsk ru) WinCE-based Windows Terminals (thin clients) manufactured by AK-Systems (http://www.ak-systems.ru/) with firmware version 1.2.5 ExVLP feature a VNC server for remote administration and setup. The VNC access is not protected by password, so anyone with a VNC client can connect to the terminal and wat [ more ] [ reply ] PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability 2006-08-18 D3nGeR Gmail CoM ************************************************************************ ********** *PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability * *----------------------------------------------------------------------- ------------------------------- * - [Script name: PHlyMail Lite v. 3 [ more ] [ reply ] Simple Machines Forum <=1.1RC2 unset() vulnerabilities 2006-08-22 rgod autistici org ---------Simple Machines Forum <=1.1RC2 unset() vulnerabilities----------------- ------------------------------------------------------------------------ -------- software site: http://www.simplemachines.org/ the recently discovered Zend_Hash_Del_Key_Or_Index PHP vulnerability allows users to [ more ] [ reply ] Major updates in PowerPoint FAQ document - not a 0-day issue 2006-08-22 Juha-Matti Laurio (juha-matti laurio netti fi) Several updates to Microsoft PowerPoint Vulnerability FAQ - August 2006, CVE-2006-4274 document at http://blogs.securiteam.com/?p=559 have been done. * According to the new information confirmed today this is not 0-day vulnerability, it is related to patched MS06-012: http://www.microsoft.com/techn [ more ] [ reply ] [ MDKSA-2006:147 ] - Updated squirrelmail packages fix vulnerabilities 2006-08-22 security mandriva com EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable 2006-08-22 Marc Maiffret (mmaiffret eeye com) MS06-042 Related Internet Explorer 'Crash' is Exploitable Date: August 22, 2006 Severity: High Systems Affected: Windows 2000 with IE6 SP1 and MS06-042 hotfix installed Windows XP SP1 with IE6 SP1 and MS06-042 hotfix installed Overview: On August 8th Microsoft released MS06-042 which was a cumul [ more ] [ reply ] Simpliciti Locked Browser Jail Breakout Vulnerability 2006-08-22 dc simpliciti biz From vendor: In order to access this vulnerabilty, the user has to intentional visit a page which has intentional created the malious exit javascript. The product has many security functions built in to prevent this occuring. The products setting screens allow the product to easily prevent [ more ] [ reply ] Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug 2006-08-22 dkabs mobotix com I'd like to inform you that we fixed this problem. We provide new software versions that include a security patch that prevents cross site scripting flaws. Customers are encouraged to upgrade to at least software version - V2.2.3.18 (for camera models M10/D10) and - V3.0.3.31 (for camera mode [ more ] [ reply ] [ MDKSA-2006:146 ] - Updated Thunderbird packages fix multiple vulnerabilities 2006-08-22 security mandriva com [ MDKSA-2006:145 ] - Updated Firefox packages fix multiple vulnerabilities 2006-08-22 security mandriva com TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities 2006-08-21 TTG (releases teklow com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities RELEASE DATE: August 21st, 2006 VENDOR: Alt-N Technologies ( http://www.altn.com ) VULNERABLE: Tested on Alt-N WebAdmin v3.2.3/3.2.4 running with MDaemon v9.0.5, earlier versions are suspected vulnera [ more ] [ reply ] Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability 2006-08-21 night_warrior- hotmail com ##Night_Warrior<Kurdish Hacker> ##night_warrior-[at]hotmail.com ##Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability ##Contact : night_warrior-[at]hotmail.com ##hompage : www.dieselscripts.com http://www.example.com/[Script Path]/site/getad.php?refid=&email=default&ps=[XSS] [ more ] [ reply ] Diesel Job Site forgot.php Cross-Site Scripting 2006-08-21 night_warrior- hotmail com ##Night_Warrior<Kurdish Hacker> ##night_warrior-[at]hotmail.com ##Diesel Job Site forgot.php Cross-Site Scripting Vulnerability ##Contact : night_warrior-[at]hotmail.com ##hompage : www.dieselscripts.com http://www.example.com/[Script Path]/jobseekers/forgot.php?uname=[XSS]&fu=Submit http:/ [ more ] [ reply ] Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability 2006-08-20 securityfocus draijer org I made this script a long time ago and actually I don´t use it anymore (I use a newer version which is not ready for "the real world" yet). By accident I discovered this page when I showed someone how many hits you will get when you google on your own name. You say "Venedor Contacted, But No Resp [ more ] [ reply ] [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability 2006-08-21 nop (nop xsec org) Advisory ID: XSec-06-09 Advisory Name: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability Release Date: 08/22/2006 Tested on: Windows 2000/XP Internet Explorer 6.0 SP1 Affected version: Windows 2000 Windows XP Author: nop <nop#xsec.org> http://www.xsec.org Overview: When I [ more ] [ reply ] Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln 2006-08-20 Outlaw aria-security net |
|
Privacy Statement |
-----------------
Found by: PrOtOn & digi7al64
Date: May 20th 2006
Critical Level: High
Type: Multiple Cross Site Scripting (XSS) vunerabilities
------------------------------------------------------------------
[ more ] [ reply ]