|
|
Colapse all |
Post message
[XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability 2006-08-15 nop (nop xsec org) otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln 2006-08-15 vampire_chiristof yahoo com vendor: http://www.jakeo.com vuln : http://[host]/foto/index.php?path=../../etc/passwd http://[host]/foto/index.php?path=<b>xss</b> http://[host]/foto/index.php?path=../../[directory listing] Author : Vampire Vampire_chiristof (at) yahoo (dot) com [email concealed] Homepage : Www.HackerZ.iR Www.H4ckerZ [ more ] [ reply ] [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability 2006-08-15 nop (nop xsec org) Advisory ID: XSec-06-03 Advisory Name: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability Release Date: 08/15/2006 Tested on: Internet Explorer 6.0 SP1 on Microsoft Windows XP SP2 CN Affected version: Internet Explorer 6.0 Author: nop <nop#xsec.org> http://www.xsec.org Ove [ more ] [ reply ] Koobi Pro CMS 5.6 SQL injection & XSS 2006-08-15 vampire_chiristof yahoo com vendor:http://www.dream4.de dork:"powered by Koobi Pro 5.6" vuln : http://[host]/index.php?p=showtopic&toid=[SQL] http://[host]/index.php?p=showtopic&toid=[XSS] Path Disclosure:http://[host]/index.php?area=1&p=' Author : Vampire vampire_chiristof (at) yahoo (dot) com [email concealed] Homepage : Www.Hac [ more ] [ reply ] [SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service 2006-08-15 joey infodrom org (Martin Schulze) [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability 2006-08-15 nop (nop xsec org) Advisory ID: XSec-06-02 Advisory Name: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability Release Date: 08/15/2006 Tested on: Internet Explorer 6.0 SP1 on Microsoft Windows XP SP2 CN Affected version: Internet Explorer 6.0 Author: nop <nop#xsec.org> http://www.xsec.org Over [ more ] [ reply ] local file include in PHP-Nuke (autohtml.php) 2006-08-15 MosT3mR hotmail com ################################################################### # local file include in PHP-Nuke (autohtml.php) # # Rish : High # # Class : Local # # Script : autohtml.php # # Thanks : www.lezr.com/vb & All kuwait hackers # # Link : http://www.lezr.com/vb/showthread.php?p=104324 # # [ more ] [ reply ] Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) 2006-08-14 Gerardo Richarte (lists core-sdi com) CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service 2006-08-14 Core Security Technologies advisories (advisories coresecurity com) Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability 2006-08-14 Steven M. Christey (coley mitre org) (1 replies) Carsten Eilers said: > Take a look at the top of cal_config.inc.php: > > # adjust the '$calpath'. > # hardcode it if detection does not work and comment out the remaining > # code. > # > # $calpath = "C:\\PHP\\calendarix\\demo\\" ; > > $calpath = dirname(__FILE__) ; When doing post-disclosure a [ more ] [ reply ] Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability 2006-08-15 Carsten Eilers (ceilers-lists gmx de) Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability 2006-08-12 istgha rofonianx net <<< We have same results in admin.php and db.php, Please dont post every include() function as a RFI vuln. Dont post such a messages for being famous. >>> SecurityFocus shouldn't approve . Please read these lines again again and again : <<< We have same results in admin.php and db.php, Please [ more ] [ reply ] Re: RE: linksys WRT54g authentication bypass 2006-08-11 gooorguss gmail com I use WRT54g v4 (firmware v.4.20.8)and try to the following command. But I didn't exploit my router. When I captured the normal packet with ethereal, I only saw "POST /apply.cgi ....." When I captured the exploit packet with curl, I didn't receive a reply packet according to the exploit request [ more ] [ reply ] Opera 9 Remote Denial of Service 2006-08-13 NNP (version5 gmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.milw0rm.com/exploits/2179 Run the above as a server and connect to it using the in-built IRC client. The Linux, Windows and OSX versions are vulnerable and others may also be. By embedding a redirect to irc://evilhost in a web page the brow [ more ] [ reply ] Multiple Arbitrary File Access (Write/Read) Vulnerabilities 2006-08-14 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Multiple Arbitrary File Access (Write/Read) Vulnerabilities Systems Affected: All version of Informix Severity: High Vendor URL: http://www.ibm.com/ Author: David Litchfield [ davidl (at) ngssoftware (dot) com [email concealed] ] Date of Public Advisory: 2nd August 2006 Advi [ more ] [ reply ] RE: linksys WRT54g authentication bypass 2006-08-11 TeamXMM Consulting, Inc. (security teamxmm com) Use a different Firmware then... Preferably, Sveasoft or DD-WRT <quote> The Sveasoft firmware is a replacement firmware upgrade for ASUS, Belkin, Buffalotech, and Linksys wireless routers. </quote> :D Sincerely, TeamXMM Internet Security & Consulting, Inc. Email: security (at) teamxmm (dot) com [email concealed] Web ht [ more ] [ reply ] [ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities 2006-08-14 Raphael Marichez (falco gentoo org) Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities 2006-08-13 x0r0n hotmail com Multiple Buffer Overflow Vulnerabilities in Informix 2006-08-14 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Multiple Buffer Overflow Vulnerabilities in Informix Systems Affected: All versions of Informix Severity: High Vendor URL: http://www.ibm.com/ Author: David Litchfield [ davidl (at) ngssoftware (dot) com [email concealed] ] Date of Public Advisory: 2nd August 2006 Advisory n [ more ] [ reply ] (somewhat) breaking the same-origin policy by undermining dns-pinning 2006-08-14 Martin Johns (martin johns gmail com) Hello list, A small contribution to the current "hacking the intranet with JavaScript" meme (also posted to my blog at http://shampoo.antville.org/stories/1451301/). == Introduction = J. Grossman, RSnake, SPI Dynamics, pdp and others have demonstrated lately that it is possible for a malicious Ja [ more ] [ reply ] [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow 2006-08-14 Damian Put (pucik overflow pl) Overflow.pl Security Advisory #7 ImageMagick ReadSGIImage() Heap Overflow Vendor: ImageMagick (http://www.imagemagick.org) Affected version: 6.x up to and including 6.2.8 Vendor status: Fixed version released (6.2.9) Author: Damian Put <pucik (at) overflow (dot) pl [email concealed]> URL: http://www.overflow.pl/adv/imsgiheap [ more ] [ reply ] Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities 2006-08-14 matdhule gmail com Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability 2006-08-11 noname nodomain com HEYYYY ... Security FOCUS Moderators please don't add ! cfgLanguage is defined in config.php : $cfgLanguage = 'uk'; how can you change $cfgLanguage when it is defined ? Another Fake BUG Like Mafia Moblog Vulnerability : MAFIA MoBlog BID : 19458 MAFIA : http://securityfocus.com/bid/19458 Milw [ more ] [ reply ] RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA 2006-08-13 Dave Wichers (dave wichers aspectsecurity com) Many more details for the OWASP conference have been settled and are now available on the OWASP site, including: 1) Most of the agenda is set: See: http://www.owasp.org/index.php/OWASP_AppSec_Seattle_2006/Agenda 2) Conference hotel discounts have been negotiated and I'd strongly recommend making y [ more ] [ reply ] |
|
Privacy Statement |
XSec-06-04
Advisory Name:
Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability
Release Date:
08/15/2006
Tested on:
Internet Explorer 6.0 SP1 on Microsoft Windows 2000 SP4 / XP SP2 CN
Affected version:
Internet Explorer 6.0
Author:
nop <nop#xsec.org>
http://www.xsec.o
[ more ] [ reply ]