|
|
Colapse all |
Post message
Informix Long Username Buffer Overflow Vulnerability 2006-08-14 NGSSoftware Insight Security Research (nisr nextgenss com) Informix - Discovery, Attack and Defense 2006-08-14 David Litchfield (davidl ngssoftware com) Hey all, I've just posted "Informix - Discovery, Attack and Defense" to databasesecurity.com. For those that would like a copy you can download it from http://www.databasesecurity.com/informix-securing.htm. This paper is derived from Chapter 11 from the Database Hacker's Handbook. The issues discuss [ more ] [ reply ] Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability 2006-08-14 public frank4dd com After furiously patching since last week for catching up with MS06-040, we discovered that a old exploit for MS06-035 (again or still) works on a number fully patched systems including Windows 2003 Server, Windows XP and Windows 2000. The exploit that works is: http://milw0rm.org/exploits/2057 [ more ] [ reply ] ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability 2006-08-11 ScatterChat Advisories (sc_advisories hacktivismo com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability Technical Report CVE ID: CVE-2006-4021 August 11th, 2006 http://www.scatterchat.com/ SUMMARY ScatterChat (http://www.scatterchat.com/) is an instant messaging project that aims to pro [ more ] [ reply ] (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow 2006-08-11 Secure (secure symantec com) Any further revisions to this information, if required, will be posted to the official advisory located at : http://www.symantec.com/avcenter/security/Content/2006.08.11.html Symantec Security Advisory SYM06-014 BID 19479 11 August 2006 Symantec Backup Exec for Windows Server: RPC Interface [ more ] [ reply ] Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability 2006-08-12 nukedx nukedx com Hi, I checked these files you said vulnerable and could not see any vulnerability. Lets check lines 25-34 of index.php: --source code of index.php lines 25 to 34- 25: //error_reporting('E_ALL'); 26: 27: define('IN_MYBLOGGIE', true); 28: 29: session_start(); 30: header("Cache-control: privat [ more ] [ reply ] Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss 2006-08-11 blood2_20032003 yahoo com Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities 2006-08-12 Benjamin Tobias Franz (0-1-2-3 gmx de) (1 replies) Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities ... discovered by Benjamin Tobias Franz Affected Vendor: Microsoft Affected Product: Microsoft Windows - Microsoft Help (WINHLP32.EXE) Description: Multiple remote code execution and denial of ser [ more ] [ reply ] Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities 2006-08-12 Reversemode (advisories reversemode com) [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation 2006-08-12 joey infodrom org (Martin Schulze) Concurrency-related vulnerabilities in browsers - expect problems 2006-08-12 Michal Zalewski (lcamtuf dione ids pl) Good morning, "Fame-hungry sociopath torches cars, finds browser flaws WARSAW, Poland (AP) -- police are on a look out for a local adolescent vandal who continues to terrorize local IT workers in what appears to be a bizzare bid for fame. Larry Seltzer reports from the scene." Well, I jus [ more ] [ reply ] myEvent <= 1.4 Multiple Remote File Include Vulnerabilities 2006-08-12 sh3ll sh3ll ir ------------------------------------------------------------------------ --------------- myEvent 1.4 Multiple Remote File Include Vulnerabilities ------------------------------------------------------------------------ --------------- Author : Sh3ll Date : 2006/08/11 HomePage : http://www.s [ more ] [ reply ] Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability 2006-08-12 sh3ll sh3ll ir ------------------------------------------------------------------------ --------------- Calendarix 0.7 calpath Remote File Inclusion ------------------------------------------------------------------------ --------------- Author : Sh3ll Date : 2006/08/11 HomePage : http://www.sh3ll.ir Con [ more ] [ reply ] SquirrelMail 1.4.8 released - fixes variable overwriting attack 2006-08-11 Thijs Kinkhorst (kink squirrelmail org) (1 replies) Hello all, Today SquirrelMail version 1.4.8 has been released with a collection of bugfixes and an important security fix. It was possible for an authenticated user to overwrite random variables in the compose.php script. This may open up possible attack vectors like reading or overwriting a user's [ more ] [ reply ] Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variableoverwriting attack 2006-08-11 Yves Goergen (nospam list unclassified de) UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities 2006-08-11 Raphael Marichez (falco gentoo org) Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code 2006-08-11 xvml karlrunge com WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI 2006-08-10 philipp niedziela gmx de +-------------------------------------------------------------------- + + WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI + + Original advisory: + http://www.bb-pcsecurity.de/Websecurity/311/org/+ WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm + +------------------------ [ more ] [ reply ] rPSA-2006-0152-1 squirrelmail 2006-08-11 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0152-1 Published: 2006-08-11 Products: rPath Linux 1 Rating: Major Exposure Level Classification: User Deterministic Vulnerability Updated Versions: squirrelmail=/conary.rpath.com@rpl:devel//1/1.4.6-2.2-1 References: http://www.cve.mitre.org/cgi-bin/cvename [ more ] [ reply ] Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability 2006-08-10 sh3ll sh3ll ir ------------------------------------------------------------------------ -------------------- Startpage 1.0 cfgLanguage Remote File Inclusion ------------------------------------------------------------------------ -------------------- Author : Sh3ll Date : 2006/08/10 HomePage : http://www. [ more ] [ reply ] Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory 2006-08-11 Henry Sieff (henry sieff gmail com) Thank you for the response. My question is "is it even a workaround." Cisco's solution is to have the VPN concentrator refuse new SA requests once the number of pending SA requests exceeds the set amount. But the symptom of the DOS is that no new SA's can be formed. So the workaround produces the [ more ] [ reply ] miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability 2006-08-10 sh3ll sh3ll ir ------------------------------------------------------------------------ --------------- miniBloggie 1.0 fname Remote File Inclusion ------------------------------------------------------------------------ --------------- Author : Sh3ll Date : 2006/05/01 HomePage : http://www.sh3ll.ir Cont [ more ] [ reply ] [security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS) 2006-08-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00680632 Version: 2 HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. [ more ] [ reply ] [security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code 2006-08-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00629555 Version: 14 HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon a [ more ] [ reply ] Security Vulnerability in Ruby on Rails 1.1.x 2006-08-11 michael koziarski com Product: Ruby on Rails Affected: 1.1.0, 1.1.1, 1.1.2, 1.1.4, 1.1.5 Problem Description ------------------- Scott Barron and Tobias Luetke, of the Ruby on Rails Core Team, discovered a fault with the dependency resolution mechanism which can, when exploited by a remote attacker, leave a [ more ] [ reply ] |
|
Privacy Statement |
Name: Informix Long Username Buffer Overflow Vulnerability
Systems Affected: Informix 9.40.xC6 and earlier, 10.00.xC2 and earlier
Severity: Critical
Vendor URL: http://www.ibm.com/
Author: David Litchfield [ davidl (at) ngssoftware (dot) com [email concealed] ]
Date of Public Advi
[ more ] [ reply ]