this is my humble opinion
http://www.gnucitizen.org/blog/xssing-the-lan

I didn't go to BlackHat but since a lot of people are getting really
interested in XSS attacks, right now when it is sort of blooming, I
will try to put in theory how border routers/gateways can be trivially
compromised (over t

[ more ]  [ reply ]

Dear colleague,

As you may know, in conjunction with the "Second International
Conference on Availability, Reliability and Security (AReS) - ARES
2007 conference, a number of workshops will be organised.

It is my pleasure to invite you to submit workshop proposals. Workshop
proposals should includ

[ more ]  [ reply ]

TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic
Update Code Execution Vulnerability

http://www.tippingpoint.com/security/advisories/TSRT-06-05.html
August 7, 2006

-- CVE ID:
CVE-2006-3976
CVE-2006-3977

-- Affected Vendor:
Computer Associates

-- Affected Products:
e

[ more ]  [ reply ]

TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest
Processing Buffer Overflow Vulnerability

http://www.tippingpoint.com/security/advisories/TSRT-06-06.html
August 7, 2006

-- CVE ID:
CVE-2006-3975

-- Affected Vendor:
Computer Associates

-- Affected Products:
eTrust Anti

[ more ]  [ reply ]

Dear pdp (architect),

pa> BTW, there are quite a lot cisco devices that have http open on local
pa> LAN vulnerable to IOS HTTP Authorization Vulnerability.

That's my point, I have done an ehaustive amount of pentest, I have
never come accross a router with accessible HTTP port. Maybe that's
relate

[ more ]  [ reply ]

#title: Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability

#Author: xoron

#script: Visual Events Calendar v1.1

#Class : Remote

#cont@ct: x0r0n[at]hotmail[dot]com

#CODE: include $cfg_dir."customize_text.php";

#Exploit: http://www.site.com/[path]/calendar.php?c

[ more ]  [ reply ]

DeluxeBB Multiple Vulnerabilities

Author: Attila Gerendi (Darkz)

Date: July 30, 2006

Package: DeluxeBB (http://www.deluxebb.com/)

Versions Affected: 1.08 (Other versions may also be affected.)

Severity: Cross-Site Scripting, Cookie Manipulation, Login Bypass

Cross-Site Scrip

[ more ]  [ reply ]

I agree with you. Sometimes routers do not have http enabled although
I believe that most administrators enable this service to perform
easy/remote administration tasks. However, it is quite common to find
http enabled devices. :) printers, wireless printers, cameras... you
name it. Attacking these

[ more ]  [ reply ]

## HeLiOsZ - Dark End Team - Internet Security Team
## simplog 0.9.3 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &
http://www.darkend.org
## Rish : Medium
## Type : web applet

## Creator: http://www.simplog.org/

## Exploit:
- The vuln is in the search section,it d

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1144-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 7th, 2006

[ more ]  [ reply ]

I'm having some trouble believing this hasn't been reported before. If you
have a linksys router handy, please check to see whether it is vulnerable to
this attack. It's possible that all of the linksys router web UIs have the
same bug. Hopefully the problem is isolated to one particular model

[ more ]  [ reply ]

From Mark O'Sullivan, on http://lussumo.com/community/:

"Here is the code in question:

$WorkingDirectory = str_replace('\\', '/', getcwd()).'/';

$RootDirectory = str_replace('setup/', '', $WorkingDirectory);

// ...

// Include the old settings file if it is present (it just contains consta

[ more ]  [ reply ]

Microsoft informs about ten existing Windows flaws and two Office flaws at
http://www.microsoft.com/technet/security/bulletin/advance.mspx

Some of the upcoming security bulletins have Critical severity.

Maybe it's time to release a fix to remarkable old Msjet40.dll issue reported by HexView as ear

[ more ]  [ reply ]

[vuln.sg] Vulnerability Research Advisory

Lhaz LHA Long Filename Buffer Overflow Vulnerability

by Tan Chew Keong

Release Date: 2006-08-06

Summary

-------

Some vulnerabilities have been found in Lhaz. When exploited, the vulnerabilities allow execution of arbitrary code when the user extr

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: DConnect Daemon
http://www.dc.ds.pg.gda.pl
Versions: <= 0.7.0 and CVS <= 30 Jul 2006
Platforms: Windows, *nix, *BSD and others
Bugs: A] li

[ more ]  [ reply ]

By : LoneEagle

E-mail : king_purba (at) yahoo.co (dot) uk [email concealed]

http://kandangjamur.net

Affected :

IMENDIO PLANNER 0.13

PROJECT MANAGEMENT FEDORA 4.

Impact : System Acces

From : Remote

Severity : Moderately Critical

Description:

------------

Imendio planner was failed when opening file name format stri

[ more ]  [ reply ]

Affected versions: php 5.1.4 and older, 4.4.3 and possibly older

Cause: when php-s sscanf functions format argument contains argument swap

and extra arguments are given like.

sscanf('foo ','$1s',$bar) then it reads an pointer to pointer to

zval structure past the end of argument array

[ more ]  [ reply ]

Hello,

word about this vulnerability is out for several weeks (or months). Because of this I spare you the
advisory and only point you to my little article describing what exactly this vulnerability is,
that I disclosed to the PHP project 6 months ago:

The rating for this vulnerability should be:

[ more ]  [ reply ]

## HeLiOsZ - Dark End Team - Internet Security Team
## blur6ex 0.3 Comment title HTML inyection vuln.

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &
http://www.darkend.org
## Rish : Medium
## Type : web applet

## Creator: http://www.blursoft.com

## Exploit:
- To exploit this vul

[ more ]  [ reply ]

+--------------------------------------------------------------------

+

+ NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion

+

+--------------------------------------------------------------------

+

+ Affected Software .: NEWSolved Lite v1.9.2 (maybe above)

+ Venedor ...........: http://w

[ more ]  [ reply ]

Title : Virtual War v1.5.0 Remote File Include (vwar_root)

############################################

Discovered By :::: :::: :::: AG-Spider :::: :::: ::::

------------------------------------------------------------------------
-----
Class : Remote file include
Rish : Dang

[ more ]  [ reply ]

#############################SolpotCrew Community################################

#

# phpCC - Beta 4.2 (base_dir) Remote File Inclusion

#

# Download file : http://www.phpcc.at/download_file1.html

#

########################################################################
#########

[ more ]  [ reply ]

Description:

yet another 'windows meta file' (WMF) denial of service exploit.

System affected:

+ Windows XP SP2,
+ Windows 2003 SP1,
+ Windows XP SP1,
+ Windows XP
+ Windows 2003

Tech info:

page fault in gdi32!CreateBrushIndirect() because invalid pointer access.
Incorrect (short) to (void*) s

[ more ]  [ reply ]