|
|
Colapse all |
Post message
VMSA-2006-0004 Cross site scripting vulnerability and other fixes 2006-08-01 VMware Security Team (security vmware com) [ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities 2006-08-01 security mandriva com [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability 2006-08-01 vulnpost-remove vuln sg [vuln.sg] Vulnerability Research Advisory Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability by Tan Chew Keong Release Date: 2006-07-31 Summary ------- A vulnerability has been found in Lhaplus. When exploited, the vulnerability allows execution of arbitrary code when the [ more ] [ reply ] WoW Roster <= 1.5.x Remote File Include (hsList.php) 2006-08-01 AG Spider (ag-spider hotmail com) Title : WoW Roster <= 1.5.x Remote File Include (hsList.php) ######################################################################## ####### Discovered By :::: AG-Spider ------------------------------------------------------------------------ ----- Class : Remote file include Rish : Danger -- [ more ] [ reply ] [SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting 2006-08-01 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow 2006-08-01 Steve Kemp (skx debian org) [ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite 2006-08-01 Matthias Geerdsen (vorlon gentoo org) Re: Do world's famous companies take care of their security? 2006-07-31 Steven M. Christey (coley mitre org) >There was discussion last week in the Full-Disclosure about XSS >vulnerabilities in reply to XSS vulns in PayPal and Gadi Evron >suggested creation of a separate mailing list for just XSS >vulnerabilities. This is definitely a growing gap in our current knowledge. I don't think it's being tracke [ more ] [ reply ] MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability 2006-07-31 philipp niedziela gmx de +-------------------------------------------------------------------- + + MyNewsGroups :) v. 0.6b <= Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: MyNewsGroups :) v. 0.6b + Venedor ...........: http://mynewsgroups.source [ more ] [ reply ] Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 2006-07-31 Luigi Auriemma (aluigi autistici org) Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue 2006-07-31 advisories (advisories corsaire com) -- Corsaire Security Advisory -- Title: VMware ESX Server Password Disclosure in Cookie issue Date: 12.05.06 Application: VMware ESX prior to 2.5.2 patch 4 VMware ESX prior to 2.0.2 Environment: VMware ESX Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: General distributio [ more ] [ reply ] Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue 2006-07-31 advisories (advisories corsaire com) Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue 2006-07-31 advisories (advisories corsaire com) Re: Gdiplus.dll division by 0 2006-07-31 Early Warning Team (ewt telecomitalia it) (1 replies) We tried the Proof of Concept on our test machines and couldn't reproduce the reported exceptional behavior. The scenarios we tested were: - Windows XP Service Pack 2, <img> tag in Internet Explorer 6 - Windows XP Service Pack 2, "Insert picture" in Word 2003 - Windows XP Service Pack 2, display [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2006-0004
Synopsis: Cross site scripting vulnerability and other fixes
Knowledge base URL:http://kb.vmwa
[ more ] [ reply ]