|
|
Colapse all |
Post message
Re: Bybass HTTP ( extension files ) in ISA 2004 2006-07-16 medozero yahoo com well for those who didnot get it it is like this make a rule in ISA and in the role make the source is internal network and the destination is external now configure the HTTP policy to block specific extension like zip ok now test it try to download any file.zip y0 will have that ISA will prevent [ more ] [ reply ] [SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure 2006-07-18 Moritz Muehlenhoff (jmm debian org) Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01] 2006-07-18 ak red-database-security com $100 plus several of my books if you can crack my Windows password hashes. 2006-07-18 Roger A. Grimes (roger banneretcs com) I've been participating in an online thread discussing password complexity versus length. I say forget complexity and go for length. Many others feel complexity is the way to go. So to put my money where my mouth is, I'm sponsoring a contest: CHALLENGES: Let's do a test, with three challenges: C [ more ] [ reply ] DeluxeBB mutiple vulnerabilities 2006-07-18 Jessica Hope (jessicasaulhope googlemail com) ====================================================================== Advisory : DeluxeBB mutiple vulnerabilities Release Date : July 18th, 2006 Application : DeluxeBB Version : Deluxe 1.07 and previous versions Platform : PHP Vendor URL : http://www.deluxebb.com/ Authors : Jessica Hope (jessicasa [ more ] [ reply ] Outpost Firewall Pro secrately fixing security flaws? 2006-07-17 Bipin Gautam (gautam bipin gmail com) hello, To my knowledge Outpost Firewall Pro 3.5.631 had a security issue (say: 0-day) that An exception can be passed & then triggered by a local system user to the firewall resulting in a SYSTEM CRASH due to a overflow flaw in filtnt.sys (firewall driver) I was testing it on winxpsp2 (patchlevel l [ more ] [ reply ] Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior 2006-07-16 mullware gmail com Vulnerable Products: Outpost Firewall Pro ver. 3.51.759.6511 (462) And Lavasoft Personal Firewall ver. 1.0.543.5722 (433) Summary of problem: The firewall runs its windows under a SYSTEM context. A user with lower privileges than SYSTEM could locate the (open folder) control on some [ more ] [ reply ] [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability 2006-07-18 farhadkey kapda ir [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability KAPDA New advisory Vulnerable product: Tested on PHP-Post 0.21 and 1.0 Vendor: http://php-post.co.uk Vulnerability: Privilege Escalation Date: -------------------- Found: Nov 23, 2005 Vendor Contacted: J [ more ] [ reply ] [ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability 2006-07-18 security mandriva com Cross Site Scripting Vulnerability in Zoho Virtual Office 2006-07-17 ss_team (ssteam pl gmail com) Hello, We have discovered a vunerability in Zoho Virtual Office. Malformed HTML message could lead to XSS Attack. It can cause a cookie theft leading to session hijacking. PoC: Simply creating HTML message including Javascript code could lead the browser's frame into evil script on attacker's ser [ more ] [ reply ] Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download 2006-07-16 x0r0n hotmail com title : Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download - script site : http://www.keyifweb.com/ - Discovered : xoron - Cont@ct : x0r0n (at) hotmail (dot) com [email concealed] - Exploit : http://www.target.com/[path]/A9S7G6ASD790/ANKET/anket.mdb http://www.target.com/ [ more ] [ reply ] Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities 2006-07-17 matdhule gmail com ------------------------------------------------------------------------ --------- Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities ------------------------------------------------------------------------ --------- Author : Matdhule Contact : matdhule (at) gmail (dot) com [email concealed] Web : http: [ more ] [ reply ] New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities 2006-07-17 matdhule gmail com ------------------------------------------------------------------------ --------- New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities ------------------------------------------------------------------------ --------- Author : Ahmad Maulana a.k.a Mat [ more ] [ reply ] Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form 2006-07-16 pagvacito (unknown pentester gmail com) The following is the updated version of a post sent to FD [http://seclists.org/lists/fulldisclosure/2006/Jul/0137.html] ... Title: Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form Successfully tested against: - BT Voyager 2091 Wireless ADSL - Firmware [ more ] [ reply ] 23rd Chaos Communication Congress 2006: Call for Participation 2006-07-16 fukami (fukami berlin ccc de) 23C3: Who can you trust? 23rd Chaos Communication Congress December 27th to 30th, 2006 Berlin, Germany http://events.ccc.de/congress/2006/ Overview ======== The 23rd Chaos Communication Congress (23C3) is the annual four-day conference of the Chaos Computer Club (CCC) on technology, society [ more ] [ reply ] RUXCON 2006 Final Call For Papers 2006-07-18 cfp ruxcon org au RuxCon staff would like to announce the call for papers for the fourth annual RuxCon conference. This year the conference will run from the 30th of September to the 1st of October, over the long weekend. As with previous years, RuxCon will be held at the University of Technology, Sydney, Australia [ more ] [ reply ] |
|
Privacy Statement |
For More information:
http://www.digitalbu
[ more ] [ reply ]