|
|
Colapse all |
Post message
ToorCon 2006 Call for Papers 2006-07-18 h1kari (at) toorcon (dot) org [email concealed] (h1kari toorcon org) About the latest three Powerpoint vulnerabilities: exploitable? 2006-07-18 ewt telecomitalia it We have analyzed the three proof-of-concept documents recently posted on the mailing list, and they don't appear exploitable to us. Specifically: - powerpnt.exe: NULL pointer dereference, unusable. Are we missing anything? - memory corruption: we apparently control the address, but not the conte [ more ] [ reply ] [USN-319-1] Linux kernel vulnerability 2006-07-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-319-1 July 18, 2006 linux-source-2.6.15 vulnerability CVE-2006-3626 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 L [ more ] [ reply ] [SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service 2006-07-17 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation 2006-07-16 Moritz Muehlenhoff (jmm debian org) boastMachine <= 3.1 SQL Injection Exploit 2006-07-17 gmdarkfig gmail com #!/usr/bin/perl # # VulnScr: boastMachine version 3.1 and prior # Web: http://boastology.com/ # # Date: Sun July 16 10:43 PM 2006 # Credits: DarkFig (gmdarkfig (at) gmail (dot) com [email concealed]) # Vuln: SQL Injection, Cross Site Scripting, Cross Site Request Forgery, Predictable Backup Filename [ more ] [ reply ] PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30) 2006-07-17 Dragos Ruiu (dr kyx net) url: http://pacsec.jp PacSec 2006 CALL FOR PAPERS World Security Pros To Converge on Japan TOKYO, Japan -- To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese research [ more ] [ reply ] Secunia Research: BitZipper unacev2.dll Buffer OverflowVulnerability 2006-07-17 Secunia Research (remove-vuln secunia com) Secunia Research: VisNetic Mail Server Two File InclusionVulnerabilities 2006-07-17 Secunia Research (remove-vuln secunia com) rPSA-2006-0130-1 kernel 2006-07-17 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0130-1 Published: 2006-07-17 Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.16.26-0.1-1 References: http://www.cve.mitre.org/c [ more ] [ reply ] RE: Bybass HTTP ( extension files ) in ISA 2004 2006-07-17 Edward Tripovich (edward tripovich hotmail com) Tested this on ISA 2004. I cannot reproduce this. The ISA server blocks a given extension, with or without the # at the end of the file extension. Special config maybe? Edward medozero (at) yahoo (dot) com [email concealed] schreef: >hi ppl i just discover a bug in Microsoft Internet Security and >Acceleration (ISA) Server [ more ] [ reply ] [EEYEB-20060227] D-Link Router UPNP Stack Overflow 2006-07-17 eEye Advisories (Advisories eeye com) D-Link Router UPNP Stack Overflow Release Date: July 13, 2006 Date Reported: February 27, 2006 Patch Development Time (In Days): 136 Severity: High (Remote Code Execution) Vendor: D-Link Routers Affected: DI-524 Rev A DI-524 Rev C DI-524 Rev D DI-604 Rev E DI-624 Rev C DI-624 Rev D DI-784 Rev [ more ] [ reply ] Secunia Research: IceWarp Web Mail Two File InclusionVulnerabilities 2006-07-17 Secunia Research (remove-vuln secunia com) [SECURITY] [DSA 1110-1] New samba packages fix denial of service 2006-07-16 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation 2006-07-16 Moritz Muehlenhoff (jmm debian org) Plesk Control Panel <= 8.0.0 XSS vulnerability 2006-07-16 vuln invent gmail com Product: Plesk control panel Version: <= 8.0.0 Vendor: SWSoft Inc. URL: http://www.swsoft.com/en/products/plesk/ VULNERABILITY CLASS: XSS [Product Description] Plesk is comprehensive server management software developed specifically for the Hosting Service Industry with the assista [ more ] [ reply ] Calendar Module <= 1.5.7 Remote File Include Vulnerabilities 2006-07-16 matdhule gmail com ------------------------------------------------------------------------ --------- Calendar Module <= 1.5.7 Remote File Include Vulnerabilities ------------------------------------------------------------------------ --------- Author : Matdhule Contact : matdhule (at) gmail (dot) com [email concealed] Application : Cal [ more ] [ reply ] PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion 2006-07-16 chris_hasibuan yahoo com Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs 2006-07-16 Juha-Matti Laurio (juha-matti laurio netti fi) Mercury Messenger 2006-07-15 Hans Wolters (hans wolters xs4all nl) Problem description: Mercury Messenger, http://www.mercury.to/, is a java based messenger that will allow it's users to chat with MSN users. Currently it has been noted by two people that on a multi user OS X platform it is possible to read the chat logs from other users. The user specific [ more ] [ reply ] MyBulletinBoard (MyBB) 1.1.5 'CLIENT-IP' sql injection 2006-07-15 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "MyBulletinBoard (MyBB) <= 1.1.5 'CLIENT-IP' SQL injection / create new admin exploit\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork, version specific: \"Powered By MyBB\" \"2006 MyBB Group\"\n\n" [ more ] [ reply ] |
|
Privacy Statement |
Papers and presentations are being accepted for ToorCon 2006 to be held
at the Convention Center in San Diego, CA on September 29th-October 1st.
Please email your submissions to cfp [at] toorcon.org; submissions will
be accepted until August 18th,
[ more ] [ reply ]