|
|
Colapse all |
Post message
RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) 2006-06-30 Schmehl, Paul L (pauls utdallas edu) -----Original Message----- From: full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed] [mailto:full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]] On Behalf Of Juha-Matti Laurio Sent: Thursday, June 29, 2006 8:08 PM To: bugtraq (at) securityfocus (dot) com [email concealed]; full-disclosure (at) lists.grok.org (dot) uk [email concealed] Subject: Re: [Full-disclosure] Browser [ more ] [ reply ] phpBB 2.0.21 Full Path Disclosure 2006-06-29 xzerox linuxmail org ------------------------------------------------------------------- phpBB 2.0.21 Full Path Disclosure ------------------------------------------------------------------- Discovered By zero [Moroccan Security Team] ------------------------------------------------------------------- Details ~~~~ [ more ] [ reply ] News <= 5.2 XSS, SQL Injection, Full Path Disclosure 2006-06-29 gmdarkfig gmail com #!/usr/bin/perl # # VulnScr: News version 5.2 and prior # E-mail: contact (at) vincent-leclercq (dot) com [email concealed] # Web: www.vincent-leclercq.com # # Date: Thu June 29 12:01 2006 # Credits: DarkFig (gmdarkfig (at) gmail (dot) com [email concealed]) # Vuln: XSS, Full Path Disclosure, SQL Injection # Advisorie: http: [ more ] [ reply ] NewsPHP 2006 PRO XSS SQL injection Vulnerability 2006-06-29 securityconnection gmail com http://newsphp.com ------------------ Cross Site Scripting (XSS) ------------------ http://target.xx/?words=%3Cscript%3Ealert(/Ellipsis%20Security%20Test/)% 3C/script%3E&where=1 http://target.xx/index.php?id=%3Cscript%3Ealert(%22Ellipsis%20Security%2 0Test%22)%3C/script%3E http://target.xx/index [ more ] [ reply ] Hobbit monitor: Security issue with Hobbit 4.2-beta client 2006-06-30 henrik hswn dk (Henrik Stoerner) I was just notified by a Hobbit user that the current beta client has a security problem in the client "logfetch" utility, when installed as suid-root (which is the default if "make install" is executed as root). Impact ------ The effect of this is that any user who is able to login and create fi [ more ] [ reply ] FreeHost "misc.php & news.php" SQL Injection 2006-06-30 CrAzY CrAcKeR hotmail com ================================ Discovered By: CrAzY CrAcKeR ================================ Example:- /FreeHost/misc.php?readme=[SQL] /FreeHost/news.php?index=[SQL] Search:- Powered By FreeHost ================================ Email:CrAzY.CrAcKeR (at) hotmail (dot) com [email concealed] [ more ] [ reply ] ZDI-06-020: Apple iTunes AAC File Parsing Integer Overflow Vulnerability 2006-06-30 zdi-disclosures 3Com com ZDI-06-020: Apple iTunes AAC File Parsing Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-020.html June 29, 2006 -- CVE ID: CVE-2006-1467 -- Affected Vendor: Apple -- Affected Products: iTunes -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS custome [ more ] [ reply ] ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox] 2006-06-30 Juha-Matti Laurio (juha-matti laurio netti fi) SANS Internet Storm Center states at their updated Diary entry that after more research on this vulnerability it appears that Mozilla Firefox is not affected to information disclosure object.documentElement.outerHTML" property vulnerability reported in Internet Explorer. http://isc.sans.org/diary.p [ more ] [ reply ] [Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability 2006-06-30 mac68k gmail com [Kil13r-SA-20060701-1] Ahnlab Search Cross-Site Scripting Vulnerability 2006-06-30 mac68k gmail com Title: [Kil13r-SA-20060701-1] Ahnlab Search Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/28 - Discovery 2006/06/28 - Vendor notification 2006/06/30 - Vendor notification 2006/06/30 - Vendor response 2006/07/01 - [ more ] [ reply ] [ GLSA 200606-30 ] Kiax: Arbitrary code execution 2006-06-30 Sune Kloppenborg Jeppesen (jaervosz gentoo org) libwmf integer/heap overflow 2006-06-30 sean (infamous41md hotpop com) Sorry I don't have time to chase down multiple email addresses of alleged developers; so here this is after weeks of no response. POC is not attached unlike advisory says. It's not very difficult to exploit. ++++++++++++++++++++++++++++++++++++++++++++ Subject: libwmf integer/heap overflow +++ [ more ] [ reply ] [SECURITY] [DSA 1104-1] New OpenOffice.org packages fix several vulnerabilities 2006-06-30 joey infodrom org (Martin Schulze) Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) 2006-06-30 Juha-Matti Laurio (juha-matti laurio netti fi) The related SANS Internet Storm Center Diary entry is the following: http://isc.sans.org/diary.php?storyid=1448 This story was updated later on Wednesday to include detailed test results. Secunia test link included to SA20825 advisory was used. I have not reproduced it with Firefox 1.5.0.4 in Win [ more ] [ reply ] Browser bugs hit IE, Firefox today (SANS) 2006-06-30 Bill Stout (bill stout greenborder com) (1 replies) http://news.com.com/Browser+bugs+hit+IE%2C+Firefox/2100-1002_3-6089817.h tml?tag=nefd.top Published: June 29, 2006, 3:14 PM PDT I couldn't find more info on SANS site. Anyone have a link to the SANS description? Bill Stout GreenBorder http://www.greenborder.com Free licenses first 10,000 downloa [ more ] [ reply ] Msie 7.0 beta Crash 2006-06-29 Mr Niega gmail com /* * * Msie 7.0 Beta crash [Proof of concept] * Bug discovered by Mr.Niega * http://www.swerat.com/ * * Affected Software: Internet Explorer 7.0 Beta * Severity: Unknown * Impact: Crash * Solution Status: Unpatched * * E-Mail: MarjinZ (at) gmail (dot) com [email concealed] & Mr.Niega (at) gmail (dot) com [email concealed] * __ __ __ __ [ more ] [ reply ] [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability 2006-06-29 security mandriva com rPSA-2006-0120-1 gnupg 2006-06-29 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0120-1 Published: 2006-06-29 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote User Deterministic Vulnerability Updated Versions: gnupg=/conary.rpath.com@rpl:devel//1/1.4.4-1-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename [ more ] [ reply ] [security bulletin] HPSBUX02122 SSRT061158 rev.2 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS) 2006-06-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00679472 Version: 2 HPSBUX02122 SSRT061158 rev.2 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted up [ more ] [ reply ] |
|
Privacy Statement |
[ more ] [ reply ]