|
|
Colapse all |
Post message
[security bulletin] HPSBTU02125 SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier, Local Unauthorized Code Execution 2006-06-29 security-alert hp com rPSA-2006-0116-1 mutt 2006-06-29 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0116-1 Published: 2006-06-29 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Remote User Deterministic Denial of Service Updated Versions: mutt=/conary.rpath.com@rpl:devel//1/1.4.2.1-17-0.1 References: http://www.cve.mitre.org/cgi-bin/c [ more ] [ reply ] Novell Security contact address change 2006-06-29 Roman Drahtmueller (draht novell com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thu Jun 29 18:00:00 CEST 2006 The Novell Security Team wishes to update the security contact address and the corresponding pgp/gpg key. Persons or organizations who wish to get in contact with Novell Security are invited to use the new address and [ more ] [ reply ] Multiple Vulnerabilities in PatchLink Update Server 6 2006-06-29 Chris Steipp (csteipp novacoast com) ------------------------------------------------------------- PatchLink Update Server 6 SQL Injection ------------------------------------------------------------- Severity: Critical Date: June 28, 2006 Class: Remote Status: Patch Available Discovered by: Chris Steipp, Novacoast (csteipp at novacoa [ more ] [ reply ] Digital Armaments Security Advisory 29.06.2006: Siemens Speedstream Wireless Router Password Protection Bypass Vulnerability 2006-06-29 info digitalarmaments com Digital Armaments advisory is 05.02.2006 http://www.digitalarmaments.com/2006290674551938.html I. Background The SpeedStream Wireless DSL/Cable Router is usually adopted for home and small business solutions. Together with an existing DSL or cable modem connection, this affordable, easy to us [ more ] [ reply ] [ GLSA 200606-28 ] Horde Web Application Framework: XSS vulnerability 2006-06-29 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities 2006-06-29 Secunia Research (remove-vuln secunia com) Softbiz Banner Exchange 1.0 XSS 2006-06-29 securityconnection gmail com Softbiz Banner Exchange Network 1.0 http://softbizscripts.com -------------------------- Cross Site Scripting (XSS) -------------------------- POST http://target.xx:80/insertmember.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx Content-Length: 152 [ more ] [ reply ] CSRF in Nuked Klan 1.7 SP4.2 2006-06-29 blwood skynet be # Discovered by Blwood # http://www.blwood.net CSRF : Cross Site Request Forgery If admin click on a link like this http://www.site.com/index.php?file=Admin&page=block&op=del_block&bid=X Where X is an ID of a block Block ID X will be destroyed... Nuked Klan Website : http://www.nuk [ more ] [ reply ] [ GLSA 200606-29 ] Tikiwiki: SQL injection and multiple XSS vulnerabilities 2006-06-29 Sune Kloppenborg Jeppesen (jaervosz gentoo org) DMA[2006-0628a] - 'Apple OSX launchd unformatted syslog() vulnerability' 2006-06-29 K F (lists) (kf_lists digitalmunition com) You couldn't be more wrong if you called it a Canadian Goose! -KF #!/usr/bin/perl # http://www.digitalmunition.com/FailureToLaunch.pl # Code by Kevin Finisterre kf_lists[at]digitalmunition[dot]com # # This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/No [ more ] [ reply ] [ MDKSA-2006:115 ] - Updated mutt packages fix buffer overflow vulnerability 2006-06-29 security mandriva com Presentation: AT&T ISNN - "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications." 2006-06-28 Kenneth F. Belva (ken ftusecurity com) On Thursday, June 22, 2006, I taped a presentation titled "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications" for the AT&T ISNN Lecture Series. The aim of the presentation is to cover a limited set of web application vulnerability types and show the impact of these v [ more ] [ reply ] Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...) 2006-06-28 Luigi Auriemma (aluigi autistici org) A small correction: The cd-key stealing is not possible since the master server address is built-in in the client code. Sorry for this wrong info, I added it almost two weeks ago while taking note of the possible ways for exploitating these bugs and forgot to recheck this method. I have updated t [ more ] [ reply ] [KAPDA]http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html 2006-06-28 addmimistrator gmail com ORIGINAL ADVISORY: http://kapda.ir/page-advisory.html http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter -extractionvarable-overwriting.html ??????-Summary?????- Software: MyBB Sowtware?s Web Site: http://www.mybboard.com Versions: 1.1.4 Class: Remote Status: Patched [ more ] [ reply ] Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities 2006-06-27 Ralf (ralfoide gmail com) This is a follow up to the security vulnerability described in: http://www.securityfocus.com/archive/1/437818/30/60/threaded As author and maintainer of RIG (a.k.a. the Ralf Image Gallery), I made a fix available upstream yesterday: http://sourceforge.net/project/showfiles.php?group_id=54367 I str [ more ] [ reply ] Cisco Security Advisory: Access Point Web-Browser Interface Vulnerability 2006-06-28 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Access Point Web-Browser Interface Vulnerability ===================================================================== Advisory ID: cisco-sa-20062806-ap.shtml http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml [ more ] [ reply ] Microsoft's Real Test with Vista is Vulnerabilities 2006-06-27 Gadi Evron (ge linuxbox org) (1 replies) Vista, the solution to all our problems: Microsoft portrays Vista as anything from the end of software vulnerabilities to the end of spyware. In my opinion, that is irrelevant as both problems are not going to go away. They are part of how software systems and the Internet work, and that's that. Th [ more ] [ reply ] Re: [funsec] Microsoft's Real Test with Vista is Vulnerabilities 2006-06-28 thomas48 (thomas48 singnet com sg) Secunia Research: Opera SSL Certificate "Stealing" Weakness 2006-06-28 Secunia Research (remove-vuln secunia com) MKPortal 1.0.1 Final ($ind) File Include Vulnerability (perl) 2006-06-28 stormhacker hotmail com Welcome people In World Defacers Team [W]orld [D]efacers Team ====================================== --------------------Summary---------------- eVuln ID: WD21 Vendor: MKPortal 1.0.1 Final Vendor's Web Site: wttp://www.kaimanweb.net Software: Live Customer Support Solution :- http://www.thegy [ more ] [ reply ] [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities 2006-06-28 security mandriva com |
|
Privacy Statement |
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00686865
Version: 1
HPSBTU02125 SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier,
Local Unauthorized Code Execution
NOTICE: The information in this Security Bulletin should be ac
[ more ] [ reply ]