|
|
Colapse all |
Post message
ERRATA: [ GLSA 200604-10 ] zgv: Heap overflow 2006-06-10 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability 2006-06-10 farhadkey yahoo com [KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability KAPDA New advisory Advisory Number: 47 Vulnerable products : Snitz Forum <= 3.4.05 Vendor: http://forum.snitz.com Vulnerability: SQL_Injection Date : -------------------- Found : 2006/01/12 Vendor Contacted : 2006/06/0 [ more ] [ reply ] Ringlink v3.2 - XSS 2006-06-10 luny youfucktard com Ringlink v3.2 Homepage: http://www.ringlink.org Effected files: next.cgi stats.cgi list.cgi XSS Vulnerability PoC: http://www.example.com/ringlink/next.cgi?ringid=[IMG%20SRC=javascript:al ert('XSS')] http://www.example.com/ringlink/stats.cgi?ringid=[IMG%20SRC=javascript:a lert('XSS')] [ more ] [ reply ] [SECURITY] [DSA 1095-1] New freetype packages fix several vulnerabilities 2006-06-10 joey infodrom org (Martin Schulze) rPSA-2006-0099-1 openldap openldap-clients openldap-servers 2006-06-09 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0099-1 Published: 2006-06-09 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Weakness Updated Versions: openldap=/conary.rpath.com@rpl:devel//1/2.2.26-8.3-1 openldap-clients=/conary.rpath.com@rpl:devel//1/2.2.26-8.3-1 openldap-server [ more ] [ reply ] CORE-2006-0330: Asterisk PBX truncated video frame vulnerability 2006-06-09 Core Security Technologies advisories (advisories coresecurity com) Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ Asterisk PBX truncated video miniframe vulnerability Date Published: 2006-06-09 Last Update: 2006-06-09 Advisory ID: CORE-2006-0330 Bugtraq ID: 18295 CVE Name: CVE-2006-2898 Title: Asterisk PBX truncated v [ more ] [ reply ] [Kil13r-SA-20060609-3] DreamWiz Search Cross-Site Scripting Vulnerability 2006-06-09 mac68k gmail com [USN-296-1] firefox vulnerabilities 2006-06-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-296-1 June 09, 2006 firefox vulnerabilities CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2 [ more ] [ reply ] 0verkill 0.6, Remote integer overflow 2006-06-09 Federico Fazzi (federico autistici org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 #!/usr/bin/env python # # ----------------------------------------------------- # Exploit id: FSE:016 # # Author: Federico Fazzi # Contact: federico (at) autistici (dot) org [email concealed] # Date: 09/06/2006, 13:58 # Sinthesis: 0verkill 0.16, Remote integer overflo [ more ] [ reply ] ST AdManager Lite v1 2006-06-09 luny youfucktard com ST AdManager Lite v1 Homepage: http://www.site-trade.com/index.php Effected files: index.php submit.php input form XSS Vulnerabilities: submit.php input forms do not correctly sanatize user input before submitting it to be checked by an admin and then published. This in turn to allow a [ more ] [ reply ] P.A.I.D v2.2 2006-06-09 luny youfucktard com P.A.I.D v2.2 Homepage: http://www.webexceluk.net Effected files: faq.php input form of logging in. index.php The input forms of logging into My Account do not sanatize user input. For PoC of a XSS attack simply put in: "><IMG SRC=javascript:alert('XSS')><" It also seems when logging [ more ] [ reply ] Windows Software Restriction Policy Protection Bypass 2006-06-09 3APA3A (3APA3A SECURITY NNOV RU) (1 replies) Dear bugtraq (at) securityfocus (dot) com [email concealed], It was reported anonymously with request to post to lists. Windows Software Restriction Policy Protection Bypass Author: Anonymous Class: Restrictions bypass Vector: Local Vendor: Microsoft Sofware: Windows XP SP2, Win [ more ] [ reply ] Re: [Full-disclosure] Windows Software Restriction Policy Protection Bypass 2006-06-09 Dinis Cruz (dinis cruz googlemail com) [USN-288-2] PostgreSQL server/client vulnerabilities 2006-06-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-288-2 June 09, 2006 postgresql-8.1 vulnerabilities CVE-2006-2313, CVE-2006-2314 =========================================================== A security issue affects the following Ubuntu releases: U [ more ] [ reply ] Contensis CMS XSS vunerability 2006-06-09 smigofthedump yahoo com Hello, I have discovered a XSS vunerability in the Contensis CMS. Input passed to the "search" parameter when performing a search and various fields when using the search isn't properly sanitised ... The vendors own site was tested in Windows Internet Explorer - the search funstion did n [ more ] [ reply ] PHP-Nuke Download Module Remote SQL Injection 2006-06-09 BuNy-m hotmail com ================================== Fund By:BuNy-m Special for Site:www.alshmokh.com E-mail:BuNy-m (at) hotmail (dot) com [email concealed] ================================== Example: /modules.php?name=Downloads&d_op=viewdownload&cid=2%20UNION%20select%20c ounter,%20aid,%20pwd%20FROM%20nuke_authors%20 [ more ] [ reply ] TinyMuw v1.0 - XSS 2006-06-09 luny youfucktard com TinyMuw v1.0 Homepage: http://www.l0j1k.com/tinyMuw/index.php Effected files: quickchat.php input box videoPage.php Input isn't sanatized before being generated in the quickchat.php chatbox. For PoC try putting: <IMG SRC=javascript:alert('XSS')> in as your comment. Full path disclosu [ more ] [ reply ] Secunia Research: AutoMate unacev2.dll Buffer OverflowVulnerability 2006-06-09 Secunia Research (remove-vuln secunia com) |
|
Privacy Statement |
Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200604-10:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]