|
|
Colapse all |
Post message
CORE-2006-0327: IAXclient truncated frames vulnerabilities 2006-06-09 Core Security Technologies advisories (advisories coresecurity com) Secunia Research: SelectaPix Cross-Site Scripting and SQLInjection Vulnerabilities 2006-06-09 Secunia Research (remove-vuln secunia com) Re: SSL VPNs and security 2006-06-09 Michal Zalewski (lcamtuf dione ids pl) On Fri, 9 Jun 2006, E Mintz wrote: > How about some real-world, application specific exploits? There's an example of a XSS that can be used to compromise Cisco Web VPN session in the text. > So, please show me an example of an actual compromise and I'll listen. > Otherwise, put up, or shut up! Y [ more ] [ reply ] [ GLSA 200606-08 ] WordPress: Arbitrary command execution 2006-06-09 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: SSL VPNs and security 2006-06-09 E Mintz (net4n6 gmail com) How about some real-world, application specific exploits? SSL VPN is hardly a 'novelty' or 'recent' technology. I implemented my first SSL VPN in '99 at a large financial, and it is still in production, and secure So, please show me an example of an actual compromise and I'll listen. Otherwise, pu [ more ] [ reply ] Docebo Lms 3.0.3, Remote command execution 2006-06-09 Federico Fazzi (federico autistici org) ----------------------------------------------------- Advisory id: FSA:010 Author: Federico Fazzi Date: 09/06/2006, 7:24 Sinthesis: Docebo Lms 3.0.3, Remote command execution Type: high Product: http://www.docebolms.org/ Patch: unavailable --------------------------------------------- [ more ] [ reply ] [USN-288-3] PostgreSQL client vulnerabilities 2006-06-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-288-3 June 09, 2006 dovecot, exim4, postfix vulnerabilities CVE-2006-2314, CVE-2006-2753 =========================================================== A security issue affects the following Ubuntu rel [ more ] [ reply ] Docebo Kms 3.0.3, Remote command execution 2006-06-09 Federico Fazzi (federico autistici org) ----------------------------------------------------- Advisory id: FSA:009 Author: Federico Fazzi Date: 09/06/2006, 7:09 Sinthesis: Docebo Kms 3.0.3, Remote command execution Type: high Product: http://www.docebolms.org/ Patch: unavailable --------------------------------------------- [ more ] [ reply ] mole.com.ua Ticket Booking Script - XSS 2006-06-09 luny youfucktard com Ticket Booking Script Homepage: http://www.mole.com.ua Effected files: input boxes on booking2.php XSS Vulnerabilities: The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it to a MySQL db. This can causes XSS examples as well as possible [ more ] [ reply ] mole.com.ua Booking Script 2006-06-09 luny youfucktard com Booking Script. Homepage: http://www.mole.com.ua PError with full path disclosure and possible buffer overflow?: http://www.example.com/week.php?year=2006&month=06&day=0' Warning: checkdate() expects parameter 2 to be long, string given in /home/httpd/vhosts/domain/subdomains/booking/ht [ more ] [ reply ] Docebo Core 3.0.3, Remote command execution 2006-06-09 Federico Fazzi (federico autistici org) ----------------------------------------------------- Advisory id: FSA:008 Author: Federico Fazzi Date: 09/06/2006, 6:44 Sinthesis: Docebo Core 3.0.3, Remote command execution Type: high Product: http://www.docebolms.org/ Patch: unavailable -------------------------------------------- [ more ] [ reply ] Docebo CMS 3.0.3, Remote command execution 2006-06-09 Federico Fazzi (federico autistici org) ----------------------------------------------------- Advisory id: FSA:007 Author: Federico Fazzi Date: 09/06/2006, 6:10 Sinthesis: Docebo CMS 3.0.3, Remote command execution Type: high Product: http://www.docebolms.org/ Patch: unavailable --------------------------------------------- [ more ] [ reply ] [USN-293-1] gdm vulnerability 2006-06-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-293-1 June 09, 2006 gdm vulnerability CVE-2006-2452 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS [ more ] [ reply ] iFoto v0.20-06/06/06 2006-06-08 luny youfucktard com iFoto v0.20-06/06/06 Homepage: http://ifoto.ireans.com/ Effected files: XSS Vulnerability: The dir path to show the image is base 64 encoded, so to attempt this XSS example we encode our codein base64. The code we'll be using is javascript in an iframe tag. [IFRAME SRC="javascript:al [ more ] [ reply ] Dell Openmanage CD Vulnerability 2006-06-08 wiz561 gmail com When you boot up using the Dell PowerEdge Installation and Server Management Disc (P/N: WG126 Rev. A00, October 2005), there are two major vulnerabilities on the machine. If you use this disc to boot up and you are connected to a DHCP network, there is an SSH server running that does not require a [ more ] [ reply ] [SECURITY] [DSA 1094-1] New gforge packages fix cross-site scripting 2006-06-08 Moritz Muehlenhoff (jmm debian org) [USN-294-1] courier vulnerability 2006-06-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-294-1 June 09, 2006 courier vulnerability CVE-2006-2659 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 U [ more ] [ reply ] [ GLSA 200606-07 ] Vixie Cron: Privilege Escalation 2006-06-09 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [USN-295-1] xine-lib vulnerability 2006-06-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-295-1 June 09, 2006 xine-lib vulnerability CVE-2006-2802 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 [ more ] [ reply ] [USN-292-1] binutils vulnerability 2006-06-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-292-1 June 09, 2006 binutils vulnerability CVE-2006-2362 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 [ more ] [ reply ] SSL VPNs and security 2006-06-08 Michal Zalewski (lcamtuf dione ids pl) (1 replies) "Web VPN" or "SSL VPN" is a term used to denote methods for accessing company's internal applications with a bare WWW browser, with the use of browser-based SSO authentication and SSL tunneling. As opposed to IPSec, no additional software or configuration is required, and hence, corporate users can [ more ] [ reply ] [security bulletin] HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS) 2006-06-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00589050 Version: 2 HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. [ more ] [ reply ] [security bulletin] HPSBMA02121 SSRT061157 rev.2 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution 2006-06-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00671912 Version: 2 HPSBMA02121 SSRT061157 rev.2 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution NOTICE: The information in this Security Bulletin should be acted upon [ more ] [ reply ] |
|
Privacy Statement |
http://www.coresecurity.com/corelabs/
IAXclient truncated frames vulnerabilities
Date Published: 2006-06-09
Last Update: 2006-06-09
Advisory ID: CORE-2006-0327
Bugtraq ID: 18307
CVE Name: N/A
Title: IAXclient truncated frames vulnerabilities
[ more ] [ reply ]