|
|
Colapse all |
Post message
[SECURITY] [DSA 1081-1] New libextractor packages fix arbitrary code execution 2006-05-29 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal 2006-05-29 joey infodrom org (Steve Kemp) [SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities 2006-05-29 joey infodrom org (Martin Schulze) html Guest Gear 2006-05-27 pieisgdvgd hotmail co uk htmls guest gear (all pages that look like this http://htmlgear.tripod.com/guest/control.guest?a=sign) has an exploit where you can inject html and javascript into there guestbook by doing the following <br iframe src=javascript:alert("hi")>></br> you can put any html or javascript in there. [ more ] [ reply ] Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. 2006-05-27 visitbipin hotmail com ----------[SNIP]------------ yes so a random key K is used to encrypt all the data on the volume; the passphrase is used to encrypt the key K. This design allows to change the passphrase without reencrypting the whole drive (only K needs to be reencrypted). ----------[/snip]----------- the only [ more ] [ reply ] RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. 2006-05-26 thesinoda hotmail com Firstly, we appricate truecrypt team comments but on the other hand we do not agree on some. --Adonis Comment-- I do not agree with some of truecrypt comments specially the quoted text below. What if you had created a virtual disk and give that to someone. That someone use it as his/her o [ more ] [ reply ] Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING 2006-05-27 thesinoda hotmail com This to answer Mr Jon Callas (PGP CTO) and to show him the last proof-of-concept. If he did not get it we consider we have done our part to report a BIG problem in PGP unless this is some kinda of HIDDEN features. --Adonis, Abed Comments-- We do not agree with some of PGP comments. We do not [ more ] [ reply ] D-Link DSA-3100 Cross-Site Scripting 2006-05-27 jaime blasco eazel es D-Link DSA-3100 Cross-Site Scripting Tested on D-Link DSA-3100 Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es Description: D-Link DSA-3100 Airspot Gateway is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a rem [ more ] [ reply ] [SECURITY] [DSA 1078-1] New tiff packages fix denial of service 2006-05-27 joey infodrom org (Martin Schulze) Multiple Xss exploits in ar-blog v 5.2 2006-05-27 black-cod3 hotmail com Multiple Xss exploits in ar-blog v 5.2 forum type : ar-blog v 5.2 bug found by : black-code team : site-down type : Xss black-code: http://www.xxx.com/path/index.php?page=gb&count=next='><script>alert(10) </script> http://www.xxx.com/path/index.php?page=gb&count='><script>alert(10)</sc [ more ] [ reply ] Critical sql injection in saphplesson 2.0 2006-05-27 black-cod3 hotmail com Critical sql injection in : forum type : saphplesson 2.0 bug found by : black-code&sweet-devil team : site-down type : sql injection black-code: http://www.xxx.net/sh3r/add.php?forumid=-1%20union%20select%20Modpasswor d%20from%20modretor sweet-devil: http://www.xxx.net/lesons/show. [ more ] [ reply ] InternerExplorer error: ECMAScript interpreter stack overflow 2006-05-27 sehato yandex ru <!-- tested: IE 6.0.2900.2180 Windows SP2 Event thread: click ECMAScript interpreter stack overflow. InternerExplorer it is closed and deduces a mistake " unknown software exception " --> <html> <input type="button" name="btn" onclick="document.all['btn'].onclick(0);document.write('') [ more ] [ reply ] Symantec antivirus software exposes computers 2006-05-27 Michael Scheidell (scheidell secnap net) Security company says flaw lets hackers steal sensitive data AP: May 26, 2006, 7:45pm: WASHINGTON - Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to [ more ] [ reply ] rPSA-2006-0083-1 enscript 2006-05-26 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0083-1 Published: 2006-05-26 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Deterministic Weakness Updated Versions: enscript=/conary.rpath.com@rpl:devel//1/1.6.1-8.2-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?nam [ more ] [ reply ] Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password 2006-05-26 Cemil Degirmenci (cd wavecon de) rPSA-2006-0084-1 fetchmail 2006-05-26 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0084-1 Published: 2006-05-26 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: User Non-deterministic Weakness Updated Versions: fetchmail=/conary.rpath.com@rpl:devel//1/6.2.5.5-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.c [ more ] [ reply ] cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4 2006-05-26 cxib securityreason com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4] Author: Maksymilian Arciemowicz (cXIb8O3) Date: - -Written: 15.5.2006 - -Public: 27.5.2006 from SECURITYREASON.COM CVE-2006-2563 - --- 0.Description --- PHP is an HTML-embedded scripting languag [ more ] [ reply ] LM hashes in a hot-desking environment 2006-05-25 feedb4ck z4ck org (3 replies) Although it is a well known fact that Windows desktops and servers still use LM Hashes and cache the last ten userids and passwords locally, just in-case an Active Directory, Domain, or NDS tree are not available, has anyone thought about the consequences of this issue in a hot-desking, or flexible [ more ] [ reply ] Re: LM hashes in a hot-desking environment 2006-05-27 Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) |
|
Privacy Statement |
Ubuntu Security Notice USN-287-1 May 29, 2006
nagios vulnerability
CVE-2006-2489
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
Ubunt
[ more ] [ reply ]