|
|
Colapse all |
Post message
PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15 2006-05-23 PostgreSQL Security (security postgresql org) PostgreSQL versions 8.1.4, 8.0.8, 7.4.13 and 7.3.15 have been released fixing two security issues. Details of vulnerability 1 -------------------------- Vulnerability type: SQL Injection Remotely exploitable: Depends on client Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7, [ more ] [ reply ] Hackernetwork Mail Xss[Search] Vulnerability 2006-05-23 ajannhwt hotmail com New Xss Hackernetwork Mail Vulnerability Hackernetwork Mail Xss[Search] Vulnerability ENGLISH #Title : Hackernetwork Mail Xss[Search] Vulnerability #Author: ajann Example; http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMen u=&EV1=11481394101759371&ab_to=&delete [ more ] [ reply ] rPSA-2006-0082-1 vixie-cron 2006-05-25 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0082-1 Published: 2006-05-25 Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: vixie-cron=/conary.rpath.com@rpl:devel//1/4.1-5.2-1 References: http://www.cve.mitre.org/cgi [ more ] [ reply ] Drupal <= 4.7 attachment/mod_mime remote code execution 2006-05-24 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "Drupal <= 4.7 attachment mod_mime poc exploit\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; /* this works with a user account with upload rights and with permissions to modify stories, howeve [ more ] [ reply ] [KAPDA::#44] - NewsCMSLite Login ByPass by Cookie 2006-05-24 farhadkey yahoo com [KAPDA::#44] - NewsCMSLite Login ByPass by Cookie Vulnerability KAPDA New advisory Vulnerable product : NewsCMSLite Vendor: http://www.katywhitton.com Vulnerability: Authentication Flaw in 'newsadmin.asp' Lets Remote User Gain Administrative Access . Date : -------------------- Found : [ more ] [ reply ] Pre Shopping Mall v1.0 2006-05-24 luny youfucktard com Pre Shopping Mall Homepage: http://www.preprojects.com/emall.asp Description: PRE SHOPPING MALL a power full ecommerce shopping mall solution. If you need to setup a online shop or shopping mall PRE SHOPPING MALL is your quickest solution. You can setup your Emall within few hours. Buy insta [ more ] [ reply ] CMS Mundo V1.0 2006-05-24 luny youfucktard com HotWebScripts.com CMS Mundo V1.0 Homepage: http://www.hotwebscripts.com Description: Free powerfull CMS - add textpages, productpages, news items, categories - edit content with integrated Word editor - auto-creation of thumb-images - integrated image gallery - integrated paypal gateway - uplo [ more ] [ reply ] GuestbookXL 1.3 2006-05-24 luny youfucktard com GuestbookXL 1.3 Homepage: http://phpscripts.byethost12.com/guestbook.php Description: This simple guestbook makes it possible to store messages from users. It stores the name, Email address (when given) as a mailto link and the message itself. It has 30 smileys at this moment, but other smiley [ more ] [ reply ] [USN-286-1] Dia vulnerabilities 2006-05-24 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-286-1 May 24, 2006 dia vulnerabilities CVE-2006-2453, CVE-2006-2480 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary H [ more ] [ reply ] Bulletin Board Elite-Board v.1.1 2006-05-24 luny youfucktard com Bulletin Board Elite-Board v.1.1 Homepage: http://eng.e-board.net.ru/about/ Description: Multipurpose multifunctional public bulletin board for your website. Easy to install and to use. Has all possible scripts functions of the same type and does not need additional modules and database. It [ more ] [ reply ] iFdate v1.2 2006-05-24 luny youfucktard com ((sorry if youget this twice, the reply page timed out)) iFdate v1.2 Homepage: http://www.ifusionservices.co.uk/products/product_ifdate.php Description: Packed full of great features, it supports themes and looks sleek, your users will be able to create & customize their very own profil [ more ] [ reply ] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. 2006-05-24 thesinoda hotmail com ChatPat v1.0 2006-05-23 luny youfucktard com ChatPat v1.0 Homepage: http://calendarscripts.info/download-3.html Description: An online chat room that lets users chat with each other. Effected files: fastchat.php fastshow.php The nickname input form doesn't sanatize user input before it adds it to the db. In turn this can cause [ more ] [ reply ] RE: Microsoft Internet Explorer - Crash on mouse button click 2006-05-23 Jain, Siddhartha (Siddhartha Jain kla-tencor com) Sorry, the bug is perfectly reproducible. I skipped clicking the mouse after loading the page. - Siddhartha -----Original Message----- From: Jain, Siddhartha Sent: Tuesday, May 23, 2006 12:18 PM To: 'mac68k (at) gmail (dot) com [email concealed]'; bugtraq (at) securityfocus (dot) com [email concealed] Subject: RE: Microsoft Internet Explorer - Crash o [ more ] [ reply ] AZ Photo Album Script Pro 2006-05-23 luny youfucktard com AZ Photo Album Script Pro Homepage: http://www.php4script.com/php-photo-album-script/ Description: A powerful PHP/MySQL photo album (photo gallery) script with a lot of features. Effected files: index.php Exploits & Vulns: Captivate is prone to a cross-site scripting vulnerability. [ more ] [ reply ] Re: Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 2006-05-23 phpnuke no-amazon com So does cpg-nuke have these same vulnerabilities or am I ok to use it instead these seem like a lot of issues and the programmers of cpg-nuke are always talking about the security issues on php-nuke and you are listing a bunch. Tyson Holding Businesses Responsible for bad Behavior!! Visit us [ more ] [ reply ] phpFoX All Version Login Exploit 2006-05-23 mx hackmx net phpFoX (AllVersion) Login to any Account #Exploit found by Mx [at] hackmx.net #Login as any user/admin/mod #Action event only once This exploit will allow you to action an event per login, on any account in phpFoX (All Versions). 1> Create an account on phpFox, after activating the accoun [ more ] [ reply ] Kaspersky antivirus 6: POP3 state machine error 2006-05-23 bug registrator gmail com Kaspersky antivirus 6 Kaspersky internet security 6 www.kaspersky.com Vulnerable Systems: KAV6, KIS6 Detail: The vulnerability is caused due to POP3 state machine error in POP3 monitor (Kaspersky Mail-antivirus). Any mailicious software on local computer can bypass POP3 virus monito [ more ] [ reply ] RE: modules name(Sections)SQL Injection Exploit 2006-05-23 Evans, Arian (Arian Evans fishnetsecurity com) That looks a lot like a *nuke (PHPNuke & forks like PostNuke). The "thold" param has a history of issues, XSS and the like, and I seem to recall it is handled by the "Sections" module in Nuke. If it's the code I think it is, there are more issues with other params which are even listed in the exam [ more ] [ reply ] Re: mybb v1.1.1(rss.php) SQL Injection Exploit 2006-05-25 Steven M. Christey (coley mitre org) >Foud By: Breeeeh & CrAzY CrAcKeR >$comma = " - "; >... >$title .= $comma.$forum['name']; >... >$comma = ", "; This code snippet sets the $comma variable to static values, so it doesn't look like the attacker can control them. >Example: > >/rss.php?...$comma=[SQL] Given the previous code snipp [ more ] [ reply ] [CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other. 2006-05-25 support lithium com |
|
Privacy Statement |
Addendum to my previous letter:
Note that this design (master key encrypted with header key) is common
and has been used for many years by many products (for example,
Scramdisk, E4M, etc.)
The main advantage of the design is that the user can change his
password within a few seconds without ha
[ more ] [ reply ]