|
|
Colapse all |
Post message
phpRaid "view.php" XSS Vulnerability 2006-05-19 TeufeL Online (teufel hotmail com) phpRaid "view.php" XSS Vulnerability Script : phpRaid Script Website : http://www.spiffyjr.com/ Version : phpRaid v2.9.5 This Xss Works On phpRaid Exploit ; 1-) Http://www.example.com/phpRaid/view.php?<script>alert('Xss%20Vulnerabili ty');</script> 2-) Http://www.example.com/phpRaid/view.php?m [ more ] [ reply ] Beoped Portal XSS 2006-05-19 outlaw aria-security net #Aria-Security.net Advisory #Discovered by: O.u.t.l.a.w #< www.Aria-security.net > #Gr33t to: A.u.r.a & R@1D3N & Smok3r & DrtRp #----------------------------------------------------------- Software: BeoPed Portal Link And Online Demo : http://www.beoped.com/beoportal/index.php Attack metho [ more ] [ reply ] SOE's implementation of Lithium Forums Software allows users to log on as each other. 2006-05-19 john johnhasson com Original bug/exploit was sent to Sony Online Entertainment December 5th (5 months ago) They havent fixed it yet. You can read details here: http://johnhasson.com/blog/archive/2006/05/18/175.aspx Summary: When logging into the forums (tested with the Matrix Online game forums) your sessionid is [ more ] [ reply ] Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln. 2006-05-18 sirdarckcat gmail com mybb v1.1.1(rss.php) SQL Injection Exploit 2006-05-18 Breeeeh hotmail com ---------------------------------- Foud By: Breeeeh & CrAzY CrAcKeR Site: www.alshmokh.com Email:Breeeeh (at) hotmail (dot) com [email concealed] ---------------------------------- $query = $db->query("SELECT * FROM ".TABLE_PREFIX."forums f WHERE 1=1 $forumlist"); $comma = " - "; while($forum = $db-> [ more ] [ reply ] ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service 2006-05-22 ACROS Security (lists acros si) =====[BEGIN-ACROS-REPORT]===== PUBLIC ======================================================================== = ACROS Security Problem Report #2006-05-17-1 ------------------------------------------------------------------------ - ASPR #2006-05-17-1: Buffer Overflow In Retroclient Service ========= [ more ] [ reply ] ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability 2006-05-22 zdi-disclosures 3com com ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-016.html May 22, 2006 -- CVE ID: CVE-2006-2496 -- Affected Vendor: Novell -- Affected Products: Novell eDirectory 8.8 Novell iMonitor 2.4 -- TippingPoint(TM) IPS Customer [ more ] [ reply ] [SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities 2006-05-22 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1072-1] New Nagios packages fix arbitrary code execution 2006-05-22 joey infodrom org (Martin Schulze) [security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS) 2006-05-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00676467 Version: 1 HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: [ more ] [ reply ] [security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) 2006-05-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00600177 Version: 1 HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) NOTICE: The information in this Security Bulletin shou [ more ] [ reply ] BitZipper Archive Extraction Directory traversal 2006-05-22 h e (het_ebadi yahoo com) BitZipper Archive Extraction Directory traversal BitZipper is an advanced data compression tool for Windows that enables you to unzip 18 different compression and encoding formats with superior ease-of-use. Create 8 different types of compressed files http://www.bitzipper.com Credit: The informa [ more ] [ reply ] Prodder Remote Arbitrary Command Execution 2006-05-22 RedTeam Pentesting (release redteam-pentesting de) Advisory: Prodder Remote Arbitrary Command Execution RedTeam identified a security flaw in prodder which makes it possible for a malicious podcast server to execute arbitrary shell commands on the victim's client. Details ======= Product: Prodder Affected Versions: All versions up to prodder-0.4 [ more ] [ reply ] Perlpodder Remote Arbitrary Command Execution 2006-05-22 RedTeam Pentesting (release redteam-pentesting de) Advisory: Perlpodder Remote Arbitrary Command Execution RedTeam identified a security flaw in perlpodder which makes it possible for a malicious podcast server to execute arbitrary shell commands on the victim's client. Details ======= Product: perlpodder Affected Versions: All versions up to pe [ more ] [ reply ] [SECURITY] [DSA 1071-1] New MySQL 3.23 packages fix several vulnerabilities 2006-05-22 joey infodrom org (Martin Schulze) Skype - URI Handler Command Switch Parsing 2006-05-21 Brett Moore (brett moore security-assessment com) ======================================================================== = Skype - URI Handler Command Switch Parsing = = Vendor Website: = http://www.skype.com = = Affected Version: = Skype for Windows: = All releases prior to and including 2.0.*.104 = Release 2.5.*.0 to and including 2. [ more ] [ reply ] [KAPDA::#43] - phpwcms multiple vulnerabilities 2006-05-21 alireza hassani (trueend5 yahoo com) Vendor: http://www.phpwcms.de Bugs: Path Disclosure, XSS, Local File Inclusion, Remote Code Execution Vulnerable Version: phpwcms 1.2.5-DEV (prior versions also maybe affected) Exploitation: Remote with browser Description: -------------------- phpwcms is a web content management system optimized f [ more ] [ reply ] Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06 2006-05-21 Marc Schoenefeld (marc schoenefeld gmx org) Hi y'all, the celebration week for Java is over, so let's come back to some old bugs. 2,5 years ago I found a bug in 1.4.2_02 which let browsers crash. Naively I submitted the bug to their database and waited that the bug would be fixed. But until now, nothing happened. Therefore I donate the bug [ more ] [ reply ] Novell Client login form enables reading and writing from and to the clipboard of the logged-in user 2006-05-21 EitanCaspi (at) yahoo (dot) com [email concealed] (eitancaspi yahoo com) (1 replies) Suggested Risk Level: Low. Type of Risk: Information Leakage, Information Injection, Unauthorized Access. Affected Software: Novell Client for Windows, versions 4.9 and 4.8 (On windows XP Pro and Windows 2000 Workstation). This versions are the only one tested, thus other version may be vulne [ more ] [ reply ] Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user 2006-05-22 Roman Drahtmueller (draht novell com) [SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities 2006-05-21 Moritz Muehlenhoff (jmm debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- Debian Security Advisory DSA 1069-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Martin Schulze, Dann Frazier May 20th, 2006 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2006-0028
Package names: kernel, mysql
Summary: Multiple vulnerabilities
Date: 2006-05-19
Affected versions:
[ more ] [ reply ]