|
|
Colapse all |
Post message
[USN-284-1] Quagga vulnerabilities 2006-05-15 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-284-1 May 15, 2006 quagga vulnerabilities CVE-2006-2223, CVE-2006-2224, CVE-2006-2276 =========================================================== A security issue affects the following Ubuntu releases: Ub [ more ] [ reply ] Secunia Research: Abakt ZIP File Handling Buffer OverflowVulnerability 2006-05-15 Secunia Research (remove-vuln secunia com) Novell NDPS Remote Vulnerability (Server & Client) 2006-05-15 Ryan Smith (whatstheaddress gmail com) Summary: There's an integer overflow present that affects Novell Windows clients and Novell Netware server and Novell Open Enterprise server. Impact: Remote, unauthenticated, super-user privileges. Affected software: Novell Netware (All versions) Novell Open Enterprise Server (All NetWare based ve [ more ] [ reply ] Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise 2006-05-15 Juha-Matti Laurio (juha-matti laurio netti fi) CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC(Business Connector) 2006-05-15 Leandro Meiners (lmeiners cybsec com) (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_ or_Delete_in_SAP_BC.pdf ) CYBSEC S.A. www.cybsec.com Advisory Name: Arbitrary File Read/Delete in SAP BC (Business Connector) Vulnerability Class: Impro [ more ] [ reply ] CYBSEC - Security Advisory: Phishing Vector in SAP BC (BusinessConnector) 2006-05-15 Leandro Meiners (lmeiners cybsec com) (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Phishing_Vector_in_S AP_BC.pdf ) CYBSEC S.A. www.cybsec.com Advisory Name: Phishing Vector in SAP BC (Business Connector) Vulnerability Class: Phishing Vector / Improper Inp [ more ] [ reply ] Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability 2006-05-15 Secunia Research (remove-vuln secunia com) Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit 2006-05-15 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "Sugar Suite Open Source <= 4.2 \"OptimisticLock!\" arbitrary remote inclusion exploit\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "this is called the \"five claws of Sun-tzu\"\r\n\r\n"; [ more ] [ reply ] DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop' 2006-05-15 KF (lists) (kf_lists digitalmunition com) DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop' Author: Kevin Finisterre Vendor: http://www.clamav.net Product: 'ClamAV freshclam' References: http://www.digitalmunition.com/DMA[2006-0514a].txt http://www.markallan.co.uk/clamXav/ Description: Tomasz Kojm of the ClamAV team describes [ more ] [ reply ] POC exploit for freeSSHd version 1.0.9 2006-05-14 Tauqeer Ahmad (ahmadtauqeer yahoo com) (1 replies) Hi all, Attachment is the POC exploit for freeSSHd version 1.0.9 Advisories: http://www.securityfocus.com/bid/17958 http://www.frsirt.com/english/advisories/2006/1786 This was coded for the educational purpose. Regards, Tauqeer Ahmad __________________________________________________ Do You Ya [ more ] [ reply ] Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9 2006-05-15 David Maciejak (david maciejak gmail com) XSS in FreeTextBox and FCKEditor Basic Toolbar Selection 2006-05-14 bonsite hotmail com More information about it on : http://www.newffr.com/viewtopic.php?forum=26&topic=11683 (in french) If you don't speak french : create a web page and write into : ------------------ <html><body><a href="javascript: alert('Cookie:\n'+document.cookie+'\nHave Fun !')">Click here</a></body></htm [ more ] [ reply ] 90% of programs made in PHP5 and prior Full Path Disclosure vuln. 2006-05-14 sirdarckcat gmail com :Introduction: Normally one of the last steps when accessing to a web-server is to find the url where the web is installed (more common in RFD). This may be a hard step, if the RPD is the only bug in that server, but PHP programs have functions that unexpectedly can return lots of errors. * [ more ] [ reply ] JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space 2006-05-14 Marc Schoenefeld (marc schoenefeld gmx org) Hi y'all, Quite a while ago I was testing with applets and found this by accident. It is definitely not a big issue, but worth to mention, as I discovered that an applet was eating up all the free space on the harddrive by allocating a large file in the users hidden temp dir (filename is something [ more ] [ reply ] Is MS06-018 a DoS or a system compromise ? 2006-05-14 Nick Boyce (nick boyce gmail com) There seems to be some confusion in MS Security Bulletin MS06-018, "Vulnerability in Microsoft Distributed Transaction Coordinator". The bulletin itself (http://www.microsoft.com/technet/security/bulletin/ms06-018.mspx) states : "An attacker could cause the Microsoft Distributed Transaction Co [ more ] [ reply ] [SECURITY] [DSA 1056-1] New webcalendar packages fix information leak 2006-05-15 joey infodrom org (Martin Schulze) RealVNC 4.1.1 Remote Compromise 2006-05-15 James Evans (iamjamesevans gmail com) Rumors of this bug began spreading on Slashdot and other sites, thanks to Steve Wiseman of intelliadmin.com who serendipitously discovered it while writing a VNC client. At first it was only a rumor, as Steve's site gave scant details and he himself was surprised such a huge hole could possibly exis [ more ] [ reply ] [USN-274-2] MySQL vulnerability 2006-05-15 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-274-2 May 15, 2006 mysql-dfsg vulnerability CVE-2006-0903 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) U [ more ] [ reply ] [SECURITY] [DSA 1057-1] New phpLDAPadmin packages fix cross-site scripting 2006-05-15 joey infodrom org (Martin Schulze) PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid) 2006-05-13 rgod autistici org |
|
Privacy Statement |
-----------------------------------------------------------------
[~] Advisory by: LoK-Crew
[-] Exploit: http://www.example.com/ftplogin/?login=">[XSS]<div style=
[-] Googledork: inurl:confixx inurl:login|anmeldung
[+] Greetz to: Bluegeek
[+] V
[ more ] [ reply ]