|
|
Colapse all |
Post message
[EEYEB-20060307] Apple QuickTime FPX Integer Overflow 2006-05-11 eEye Advisories (Advisories eeye com) Re: phpBB "charts.php" XSS and SQL-Injection 2006-05-12 g30rg3x gmail com This Advisorie is incorrect its not a phpBB security flaw, its a MOD of phpBB called "Charts MOD". That allows users to vote, rate music and related stuff.. url: http://www.phpbb2.de/dload.php?action=file&file_id=670 so please review and correct your advisorie... grettings from mexico g [ more ] [ reply ] Re: [Full-disclosure] How secure is software X? 2006-05-12 David Litchfield (davidl ngssoftware com) From: "Michael Silk" <michaelslists (at) gmail (dot) com [email concealed]> <SNIP> >why do we need this? Take your average bit of common software. I can bet someone's thrown Spike at it, someone else crazyfuzz, and another foofuz. Now let's say that it stood up to everything that was thrown at it - and let's say another pr [ more ] [ reply ] Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption 2006-05-10 marco correnti esa int (1 replies) Hi Rubén Could you give us more information on which versions of the dll are vulnerable and in which Windows OS it is exploitable ? Thanks Marco Correnti ESACERT [ more ] [ reply ] Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption 2006-05-12 Reversemode (advisories reversemode com) Apple QuickDraw/QuickTime Multiple Vulnerabilities 2006-05-12 Avert avertlabs com ____________________________________________________________________ McAfee, Inc. McAfee Avert? Labs Security Advisory Public Release Date: 2006-05-11 Apple QuickDraw/QuickTime Multiple Vulnerabilities CVE-2006-1249, CVE-2006-1453, CVE-2006-1454, CVE-2006-1459, CVE-2006-1460, CVE-2006-146 [ more ] [ reply ] How secure is software X? 2006-05-12 David Litchfield (davidl ngssoftware com) (2 replies) How secure is software X? At least as secure as Vulnerability Assessment Assurance Level P; or Q or R. Well, that's what I think we should be able to say. What we need is an open standard, that has been agreed upon by recognized experts, against which the absence of software security vulnerabili [ more ] [ reply ] ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability 2006-05-11 zdi-disclosures 3com com ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-015.html May 11, 2006 -- CVE ID: CVE-2006-1463 -- Affected Vendor: Apple -- Affected Products: Apple QuickTime versions prior to 7.1 -- TippingPoint(TM) IPS Customer Protectio [ more ] [ reply ] [Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB] 2006-05-12 botan linuxmail org # Kurdish Security Advisory # Original Advisory : http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-rem ote-file.html # Foing Remote File Include Vulnerability [PHPBB] :} # "Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz ." Abdullah Ocalan # STOP THE MA [ more ] [ reply ] yet more XSS in older versions of ColdFusion 2006-05-10 zuxncwaruio mailinator com This only affects ColdFusion versions 5 and below. It does not affect CFMX. This is similar to previously reported XSS issues with CF, but not identical to any that I have seen reported. Cold Fusion has a "feature" that allows a developer to add validation to HTML forms by using specially named f [ more ] [ reply ] Re: Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability 2006-05-09 jason gerfen gmail com Apple QuickTime udta ATOM Heap Overflow 2006-05-12 Sowhat (smaillist gmail com) Apple QuickTime udta ATOM Heap Overflow By Sowhat of Nevis Labs Date: 2006.05.12 http://www.nevisnetworks.com http://secway.org/advisory/AD20060512.txt Vendor: Apple Inc. Affected Versions: Apple QuickTime versions < 7.1 Overview: We have discovered a critical vulnerability in Quicktime Pla [ more ] [ reply ] Ipswitch WhatsUp Professional multiple flaws 2006-05-11 David Maciejak (david maciejak gmail com) WhatsUp is a tool from Ipswitch to monitor application and network, embedding a custom web server on port 8022. Description: This custom web server is prone to multiple flaws. -as authenticated user: *src disclosure http://server:8022/NmConsole/Login.asp. *there are many XSS flaws, as http://se [ more ] [ reply ] [ GLSA 200605-13 ] MySQL: Information leakage 2006-05-11 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Verizon Voicewing and Linksys PAP2-VN 2006-05-10 securityfocus haavar com Product: Verizon voicewing combined with Linksys PAP2-VN Reported by: Haavar Valeur Status: Vendor unwilling to address the problem Reported: Mar 15, 2006 I found a way it is possible to make and receive calls from other Verizon accounts. The problem is that Verizon publishes encrypted co [ more ] [ reply ] phpBB "charts.php" XSS and SQL-Injection 2006-05-11 sn4k3 23 gmail com // phpBB "charts.php" (hack) XSS and SQL-Injection // ----------------------------------------------------------------- [~] Advisory by: LoK-Crew [-] Exploit: http://www.example.com/charts.php?action=vote&rate=1&id=[XSS] http://www.example.com/charts.php?action=vote&rate=1&id=[SQL] [-] [ more ] [ reply ] Secunia Research: UltimateZip unacev2.dll Buffer OverflowVulnerability 2006-05-11 Secunia Research (remove-vuln secunia com) Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion 2006-05-11 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary\r\n"; echo "local inclusion\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "works with register_globals = On & magic_ [ more ] [ reply ] Re: Oracle - the last word 2006-05-10 Steven M. Christey (coley mitre org) (1 replies) David Litchfield said: >When Oracle 10g Release 1 was released you could spend a day looking >for bugs and find thirty. When 10g Release 2 was released I had to >spend two weeks looking to find the same number. This increasing level of effort is likely happening for other major widely audited sof [ more ] [ reply ] [SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution 2006-05-11 joey infodrom org (Martin Schulze) [TZO-042006] Insecure Auto-Update and File execution (2) 2006-05-11 Thierry Zoller (Thierry Zoller lu) Dear List, As my advisory has been a bit unclear in certain regards, I would like to clarify a few questions I have received briefly : - The Auto update problem with Zango Adware remains, there was no fix. - The Adware component is distributed by over 10.000 affilates everyday and I expect it t [ more ] [ reply ] [ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities 2006-05-10 security mandriva com RE: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure 2006-05-11 John Stuppi (jstuppi) (jstuppi cisco com) Hi Greg, No, the ACS Solution Engine (aka appliance) is not vulnerable. Thanks, John -----Original Message----- From: Greg owens [mailto:gowens (at) covad (dot) net [email concealed]] Sent: Monday, May 08, 2006 6:45 PM To: Matthew Cerha (mcerha); bugtraq (at) securityfocus (dot) com [email concealed] Cc: research (at) symantec (dot) com [email concealed]; psirt (mailer list [ more ] [ reply ] |
|
Privacy Statement |
Release Date:
May 11, 2006
Date Reported:
March 7, 2006
Patch Development Time (In Days):
65
Severity:
High (Remote Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on Mac OS X 10.3.9
Referenc
[ more ] [ reply ]