|
|
Colapse all |
Post message
[ GLSA 200605-11 ] Ruby: Denial of Service 2006-05-10 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution 2006-05-10 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ MDKSA-2006:083 ] - Updated gdm package fixes symlink attack vulnerability 2006-05-10 security mandriva com Re: Phil's Bookmark script admin By-pass 2006-05-09 Steven M. Christey (coley mitre org) >google dork : "Phil's Bookmark" This doesn't return anything except copies of the original Bugtraq post and a reference to a person's web site. Searching for "Phil's Bookmarks" found a lot of sites by people named Phil who listed their favorite bookmarks. Is there an actual product here? Or wa [ more ] [ reply ] [Reversemode] Microsoft Infotech Storage library Heap Corruption 2006-05-09 Reversemode (advisories reversemode com) Microsoft Infotech Storage System Library (itss.dll) is prone to a heap corruption vulnerability. This issue is due to the failure of the library to properly check a specially crafted CHM file. The successful exploitation of this flaw would allow to execute arbitrary code. Itss.dll is the system li [ more ] [ reply ] ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability 2006-05-09 zdi-disclosures 3com com ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-013.html May 9, 2006 -- CVE ID: CVE-2006-0993 -- Affected Vendor: 3Com TippingPoint -- Affected Products: TippingPoint SMS Server -- Vulnerability Details: This vuln [ more ] [ reply ] [SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution 2006-05-09 joey infodrom org (Martin Schulze) [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow 2006-05-09 eEye Advisories (Advisories eeye com) Microsoft Distributed Transaction Coordinator Heap Overflow http://www.eeye.com/html/research/advisories/AD20060509a.html Release Date: May 9, 2006 Date Reported: October 11, 2005 Patch Development Time (In Days): 210 Severity: High (Remote Code Execution) Systems Affected: Windows NT 4.0 Wi [ more ] [ reply ] IGNORING SSH CONNECTION USES ARP CACHE POISSONING 2006-05-09 king_purba yahoo co uk (1 replies) Author : Ph03n1X Email : king_purba (at) yahoo.co (dot) uk [email concealed] Site : http://kandangjamur.net/ Severity : Moderate IGNORING SSH CONNECTION USES ARP CACHE POISSONING We know that tcp connection will close by sending RST flag. I try to connect to my openssh server on slackware 10 from my computer fedora [ more ] [ reply ] [EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service 2006-05-09 eEye Advisories (Advisories eeye com) Microsoft Distributed Transaction Coordinator Denial of Service http://www.eeye.com/html/research/advisories/AD20060509b.html Release Date: May 9, 2006 Date Reported: October 11, 2005 Patch Development Time (In Days): 210 Severity: Low (Denial of Service) Systems Affected: Windows NT 4.0 Win [ more ] [ reply ] IBM Websphere Application Server Multiple Vulnerabilities 2006-05-09 SnoBmsn hotmail de Impact: Unknown Security Bypass Exposure of sensitive information Where: From remote Solution Status: Vendor Patch Description: Some vulnerabilities have been reported in IBM WebSphere Application Server, where some have unknown impacts and others may disclose sensitive information or [ more ] [ reply ] plaNetStat Admin ByPass 2006-05-09 alp_eren ayyildiz org software version =========== http://www.planetc.de plaNetStat Version 27.01.2005 description ============= planetstat admin bypass see the web sites log files and to do log settings. google dork: "plaNetStat" example; www.site.com/planetstat or [path]/admin.php www.site.com/planets [ more ] [ reply ] ICQ Client Cross-Application Scripting (XAS) 2006-05-09 3APA3A (3APA3A SECURITY NNOV RU) QQLan QQlan (at) yandex (dot) ru [email concealed] reported vulnerability in multiple versions of ICQ Inc.' ICQ instant messenger client in a way it interacts with Microsoft Internet Explorer. Author: QQlan <QQlan (at) yandex (dot) ru [email concealed]> Title: ICQ Client Cross-Application Scripting (XAS) Vendor: [ more ] [ reply ] [SECURITY] [DSA 1053-1] New Mozilla packages fix arbitrary code execution 2006-05-09 joey infodrom org (Martin Schulze) Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability 2006-05-09 Secunia Research (remove-vuln secunia com) tseekdir.cgi<--Local File Include 2006-05-09 BoNy-m hotmail com ---------------------------------- foud by: BoNy-m Site: http://www.alshmokh.com E-mail: BoNy-m (at) hotmail (dot) com [email concealed] ---------------------------------- Search: allinurl:tseekdir.cgi example: /tseekdir.cgi?location=/etc/passwd%00 /tseekdir.cgi?id=1055&location=/etc/passwd%00 /tseekdir.cgi?loca [ more ] [ reply ] Re: ISA Server 2004 Log Manipulation 2006-05-09 Steven M. Christey (coley mitre org) >You can insert the 'tab' value and possibly break 3rd party log >analyzers. OK, this makes sense - if ISA supports tab-separated format, then tab is a special character within such a log file, and attackers should be prevented from injecting it (by filtering, quoting, whatever...) >Other interes [ more ] [ reply ] Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games 2006-05-08 Thilo Schulz (arny ats s bawue de) Hello, Quake 3 is a popular online first person shooter developed by IDsoftware [1] that has been released in 1999 and is still widely played. Additionally, a lot of vendors have licensed the Quake3 engine for their games. A few noteworthy examples include: - The "Medal of Honour: Allied Assaul [ more ] [ reply ] SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure 2006-05-08 research symantec com (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research https://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-003 Advisory Title: Cisco [ more ] [ reply ] Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure 2006-05-08 Matthew Cerha (mcerha cisco com) [MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability 2006-05-08 admin majorsecurity de [MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability -------------------------------------------------------- Software: phpListPro Version: <=2.01 Type: Multiple Remote File Include Vulnerability Date: May, 8th 2006 Vendor: SmartISoft Page: http://smartisoft.com [ more ] [ reply ] Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 2006-05-08 Zaninotti, Thiago (thiago nstalker com) Folks, During some specific tests with our upcoming Web App Security Scanner tool, we have found that Apache would kindly accept HTML injection through "Expect" header. Originally meant to be a protocol flow control that would give web client the capacity of sending the HTTP headers for server's [ more ] [ reply ] VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices 2006-05-08 Matthew Cerha (mcerha cisco com) Cisco Response ============== This is Cisco PSIRT's response to the statements made by George Gal in his advisory: WebSense Content Filter Bypass in conjunction with Cisco PIX in packet filter mode, posted on May 08, 2006. The original email/advisory is available at http://www.vsecurity.com/bullet [ more ] [ reply ] PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities 2006-05-08 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload &\r\n"; echo "local inclusion vulnerabilities\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; if ($argc<6) { echo "Usage: php ".$arg [ more ] [ reply ] ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability 2006-05-08 zdi-disclosures 3Com com ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-013.html May 8, 2006 -- CVE ID: CVE-2006-0994 -- Affected Vendor: Sophos Plc. -- Affected Products: Sophos Anti-Virus for Windows, Mac OS, Unix, Linux, NetWare, OS/2, OpenV [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200605-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]