|
|
Colapse all |
Post message
Vulnerability in the way Ultr (at) VNC-1.0 (dot) 1 [email concealed] handles MS-Logon Authentication. 2006-05-03 gdehanot asia-global-risk com AGR IT Advisory May 2, 2006 AGR-ADV-2006-01 TITLE: Vulnerability in the way Ultr (at) VNC-1.0 (dot) 1 [email concealed] handles MS-Logon Authentication. Overview Deon Force discovered a vulnerability in Ultr@VNC 1.0.1 and earlier versions with MS-Logon I and MS-Logon II authentication that may allow attackers to crac [ more ] [ reply ] [USN-278-1] gdm vulnerability 2006-05-03 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-278-1 May 03, 2006 gdm vulnerabilitiy CVE-2006-1057 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu [ more ] [ reply ] Quagga RIPD unauthenticated route injection 2006-05-03 Konstantin V. Gavrilenko (mlists arhont com) Arhont Ltd - Information Security Advisory by: Konstantin V. Gavrilenko (http://www.arhont.com) Arhont ref: arh200604-2 Advisory: Quagga RIPD unauthenticated route injection Class: design bug? Version: Tested on Quagga suite v0.98.5 v0.99.3 (Gentoo, 2.6.15) Model Specific: Other versions might hav [ more ] [ reply ] Re: FTP Fuzzer 2006-05-03 Alexey Biznya (biakus krw ru) infocus wrote: > Hi, > > We have released simple and user friendly GUI FTP fuzzer tool for stress > testing FTP server implementations. It is quite configurable tool, which > means that you can precisely define which FTP commands will be fuzzed > with the parameter size and test strings. > > Running [ more ] [ reply ] [SECURITY] [DSA 1050-1] New ClamAV packages fix denial of service or arbitrary code execution 2006-05-03 joey infodrom org (Martin Schulze) [USN-277-1] TIFF library vulnerabilities 2006-05-03 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-277-1 May 03, 2006 tiff vulnerabilities CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120 =========================================================== A security issue affects the following Ubuntu [ more ] [ reply ] Dynamic Evaluation Vulnerabilities in PHP applications 2006-05-03 Steven M. Christey (coley mitre org) ------------------------------------------------------ Dynamic Evaluation Vulnerabilities in PHP applications ------------------------------------------------------ Following is a brief introduction to a growing class of serious vulnerabilities in PHP applications. They can allow execution of arb [ more ] [ reply ] SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023) 2006-05-03 Ludwig Nussel (ludwig nussel suse de) Re: Quagga RIPD unauthenticated route injection 2006-05-03 Paul Jakma (paul clubi ie) Hi Konstantin, Thanks for these reports. Quagga bug #262 has been opened for the issue below, see: http://bugzilla.quagga.net/show_bug.cgi?id=262 The former report is assigned as Quagga bug #261: http://bugzilla.quagga.net/show_bug.cgi?id=261 Comments are there regarding the scope of the i [ more ] [ reply ] Quagga RIPD unauthenticated route table broadcast 2006-05-03 Konstantin V. Gavrilenko (mlists arhont com) Arhont Ltd - Information Security Advisory by: Konstantin V. Gavrilenko (http://www.arhont.com) Arhont ref: arh200604-1 Advisory: Quagga RIPD unauthenticated route table broadcast Class: design bug? Version: Tested on Quagga suite v0.98.5 v0.99.3(Gentoo, 2.6.15) Model Specific: Other versions migh [ more ] [ reply ] [USN-276-1] Thunderbird vulnerabilities 2006-05-03 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-276-1 May 03, 2006 mozilla-thunderbird vulnerabilities CVE-2006-0292, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1727, CVE-2006-1728, CVE-2006-1730, CVE-2006-1731, C [ more ] [ reply ] RE: Oracle, where are the patches??? 2006-05-02 Kornbrust, Alexander (ak red-database-security com) David, You are right. I have only a few things to add. 1.) In the April CPU 2006 patches for 9.2.0.7, Oracle forgot to sanitize a parameter in one of the SDO packages. Oracle sanitized one parameter twice (Copy/Paste-Error). Oracle assigned a new bug number (7520291) for this issue. ==> Such bug [ more ] [ reply ] [ GLSA 200605-04 ] phpWebSite: Local file inclusion 2006-05-02 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam 2006-05-02 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension 2006-05-02 Sune Kloppenborg Jeppesen (jaervosz gentoo org) MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution. 2006-05-02 Stefano Di Paola (stefano dipaola wisec it) ~.oOOo. MySQL COM_TABLE_DUMP .oOOo.~ Information Leakage and Arbitrary command execution ============================== - Summary: MySQL Server has an information leakage flaw, if a malicious client sends a specific forged packet. Moreover some particular input can crash the server by over [ more ] [ reply ] MySQL Anonymous Login Handshake - Information Leakage. 2006-05-02 Stefano Di Paola (stefano dipaola wisec it) ~.oOOo. Anonymous Login Handshake .oOOo.~ ========================================= MySQL Server (<= 4.1.18, 5.0.20 ) has an information leakage in the way mysql parses login packets on anonymous users (blank password). Author: Stefano Di Paola Vulnerable: Mysql <= 4.1.18, 5.0.20 Type of Vuln [ more ] [ reply ] Oracle, where are the patches??? 2006-05-02 David Litchfield (davidl ngssoftware com) A regular patch release cycle is a good thing. It allows system administrators to plan ahead and minimize server downtime. If I, as a system administrator, know that on the 18th of April 2006 a critical patch is going to be released I'll plan to stay late at work that night and start the assessment [ more ] [ reply ] TyroCms beta V1.0 multiple XSS injections 2006-05-02 zerogue gmail com TyroCms beta V1.0 multiple XSS injections Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate (privilege escalation,possible defacement) TyroCMS is a PHP & MySql powered content management system(cms). Inludes built-in forums, powerful admin control panel, secure user system, and much [ more ] [ reply ] Russcom.net Loginphp multiple vulnerabilties 2006-05-02 zerogue gmail com Russcom.net Loginphp multiple vulnerabilties Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate (privilege escalation,possible defacement) Russcom.net's loginphp script is a small usermanagement script: Users can sign up for a username which they can use to login to the password prote [ more ] [ reply ] FileProtection Express <= 1.0.1 authentification bypass 2006-05-02 zerogue gmail com FileProtection Express <= 1.0.1 authentification bypass Discovered by: Nomenumbra Date: 5/2/2006 impact:high (privilege escalation,full file access) Ok, this is absurd, the only form of authentification to the Admin panel is controlled by a cookie value. Use firefox CookieEditor extension f [ more ] [ reply ] SF-Users V1.0 XSS injection 2006-05-02 zerogue gmail com SF-Users V1.0 XSS injection Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate (privilege escalation,possible defacement) The username with which you sign up isn't properly sanitized so it's possible to insert some javascript there. The single quote is filtered so we'll have to us [ more ] [ reply ] Cmscout <= V1.10 multiple XSS attack vectors 2006-05-02 zerogue gmail com Cmscout <= V1.10 multiple XSS attack vectors Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate (privilege escalation,possible defacement) CMScout is a CMS (Content management system) for scouting related groups from around the world. A CMS is a piece of web software that makes it easy [ more ] [ reply ] sBlog SQL Injection and Path Disclosure Vulnerability 2006-05-02 admin subjectzero net Summary: Software: sBlog 0.7.2 Site: http://servous.se/ Description: sBlog is a simple and new PHP Blog. Issue: Conducting a security benchmark on this open source software we have found that most of the versions of this software is prone to SQL Injection attack through which an attacker can [ more ] [ reply ] geoBlog Mutiple XSS Vulnerability 2006-05-02 admin subjectzero net Summary: Software: geoBlog Sowtware's Web Site: http://sourceforge.net/projects/bitdamaged/ Versions: MOD_1.0 Issue: Our research team has been working arounf on this software since the last 2hrs and have come up succesfully with bug in the product .geoBLog is prone to multiple XSS vulnerabi [ more ] [ reply ] Ejabberd : Symlink vulnerability during installation process 2006-05-02 Julien L. (jlanthea hotmail com) zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities 2006-05-02 raphael huck free fr Hi all, I've found several vulnerabilities in zenphoto, which is a great and simple photo gallery. I notified the team a month ago, and the new release (zenphoto 1.0.2 beta) fixes all the vulnerabilities. Thanks to the team for their great application and the fixes. http://zone14.free.fr [ more ] [ reply ] |
|
Privacy Statement |
Version: BankTown Client Control 1,4,2,51817
Discoverer: PARK, GYU TAE (saintlinu (at) null2root (dot) org [email concealed])
Advisory No.: NRVA06-01
Critical: High critical
Impact: Gain remote user's privile
[ more ] [ reply ]