Dear Bernhard Mueller,

Opera is pretty bad at CSS, try the new fuzzer from HDM :
http://metasploit.com/users/hdm/tools/see-ess-ess-die/cssdie.html

--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7

[ more ]  [ reply ]

Firefox Password Manager Arbtirary User Browsing History Disclosure

Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1)
Gecko/20060111 Firefox/1.5.0.1

This privacy flaw has caused my fiancé and I to break-up after having dated for
5 years.

Basically, we share one compute

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Title : Avast Linux Home Edition, vulnerability on a temporary folder
creation
Protuct : Avast! Linux Home Edition
Product : http://www.avast.com/eng/download-avast-for-linux-edition.html
Version : 1.0.5, 1.0.5-1
avast4workstation-1.0.5-1.i586.rpm
avast4works

[ more ]  [ reply ]

We tested this issue on many platforms and in all cases there was reset of apache.
Example error.log on Apache/1.3.34 (Win32) PHP/4.4.1 Windows XP :
-----------------------
[Fri Apr 14 17:17:17 2006] [info] master_main: Child processed exited prematurely. Restarting the child process.
[Fri Apr 14 1

[ more ]  [ reply ]

phpBB HTML template files are parsed and executed as PHP code.

This files are not well filtered so a user having access to template files can execute PHP code. You can't trust your designer or template files you found around the web

Example:
Replace ALL switch_enable_pm_popup in overall_header.tpl

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1034-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
April 14th, 2006

[ more ]  [ reply ]

On a phpBB board, a user having access to the admin panel is able to execute PHP code:

This example will execute $user_sig as PHP code:

Go to Administration Panel > Styles Admin > Management > subSilver > Edit
Set "Font Colour 3" to "'./*"
Profile
Set Signature to "$fd=fopen($phpbb_root_path.'conf

[ more ]  [ reply ]

# Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS
# by n0m3rcy
# Copyright (c) 2006 n0m3rcy <n0m3rcy (at) bsdmail (dot) org [email concealed]>
# Exploit:
www.site.com/login.php?action=form&username=<username>&password=%22%3E%3
Cscript%3Ealert(document.cookies);%3C/script%3E
# Shoutz:
cijfer , my baby , Dag & myself :Pp

[ more ]  [ reply ]

This one time, at band camp, kr4ch (at) web (dot) de [email concealed] wrote:

If somebody has access to your phpmyadmin directory, you have a bigger issue than this

> App: phpMyAdmin 2.7.0-pl1
> Advistory by: p0w3r
> Exploit: /phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_gen
eral_ci&db=fu&table=fu&goto=t

[ more ]  [ reply ]

---- osCommerce <= 2.2 "extras/" information/source code disclosure ------------

software site: http://www.oscommerce.com/

if extras/ folder is placed inside the www path, you can see all files on target
system, including php source code with database details, poc:

http://[target]/[path]/extras/

[ more ]  [ reply ]

Farsinews Cross-Site Scripting & Path disclosure vulnerability

#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''
#Aria-Security.net Advisory
#Discovered by:R@1D3N (amin emami)
#<AminRayden (at) yahoo (dot) com [email concealed]>
#Gr33t to:A.u.r.a & O.u.t.l.

[ more ]  [ reply ]

k k kkkk kk kkkk k k kkkkkk kkkkkk kkkk k k k k k
k k k k k k k k k kk k k k k kk k k k k
kk <><> kkkkk k kkkkk kk kk kkkkkk k k k k k k kk
k k k k k k k kk k k k k k k k

[ more ]  [ reply ]

k k kkkk kk kkkk k k kkkkkk kkkkkk kkkk k k k k k
k k k k k k k k k kk k k k k kk k k k k
kk <><> kkkkk k kkkkk kk kk kkkkkk k k k k k k kk
k k k k k k k kk k k k k k k k

[ more ]  [ reply ]

k k kkkk kk kkkk k k kkkkkk kkkkkk kkkk k k k k k
k k k k k k k k k kk k k k k kk k k k k
kk <><> kkkkk k kkkkk kk kk kkkkkk k k k k k k kk
k k k k k k k kk k k k k k k k

[ more ]  [ reply ]

New eVuln Advisory:
aWebNews Multiple XSS and SQL Injection Vulnerabilities
http://evuln.com/vulns/116/summary.html

--------------------Summary----------------
eVuln ID: EV0116
CVE: CVE-2006-1612 CVE-2006-1613
Software: aWebNews
Sowtware's Web Site: http://labs.aweb.com.au/awebnews.php
Versions: 1.

[ more ]  [ reply ]

All issues have been patched and a new release made available.

http://www.simplog.org/archive.php?blogid=1&pid=56

--
jeremy ashcraft
operations/development
EDucation GATEways
jashcraft (at) edgate (dot) com [email concealed]

[ more ]  [ reply ]

PowerClan 1.14 - SQL Injection
--------------------------------------------------------
Software: PowerClan 1.14
Version: 1.14
Type: SQL Injection
Date: Apr 13 23:37:50 CEST 2006
Vendor: powerscripts.org
Page: http://www.powerscripts.org
Risc: min

credits:
----------------------------
d4igoro - d4

[ more ]  [ reply ]

Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability
______________________

Camino Browser is prone to a denial-of-service condition when parsing certain malformed HTML content. Successful exploitation will cause the browser to fail or hang.
______________________

[ more ]  [ reply ]

hi,

...makes me wonder what happens if/when they need to change the
IP address of go.microsoft.com

many many people have already been burnt by the hardcoding of
addresses/IPs into their applications.

a

[ more ]  [ reply ]

New eVuln Advisory:
RedCMS Multiple XSS and SQL Injection Vulnerabilities
http://evuln.com/vulns/115/summary.html

--------------------Summary----------------
eVuln ID: EV0115
CVE: CVE-2006-1568 CVE-2006-1569
Software: RedCMS
Sowtware's Web Site: http://redcms.co.uk/
Versions: 0.1
Critical Level: Mo

[ more ]  [ reply ]

This information is correct and the first address security-alert [at] austin.ibm.com mentioned is a primary reporting address.
This address is located at OSVDB Vendor database too;
http://www.osvdb.org/vendor_dict.php?section=vendor&id=1215&c=I
listed as International Business Machines Corporation

[ more ]  [ reply ]

ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-06-008.html
April 13, 2006

-- CVE ID:
CVE-2006-0092

-- Affected Vendor:
Novell

-- Affected Products:
Novell GroupWise Messenger 2

-- TippingPoint(TM) IPS Customer Protection:
Ti

[ more ]  [ reply ]

------------------------------------------------------------------------
---
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit
------------------------------------------------------------------------
---
Discovered By SnIpEr_SA
Author : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/explo

[ more ]  [ reply ]

//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --//

Webattack :-
/mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url=
"><script>alert(1);</script>

//-- FixIT --//

Open member.php
GoTo Line :- 1030 ..

if($mybb->input['url'])
{
redirect($mybb->input['

[ more ]  [ reply ]

The problem has been fixed, and now all bbcode is filtered before it is posted

[ more ]  [ reply ]

App: phpMyAdmin 2.7.0-pl1
Advistory by: p0w3r
Exploit: /phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_gen
eral_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_proper
ties_structure.php&sql_query=[XSS]
Example: /phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_conn

[ more ]  [ reply ]

Steven M. Christey wrote:

> 3) One does not expect an interpreted language to segfault

Behavior of an application in resource exhaustion scenarios is, for
objective reasons, quite hard to handle. There might be no stack available
to invoke an error handling routine, there might be no memory for I/

[ more ]  [ reply ]

Hello,

For IBM Tivoli products, http://www-306.ibm.com/software/sysmgmt/products/support/Tivoli_Proactiv
e_Notification.html contains our contact information. I'm not certain of the contact points for the other brands, but if you report involves one of them, we will ensure that the report is provid

[ more ]  [ reply ]

hotfixes has been released
http://www.swsoft.com/en/download/confixx/confixx31

http://download1.swsoft.com/Confixx/security_hotfix/release_notes.txt

[ more ]  [ reply ]