|
|
Colapse all |
Post message
XMB Forum 1.9.5-Final XSS 2006-04-09 r0xes ratm gmail com XMB Forum 1.9.5 (I have not tested this on earlier versions) allows users to embed flash (.swf) videos in their posts. Normally, you could set an option on the <object> tag to say that ActionScript cannot run, but in this case we don't. The way we execute our code is by making a flash movie contain [ more ] [ reply ] [security bulletin] HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized Access 2006-04-06 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00637553 Version: 1 HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date [ more ] [ reply ] RE: recursive DNS servers DDoS as a growing DDoS problem 2006-04-05 Geo. (geoincidents nls net) > They don't need more servers, just better software. If you think open > recursion (DNS DoS amplification) is an issue ISPs can ignore, I suggest > you look at the history of open SMTP relays and networks > supporting/allowing directed broadcast. I'll address the "ignore" part. I don't think clo [ more ] [ reply ] [security bulletin] HPSBUX02110 SSRT061110 rev.1 - HP-UX Running wu-ftpd Remote Denial of Service (DoS) 2006-04-06 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00637342 Version: 1 HPSBUX02110 SSRT061110 rev.1 - HP-UX Running wu-ftpd Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible [ more ] [ reply ] IE6 Crash 2006-04-07 tel weirdtech org (1 replies) Re: Bios Information Leakage 2006-04-06 darmawan_salihun students itb ac id hmm, apparently the code-breaker's site is undergoing major works right now. The html version of the article [Award BIOS COde Injection] available at: http://www.geocities.com/mamanzip/Articles/POST_jump_table_hacking.html And the much improved version of the old CodeBreaker's Award BIOS Reverse [ more ] [ reply ] [SECURITY] [DSA 1025-1] New dia packages fix arbitrary code execution 2006-04-06 joey infodrom org (Martin Schulze) [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) 2006-04-06 Damian Put (pucik overflow pl) Overflow.pl Security Advisory #5 Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) Vendor: Clam AntiVirus Affected version: Prior to 0.88.1 Vendor status: Fixed version released (0.88.1) Author: Damian Put <pucik (at) overflow (dot) pl [email concealed]> URL: http://www.overflow.pl/adv/clamavupxinteger.txt D [ more ] [ reply ] [ GLSA 200604-06 ] ClamAV: Multiple vulnerabilities 2006-04-07 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [SECURITY] [DSA 1023-1] New kaffeine packages fix arbitrary code execution 2006-04-05 joey infodrom org (Martin Schulze) Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server 2006-04-05 jalvare7 cajastur es Hello, Thank you for the disclosure of this issue. I'd like to better understand the extent of the problem, for which the code snippets have been very helpful, but I still would need some help in the case of the server vulnerability. Could you confirm my impression that the server vulnerability [ more ] [ reply ] [SECURITY] [DSA 1026-1] New sash packages fix potential arbitrary code execution 2006-04-06 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 1030-1] New moodle packages fix several vulnerabilities 2006-04-08 joey infodrom org (Martin Schulze) Multiple vulnerability in jupiter CMS 2006-04-07 king_purba yahoo co uk Author : KaDaL-X email : king_purba (at) yahoo.co (dot) uk [email concealed] site : http://kandangjamur.net/ Multiple vulnerability in jupiter CMS Vendor : http://www.highstrike.net/ version 1.1.5 Vulnerability code found in file modules/online.php PoC: XSS http://xxx/jupiter/jupiter/index.php?n=modules/online&&a=1&language [ more ] [ reply ] Google Reader "preview" and "lens" script improper feed validation 2006-04-05 Debasis Mohanty (debasis hackingspirits com) Sending it late as I missed to send this to bugtraq during the disclosure. Google Reader "preview" and "lens" script improper feed validation =================================================================== I. DESCRIPTION Google Reader (http://www.google.com/reader/) helps organise the cont [ more ] [ reply ] Virtual War File İnclusion 2006-04-08 liz0 bsdmail com Virtual War File inclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File Ýnclusion // get functions $vwar_root = "./"; require ($vwar_root . "includes/functions_common.php"); require ($vwar_root . "includes/ [ more ] [ reply ] Cisco Security Advisory: Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities 2006-04-05 Cisco Systems Product Security Incident Response Team (psirt cisco com) [SECURITY] [DSA 1029-1] New libphp-adodb packages fix several vulnerabilities 2006-04-08 joey infodrom org (Martin Schulze) XSS Bug in Cherokee Webserver 2006-04-06 rubengarrote idominiun com Tuesday 4 of April of 2006, I have detected that it is possible to mount an attack of the type Cross Site Scripting (XSS) in cherokee-0.5.0 and all previous versions. The problem resides, when introducing code HTML in the URL. Because previously, it was let now of a seemed failure, from version 0.4 [ more ] [ reply ] Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data 2006-04-06 Moriyoshi Koizumi (moriyoshi at wakwak com) Peter Conrad wrote: >Hi, > >On Mon, Apr 03, 2006 at 11:06:01PM +0900, Moriyoshi Koizumi wrote: > > >>While this is not part of the HTML / HTTP standards, major >>browsers >>around try to send such characters in the user input as HTML entities >>that cannot >>all be represented in the encoding o [ more ] [ reply ] [SECURITY] [DSA 1027-1] New mailman packages fix denial of service 2006-04-06 joey infodrom org (Martin Schulze) Shadowed Portal Cross Site Scripting 2006-04-08 liz0 bsdmail com ------------------------------------------------------------------------ ------------- Shadowed Portal Cross Site Scripting Site:http://www.shad0wed.com/ Demo:http://www.shad0wed.com/ --------------------------------------------------- Credit : Liz0ziM webpage:www.biyo.tk www.biyosecurity.be [ more ] [ reply ] [eVuln] newsletter - sourceworkshop SQL Injection Vulnerability 2006-04-07 alex evuln com New eVuln Advisory: newsletter - sourceworkshop SQL Injection Vulnerability http://evuln.com/vulns/107/summary.html --------------------Summary---------------- eVuln ID: EV0107 CVE: CVE-2006-1533 Software: newsletter Sowtware's Web Site: http://www.sourceworkshop.com/ Versions: 1.0 Critical Level: [ more ] [ reply ] [ GLSA 200604-04 ] Kaffeine: Buffer overflow 2006-04-05 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200604-05 ] Doomsday: Format string vulnerability 2006-04-06 Stefan Cornelius (dercorny gentoo org) |
|
Privacy Statement |
TUGZip is a powerful award-winning freeware archiving
utility for Windows® that provides support for a wide
range of compressed, encoded and disc-image files, as
well as many other very powerful features; all through
an easy to use application interfac
[ more ] [ reply ]