eEye Digital Security has created a temporary work around for the
current Internet Explorer zero day vulnerability within the IE
createTextRange functionality.

This workaround has been created because currently there is no solution
from Microsoft other than the workaround to disable Active Scripti

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

3Com/TippingPoint identified multiple buffer overflow vulnerabilities in
daemons running on Veritas NetBackup Master, Media Servers and clients.

See
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.3
7.h
tml

for full advisory cont

[ more ]  [ reply ]

ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-06-006.html
March 27, 2006

-- CVE ID:
CVE-2006-0990

-- Affected Vendor:
Symantec VERITAS

-- Affected Products:
VERITAS NetBackup v6.0

-- TippingPoint(TM) IPS Customer Protectio

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1020-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 28th, 2006

[ more ]  [ reply ]

TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability
http://www.tippingpoint.com/security/advisories/TSRT-06-01.html
March 27, 2006

-- CVE ID:
CVE-2006-0991

-- Affected Vendor:
Symantec VERITAS

-- Affected Products:
VERITAS NetBackup 6.0 Client
VERITAS NetBackup 6.0 Server

[ more ]  [ reply ]

> Spoofing is indeed the attack vector and it can also be utilized for
> NTP, ICMP, etc. It is to blame.
>
> Still, DNS is what's being exploited and in my opinion a broken feature
> being exploited needs fixing, or it will be exploited.

What feature of DNS is being exploited, UDP or the fact that

[ more ]  [ reply ]

On Friday, March 24 at 07:05 PM, quoth Dave Korn:
>> Here is a simple hack to break sudo and su to get free root. Add
>> this to ~/.bashrc and fill in the following blanks:
>>
>> * ~/.root_kit/rk_su
>> Your hacked su to give root on su --now-dammit
>> * ~/.root_kit/silent_install_root_kit
>> Your

[ more ]  [ reply ]

[W]orld [D]efacers Team
======================================
--------------------Summary----------------
eVuln ID: WD00
Vendor: phplivehelper
Vendor's Web Site: www.phplivehelper.com
Software: Live Customer Support Solution
Sowtware's Web Site:
http://www.turnkeywebtools.com/index.php/location/pro

[ more ]  [ reply ]

* Theo de Raadt:

> What if we ignore your procedures? What if we say no?

You won't be told about bugs in the code you write. It's as simple as
that.

But I don't quite understand why Gadi is so thoroughly offended by the
way how this vulnerability has been handled so far. The patches might
be o

[ more ]  [ reply ]

I think the people complaining should look at their fears, it appears to me
that they are coming from a position of fear (lack of percieved control over
their systems, etc.) which is leading to anger and hatred that is being
directed outwards (at the closest target which to them is the people
ac

[ more ]  [ reply ]

On Mar 24, 2006, at 11:17 PM, Theo de Raadt wrote:

> I did not decide that OpenSSH should become a critical part of the
> internet, or that it should become a virtual monopoly. We made it
> free. Again, the community decided to make it Internet
> infrastructure.
>
> Now you want to tell us tha

[ more ]  [ reply ]

Hello
Vulnerable: Music Box v2.3
http://www.MusicboxV2.com

Exploit :
XSS :
http://example.com/music/index.php?id='><script>alert(document.cookie)</
script>

http://example.com/music/index.php?action=top&show=5&type='><script>aler
t(document.cookie)</script>

http://example.com/music/index.php?action=

[ more ]  [ reply ]

-= DDSi Security Advisory =-
March 24, 2006
----------------------------------------------------------------
Vendor: Raindance Communications, Inc.

Raindance offers audio and web conferencing solutions for more
effective web meetings.
Integrated web, audio and

[ more ]  [ reply ]

Windows XP firewall had improvements after SP2 and it display alerts about programs trying to listen on a port (acting as a 'server') to the users. It doesnt display the path for the file nor the last extension, instead, it only displays its description or name without the final extension.

if u pl

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Thompson wrote:

>Michael Sierchio <kudzu (at) tenebras (dot) com [email concealed]> writes:
>
>>Robert Story wrote:
>>
>>>VG> In the scenario you describe, I cannot see any actual amplification...
>>>
>>>The amplification isn't in the number of hosts responding, but in
packe

[ more ]  [ reply ]

Hi,

- As has been pointed out, this is a BETA release, so it's a bit, er, inelegant to describe this as a flaw in 3.0. Guess I'll have to bump the release number when we fix this...

- At least this is an implementation flaw, as opposed to the format design flaw that the good folks at ElcomSoft fou

[ more ]  [ reply ]

Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability

//----- Advisory

Program : Microsoft MSN Hotmail
Homepage : http://www.hotmail.com
Discovery : 2006/01/28
Author Contacted : 2006/03/21
Found by : crashfr at sysdream dot com
This Advisory : nono2357 at

[ more ]  [ reply ]

[+]Blog Pixel Motion
[+]Sowtware's Web Site:www.pixelmotion.org
[+]founded by Morocco Security Team
[+]creetz to:SnIpEr_SA,Esp!onLeRaVaGe,CiM-TeaM,Kasparov,nabil,sniper,www.lezr.com and all muslim [morocco]
[+]http://victim/blog/admin/index.php
[+]user:moroccan-security //you can write any name :)

[ more ]  [ reply ]

ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-06-005.html
March 27, 2006

-- CVE ID:
CVE-2006-0989

-- Affected Vendor:
Symantec VERITAS

-- Affected Products:
VERITAS NetBackup v6.0

-- TippingPoint(TM) IPS Customer Protection:

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

New eVuln Advisory:
Maian Weblog Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/101/summary.html

--------------------Summary----------------
eVuln ID: EV0101
CVE: CVE-2006-1334
Software: Maian Weblog
Sowtware's Web Site: http://www.maianscriptworld.co.uk/
Versions: 2.0
Critical Level

[ more ]  [ reply ]

New eVuln Advisory:
DSLogin Authentication Bypass Vulnerability
http://evuln.com/vulns/100/summary.html

--------------------Summary----------------
eVuln ID: EV0100
CVE: CVE-2006-1238
Software: DSLogin
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.0
Critical Level: Moderate
Type: SQL Inje

[ more ]  [ reply ]

------------------------------------------------------
HYSA-2006-007 h4cky0u.org Advisory 016
------------------------------------------------------
Date - Mon March 27 2006

TITLE:
======

phpmyfamily v1.4.1 CRLF injection & XSS

SEVERITY:
=========

Medium

SOFTWARE:
=========

phpmyfamil

[ more ]  [ reply ]

------------------------------------------------------
HYSA-2006-006 h4cky0u.org Advisory 015
------------------------------------------------------
Date - Mon March 27 2006

TITLE:
======

G-Book 1.0 XSS, Possible authentication bypass & mass message flood

SEVERITY:
=========

High

SOFTW

[ more ]  [ reply ]

Cross Site Scripting Attack CanfTool v1.1

=========================================

Description :

Conftool is a Web-based online system that was developed to supports many administrative tasks of conferences, workshops and seminars. It can help to make the management of events easier and much mo

[ more ]  [ reply ]

========================================================================

phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2006-001
------------------------------------------------------------------------

Advisory ID: PHPADSNEW-SA-2006-001
Date: 2006-Mar-27
S

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

[+]nuked-klan
[+]www.nuked-klan.org
[+]founded By Moroccan Security Team
[+]special 10x to:CiM-TeaM,Esp!onLeRaVaGe,nabil,Dranzelz,SnIpEr_SA,www.lezr.com
[+]exemple
[+]http://[target]/index.php?file=Calendar&m=[sql]&y=2006
[+]have nice day

[ more ]  [ reply ]

#######################################
# Www.H4ckerz.coM --- Www.Hackerz.iR #
#######################################

**************************************************

Vendor : VGM Forbin
Target Page : resource/products/adm/login.asp
Action : Turn back too default.asp

Exploit :

[ more ]  [ reply ]

AkoComment is a well known and widely used add-on for the Mambo and
Joomla Content Management Systems. It allows users to post comments to
articles.

AkoComment 2.0 suffers from an SQL injection vulnerability
(components/com_akocomment/akocomment.php):

# Clear any HTML and SQL injections
$t

[ more ]  [ reply ]