|
|
Colapse all |
Post message
Re: Vulnerability Alert Services - Independent List 2006-03-24 Juha-Matti Laurio (juha-matti laurio netti fi) VihorDesing Script Remote Command Exucetion And Cross Scripting Attack 2006-03-24 botan linuxmail org Website : http://www.vihor.de I.Remote Exucete : Vulnerable : http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=id II. Cross Attack http://www.site.com/[path]/index.php?page=<script>alert(document.cookie) </script> http://www.site.com/[path]/index.php?page=<script>alert(Patriotic Hac [ more ] [ reply ] HeffnerCMS Remote Command Exucetion And Cross Scripting Attack 2006-03-24 botan linuxmail org Website : http://www.christian-heffner.de Version : 1.07 I. <?php $filename="index.php"; require_once 'vlib/vlibTemplate.php'; $tmpl = new vlibTemplate('tmpl/std/index.tpl'); require_once 'config/db_config.php'; require_once 'config/pcfunctions.php'; Ucuyor.... :) lol II. Vulnerabl [ more ] [ reply ] Secunia Research: Quick 'n Easy/Baby Web Server ASP CodeDisclosure Vulnerability 2006-03-24 Secunia Research (remove-vuln secunia com) [security bulletin] HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS) 2006-03-24 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00622788 Version: 1 HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possib [ more ] [ reply ] [eVuln] DSNewsletter SQL Injection Vulnerability 2006-03-24 alex evuln com New eVuln Advisory: DSNewsletter SQL Injection Vulnerability http://evuln.com/vulns/97/summary.html --------------------Summary---------------- eVuln ID: EV0097 CVE: CVE-2006-1237 Software: DSNewsletter Sowtware's Web Site: http://dsportal.uw.hu/ Versions: 1.0 Critical Level: Moderate Type: SQL Inj [ more ] [ reply ] [eVuln] DSPoll Multiple SQL Injection Vulnerabilities 2006-03-24 alex evuln com New eVuln Advisory: DSPoll Multiple SQL Injection Vulnerabilities http://evuln.com/vulns/96/summary.html --------------------Summary---------------- eVuln ID: EV0096 CVE: CVE-2006-1217 Software: DSPoll Sowtware's Web Site: http://dsportal.uw.hu/ Versions: 1.1 Critical Level: Moderate Type: SQL Inje [ more ] [ reply ] On product vulnerability history and vulnerability complexity 2006-03-24 Steven M. Christey (coley mitre org) Gadi Evron said: >"Hey mom, what's my root password? I forgot" >"Dunno, just use the new sendmail vulnerability!" The fact that a product has a long history of bugs should not be regarded as an indicator of its current level of security compared to other products. I've been of the mindset lately [ more ] [ reply ] [SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities 2006-03-24 Moritz Muehlenhoff (jmm debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- Debian Security Advisory DSA 1018-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Dann Frazier, Simon Horman March 26th, 2006 [ more ] [ reply ] [eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities 2006-03-24 alex evuln com New eVuln Advisory: @1 File Store Multiple XSS and SQL Injection Vulnerabilities http://evuln.com/vulns/95/summary.html --------------------Summary---------------- eVuln ID: EV0095 Software: @1 File Store Sowtware's Web Site: http://www.upoint.info/cgi/download/ Versions: 2006.03.07 Critical Level: [ more ] [ reply ] [SECURITY] [DSA 1019-1] New kpdf packages fix several vulnerabilities 2006-03-24 joey infodrom org (Martin Schulze) [FLSA-2006:186277] Updated sendmail packages fix security issues 2006-03-24 Jesse Keating (jkeating j2solutions net) [ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability 2006-03-24 security mandriva com w3wp remote DoS 2006-03-22 Debasis Mohanty (debasis hackingspirits com) Sorry, if you are receiving multiple copies of it. Just resending as the one that I sent last night has not yet appeared. w3wp remote DoS due to improper reference of STA COM components in ASP.NET ======================================================================== === Vendor: Microsoft Corpora [ more ] [ reply ] Re: recursive DNS servers DDoS as a growing DDoS problem 2006-03-21 Chris Thompson (cet1 cus cam ac uk) Michael Sierchio <kudzu (at) tenebras (dot) com [email concealed]> writes: > > Robert Story wrote: > > > VG> In the scenario you describe, I cannot see any actual amplification... > > > > The amplification isn't in the number of hosts responding, but in packet size. > > A very small DNS request packet results in a huge respo [ more ] [ reply ] Vulnerabilitiy found in comodo hacker guardian free scan. 2006-03-19 sk8boardkid gmail com Vulnerabilitiy found in comodo hacker guardian free scan. http://www.hackerguardian.com/ After trying their service, I have noticed a few bugs in the site that could lead to their free scan service to be used for purposes that it is not intended for. I have created a webpage detailing the proble [ more ] [ reply ] Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses 2006-03-22 Suport Account (support aspportal net) HI These issues has been fixed in ASPPortal version 3.1.2 Due for release end of april Regards, ASPPortal Support ----- Original Message ----- From: nukedx (at) nukedx (dot) com [email concealed] To: full-disclosure (at) lists.grok.org (dot) uk [email concealed], bugtraq (at) securityfocus (dot) com [email concealed], support (at) aspportal (dot) net [email concealed] Sent: Tue, 21 Mar 2006 22:29:02 +0 [ more ] [ reply ] |
|
Privacy Statement |
Regards,
Juha-Matti
> Symantec Deepsight Alert Services
> SecurityMob
> FrCIRT
> iAlert Web
> TraceAlert
> SecurityTracker
> Cybertrust Vulnerability/Threat Management
> Vulnerability Tracking Service
> X-Force Threat Analysi
[ more ] [ reply ]