|
|
Colapse all |
Post message
[SECURITY] [DSA 1014-1] New firebird2 packages fix denial of service 2006-03-23 joey infodrom org (Martin Schulze) [ MDKSA-2006:058 ] - Updated sendmail packages fix remote vulnerability 2006-03-23 security mandriva com [ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities 2006-03-22 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200603-21 ] Sendmail: Race condition in the handling of asynchronous signals 2006-03-22 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [OpenPKG-SA-2006.007] OpenPKG Security Advisory (sendmail) 2006-03-22 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] SUSE Security Announcement: sendmail remote code execution (SUSE-SA:2006:017) 2006-03-22 Thomas Biege (thomas suse de) Re; FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail 2006-03-22 Jose Nazario (jose monkey org) [snip] > VII. References > The latest revision of this advisory is available at > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendm ail.asc [snip] this advisory, along with the 2 other ones released this morning, are still not visible on the project FTP server at noon US ea [ more ] [ reply ] PHP Live! XSS status_image.php 2006-03-22 kspecial (kspecial xzziroz net) Date: 03/22/2006 Vendor: OSI Codes Product: PHP Live! Versions: tested 3.0 Vulnerability: Cross Site Scripting Location: status_image.php Exploit: /phplive/js/status_image.php?base_url=<script>alert(document.cookie)</sc ript> Stumbled across this while auditing a web server, vendor has been notified [ more ] [ reply ] IE crash 2006-03-22 Stelian Ene (stelian ene gecadtech com) I can't find any info on this delicious IE bug, but it seems to be publicly known: <input type="checkbox" id='c'> <script> r=document.getElementById("c"); a=r.createTextRange(); </script> It will badly access a (virtual?) pointer table, making EIP to jump at a random address. This has various ef [ more ] [ reply ] [SECURITY] [DSA 1013-1] New snmptrapfmt packages fix insecure temporary file 2006-03-22 joey infodrom org (Martin Schulze) cutenews 1.4.1 Arbitrary File Access 2006-03-22 h e (het_ebadi yahoo com) cutenews 1.4.1 Arbitrary File Access Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup function, IP banning, flood protection ... http://cutephp.com Credit: The inf [ more ] [ reply ] WinHKI 1.6x Archive Extraction Directory traversal 2006-03-22 h e (het_ebadi yahoo com) WinHKI 1.6x Archive Extraction Directory traversal WinHKI Archiver administrator ask me for penetration test. here is the result : WinHKI Archiver: compression (hki, cab, zip, gzip, tar, jar...) extract 14 formats (hki, rar, ace, zip, gzip, tar, ...) Encryption / Decryption support Full zip sup [ more ] [ reply ] DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' 2006-03-21 KF (lists) (kf_lists digitalmunition com) DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' Author: Kevin Finisterre Vendor: http://www.motorola.com Product: 'Motorola PEBL U6, Motorola V600, other Motorola P2k based phones?' References: http://www.digitalmunition.com/DMA[2006-0321a].txt http://www.motorola. [ more ] [ reply ] [eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability 2006-03-22 alex evuln com New eVuln Advisory: PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability http://evuln.com/vulns/94/summary.html --------------------Summary---------------- eVuln ID: EV0094 Vendor: Himpfen Consulting Company Vendor's Web Site: http://www.himpfenconsulting.com/ Software: PHP Si [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec 2006-03-22 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-06:12.opie 2006-03-22 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail 2006-03-22 FreeBSD Security Advisories (security-advisories freebsd org) Mini-Nuke<=1.8.2 SQL injection (6) 2006-03-21 dabdoub_mosikar forislam com //mini-nuke board turk have many sql injection founded by Moroccan Security Team //Creetz to: Moroccan Security Team [Dr.E-vil,Dr.Erase,H0550N,|ucifer,DaBDouB-MoSiKaR [OverclockiX],ki11er] ,Dranzelz,Esp!onLeRaVaGe,ameer,www.lezr.com and all muslim [morocco] [1] http://[target]/members.asp?action=me [ more ] [ reply ] ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities 2006-03-21 nukedx nukedx com --Security Report-- Advisory: ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 20/03/06 11:14 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: ASPPortal (http://www.A [ more ] [ reply ] Free Articles Directory Remote Command Exucetion 2006-03-21 botan linuxmail org Web Site : http://www.99articles.com Script Demo Site : http://www.articlesone.com General : 1. Support rssfeed (XML) to distribute articles for others website and blogs. It will make grow website popularity 2. Newsletter to be growing visitors 3. Membership system for writer participants submi [ more ] [ reply ] [ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution 2006-03-21 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs 2006-03-21 Matthias Geerdsen (vorlon gentoo org) Recon 2006: Guest speakers announcement. Call for paper and early registration ending in less than 2 weeks. 2006-03-21 Hugo Fortier (hfortier recon cx) Recon 2006 - 16th 17th 18th June 2006 - Plaza Hotel, Montreal - recon.cx ------------------------------------------------------------------------ We are pleased to announce the guest speakers of Recon 2006 : Anthony de Almeida Lopes: Multi-cavity NOP-infection Operating System- Independent x86 Vi [ more ] [ reply ] XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others) 2006-03-21 alfy coders ch Vulnerability class : Cross-Site Scripting Discovery date : 2nd of February 2006 Remote : Yes Local : No Credit : ILION Research Labs, Geneva Switzerland Vulnerable : F5 Firepass 4100 SSL VPN v. 5.4.2 A XSS (Cross-Site-Scripting) vulnerability has been uncovered in my.support.php3 called through a [ more ] [ reply ] [SECURITY] [DSA 1011-1] New kernel-patch-vserver packages fix root exploit 2006-03-21 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution 2006-03-21 joey infodrom org (Martin Schulze) [ GLSA 200603-18 ] Pngcrush: Buffer overflow 2006-03-21 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200603-17 ] PeerCast: Buffer overflow 2006-03-21 Sune Kloppenborg Jeppesen (jaervosz gentoo org) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1014-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 23rd, 2006
[ more ] [ reply ]