|
|
Colapse all |
Post message
CORE-2006-0124: Cross-Site Scripting in Verisign?s haydn.exe CGI script 2006-03-20 CORE Security Technologies Advisories (advisories coresecurity com) [ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability 2006-03-20 security mandriva com [ MDKSA-2006:056 ] - Updated xorg-x11 packages to address local root vuln 2006-03-20 security mandriva com DNS Amplification Attacks 2006-03-17 Gadi Evron (ge linuxbox org) In this paper we address in detail how the recent DNS DDoS attacks work. How they abuse name servers, EDNS, the recursive feature and UDP packet spoofing, as well as how the amplification effect works. Our study is based on packet captures (we provide with samples) and logs from attacks on differ [ more ] [ reply ] RE: Generically Determining the Prescence of Virtual Machines 2006-03-20 Thomas Guyot-Sionnest (Thomas zango com) I suggest you make sure you're using the accelerator mode, which should put qemu in "Virtualization" mode. If you're doing full CPU emulation then the result you get was correct: you weren't doing any virtualization inside qemu. Thomas > -----Original Message----- > From: Jeff Epler [mailto:jeple [ more ] [ reply ] Symantec Security Advisory, SYM06-005 2006-03-20 secure symantec com Symantec Security Advisory SYM06-005 17 March 2006 Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job log Format String Overflow Revision History None Severity Low (network/system authorization and specific configuration required) Remote Access Yes Local Access No Authe [ more ] [ reply ] Re: Invision Power Board v2.1.4 - session hijacking 2006-03-17 exon (exon home se) Please don't take this discussion off-list. You need to hit the "Reply to all" button in your Mozilla mailer. Hans Wolters wrote: >>Hans Wolters wrote: >> >>>Matt, > > > >>But you still need to see the session-id to be able to hijack the >>session, and for that you need to see someones desktop. [ more ] [ reply ] Re: Re: Invision Power Board v2.1.4 - session hijacking 2006-03-17 matt invisionpower com (1 replies) Hans, My problem with this report is this: 1) You've not even read the IPB code. You've stated elsewhere that "using sessions in the URL may appear in JS pop-up windows". IPB does NOT do this. IPB removes the session ID for all links, including JS code when cookies are enabled. 2) You're missing [ more ] [ reply ] Re: Invision Power Board v2.1.4 - session hijacking 2006-03-20 Hans Wolters (hans wolters xs4all nl) [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 2006-03-20 Daniel Stone (daniel fooishbar org) (1 replies) X.Org Security Advisory, March 20th 2006 Local privilege escalation in X.Org server 1.0.0 and later; X11R6.9.0 and X11R7.0 CVE-ID: CVE-2006-0745 Overview: During the analysis of results from the Coverity code review of X.Org, we discovered a flaw in the server that allows local users to execute a [ more ] [ reply ] Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 2006-03-20 H D Moore (sflist digitaloffense net) Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000 2006-03-18 justint rdmail net [Description] SLAB500 is a complete, dynamic, modular web-system designed to your specifications, allowing you to quickly and conveniently update all your content, add new pages, upload images, sounds and video from any browser, via our front-end interface from any location that you have web access. [ more ] [ reply ] Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities 2006-03-20 raphael huck free fr I have contacted PhpOutsourcing 2 weeks ago, and they didn't answer. The mail I sent on classifieds AT phpoutsourcing DOT com bounced back in error. The one I sent on askme AT phpoutsourcing DOT com never got replied. "Currently, we are completely overloaded with our running projects, and we don't [ more ] [ reply ] phpWebsite <= SQL Injection (friend.php) & (article.php) 2006-03-18 dabdoub_mosikar forislam com [+]phpWebsite [+]DaBDouB-MoSiKaR [Moroccan Security Team] [+]creetz to: Moroccan security Team[Dr.E-vil,Dr.Erase,H0550N],ToM-le-Magician[france] , ameer[egypt], Esp!onLeRaVaGe, CiM TeaM, xMs3D0,|ucifer,B6,al-houda members[nabil,sn!per,Kasparov]and all hackers musilm [morocco] and www.lezr.com [+]spe [ more ] [ reply ] [security bulletin] SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access 2006-03-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00555254 Version: 2 HPSBUX02074 SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access NOT [ more ] [ reply ] [SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities 2006-03-20 joey infodrom org (Martin Schulze) [security bulletin] SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access 2006-03-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00614838 Version: 1 HPSBUX02102 SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access. NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Rele [ more ] [ reply ] |
|
Privacy Statement |
Core Security Technologies - Corelabs Advisory
http://www.coresecurity.com/corelabs/
Cross-Site Scripting in Verisign?s haydn.exe CGI script
Date Published: 2006-03-20
Last Update: 2006-03-20
Advisory ID: CORE-2006-0124
Bugtraq ID: None currently ass
[ more ] [ reply ]