|
|
Colapse all |
Post message
[ GLSA 200603-15 ] Crypt::CBC: Insecure initialization vector 2006-03-17 Stefan Cornelius (dercorny gentoo org) [eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities 2006-03-17 alex evuln com New eVuln Advisory: NMDeluxe XSS & SQL Injection Vulnerabilities http://evuln.com/vulns/93/summary.html --------------------Summary---------------- eVuln ID: EV0093 CVE: CVE-2006-1107 CVE-2006-1108 Software: NMDeluxe Sowtware's Web Site: http://nmdeluxe.com/ Versions: 1.0.0 STABLE Critical Level: M [ more ] [ reply ] [SECURITY] [DSA 1007-1] New drupal packages fix several vulnerabilities 2006-03-17 joey infodrom org (Martin Schulze) [ GLSA 200603-13 ] PEAR-Auth: Potential authentication bypass 2006-03-17 Stefan Cornelius (dercorny gentoo org) [ GLSA 200603-14 ] Heimdal: rshd privilege escalation 2006-03-17 Stefan Cornelius (dercorny gentoo org) RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growingDDoSproblem 2006-03-14 Keith Morgan (keith morgan terradon com) I had an off-list request for a packet capture or log entries of examples. http://www.criticalstop.com/malicious_dns.txt Only the IP of our affected DNS server is sanitized. But this should put to rest questions about fragmentation, etc... The DNS server providing the cached response is pretty t [ more ] [ reply ] [FLSA-2006:175404] Updated xpdf package fixes security issues 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) Re: GnuPG weak as one guy with a spare laptop. 2006-03-15 obnoxious hush com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What is your point exactly? How secure are Verisign, Thawte or anyone elses servers outside of them just stating "We take X Precautions". Look at just about all of the top companies, Microsoft, Sun, Yahoo, Citibank. They've all been hit at some point be [ more ] [ reply ] [FLSA-2006:157459-4] Updated kernel packages fix security issues 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:157459-3] Updated kernel packages fix security issues 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) RE: Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-16 David Schenz (schenz 9 dps ohio-state edu) Tested on Win2k3 Standard, fully patched... Mshtml.dll 6.0.3790.2577 Iexplore.exe 6.0.3790.1830 PoC does work. David Schenz schenz.9 (at) osu (dot) edu [email concealed] -----Original Message----- From: Michal Zalewski [mailto:lcamtuf (at) dione.ids (dot) pl [email concealed]] Sent: Thursday, March 16, 2006 4:14 PM To: Daniel Bonekeeper Cc: bugtraq@ [ more ] [ reply ] Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-17 Nazca zone-h fr Something strange... I tried under FireFox 1.0.7 and seems that when you check the sources, it's crashing. I tried also under FireFox 1.5.0.1, it's also crashing when i check the sources... but that one depend, another friend tried it under the same version and it's also crashing ... is it exploit [ more ] [ reply ] [FLSA-2006:178606] Updated kdelibs packages fix security issues 2006-03-17 Marc Deslauriers (marcdeslauriers videotron ca) [SECURITY] [DSA 1005-1] New xine-lib packages fix arbitrary code execution 2006-03-16 Moritz Muehlenhoff (jmm debian org) Microsoft Commerce Server 2002: Logon as known user with a false password 2006-03-16 Dimitri (d vd giessen xs4all nl) Microsoft Commerce Server 2002: Logon as known user with a false password Vulnerable: Microsoft Windows Server 2000/2003 + Internet Information Server 5/6 + Commerce Server 2002 Discussion: Microsoft Commerce Server is used by company's who want to give customers the opportunity to change th [ more ] [ reply ] Re: Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-16 Michal Zalewski (lcamtuf dione ids pl) (2 replies) On Thu, 16 Mar 2006, Daniel Bonekeeper wrote: > BTW, tested the POC on MSIE (File Version = 6.00.2900.2180 > (xpsp_sp2_rtm.040803-2158)) with mshtml.dll (6.00.2900.2802 > (xpsp_sp2_gdr.051123-1230)) and it didn't worked. Daniel followed up with me in private and confirmed that the PoC *did* work f [ more ] [ reply ] Re: Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-16 Tomasz Onyszko (t onyszko w2k pl) Re: Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-17 Hariharan (harij22 gmail com) (1 replies) Re: Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-17 Michal Zalewski (lcamtuf dione ids pl) Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-16 Michal Zalewski (lcamtuf dione ids pl) (1 replies) Good morning, This might not come as a surprise, but there appears to be a *very* interesting and apparently very much exploitable overflow in Microsoft Internet Explorer (mshtml.dll). This vulnerability can be triggered by specifying more than a couple thousand script action handlers (such as onL [ more ] [ reply ] Re: Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-16 Daniel Bonekeeper (thehazard gmail com) |
|
Privacy Statement |
Hash: SHA1
XCon2006 Call For Paper
XCon2006 the Fifth Information Security Conference will be held
in Beijing, China, during August 18-20, 2006. China has long been
known as a famous cultural country, while Beijing is the most
splendid place in its history.
[ more ] [ reply ]