|
|
Colapse all |
Post message
[SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution 2006-03-16 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 1003-1] New xpvm packages fix insecure temporary file 2006-03-16 joey infodrom org (Martin Schulze) Latest MS patches kill wireless networking? 2006-03-15 James Garrison (jhg athensgroup com) (1 replies) I installed the latest MS patches and after rebooting, my wireless network refused to connect. It still showed excellent signal strength but was unable to establish a connection. I tried using both the adapter's client (Intel PRO Set) and the standard Windows client, with identical results. Then [ more ] [ reply ] WebVulnCrawl searching excluded directories for hackable web servers 2006-03-15 Michael Scheidell (scheidell secnap net) A misguided person is using the robots.txt exclusion file to search for vulnerable web applications. What he plans on doing with this list of vulnerable web applications is up to debate. What he is doing is a violation of the RFC's (governing robots.txt.. Yes, hackers do that also) The robots.txt [ more ] [ reply ] Re: Linux zero IP ID vulnerability? 2006-03-15 Marco Ivaldi (raptor 0xdeadbeef info) I've received a couple of off-list replies. See my comments in-line. On Tue, 14 Mar 2006, Martin Maèok wrote: > Have you verified that the sequence is global and not only per peer? The > latter would mean that "vuln" can't be used as a middle-man for IDLE > scanning... Yeah, of course i've veri [ more ] [ reply ] Vulnerability in e-gold 2006-03-15 shurik f gmail com Vulnerability was fixed in https://www.e-gold.com/acct/confirm.asp money transfer script. Problem description: If authenticated user is referred to the script AccounID/PassPhrase validation is not performed. By redirecting user to URL https://www.e-gold.com/acct/confirm.asp?AccountID=123456 [ more ] [ reply ] Invision Power Board v2.1.4 - session hijacking 2006-03-14 Hans Wolters (hans wolters xs4all nl) (1 replies) Problem: Invision Board v2.1.4 has a problem with sessions. Once it is installed on a server where php is allowed to use transparant sessions a session can be hijacked by other users. Testing: Once you visit a site where Invision Board is used the first click on the Log In link points the v [ more ] [ reply ] GnuPG weak as one guy with a spare laptop. 2006-03-14 Forrest J. Cavalier III (mibsoft mibsoftware com) "A chain is only as strong as its weakest link." When I get the GnuPG distribution from the non-secure http://gnupg.org (or a https://gnupg.org with a CAcert.org certificate) I get a distribution signed by Werner Koch's key issued one day after the previous signing key expired 2006-01-01. The p [ more ] [ reply ] [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection 2006-03-14 addmimistrator gmail com ORIGINAL ADVISORY: http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjec tion.html http://kapda.ir/advisory-295.html ???Summary??? Software: MyBB Sowtware?s Web Site: http://www.mybboard.com Versions: 1.0.4 Class: Remote Status: Unpatched Exploit: Not Available Solution: Available [ more ] [ reply ] [[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details 2006-03-14 addmimistrator gmail com ORIGINAL ADVISORY: http://myimei.com/security/2006-03-11/mybb-103-memberphp-xss-attack-in-c ontact-details.html http://kapda.ir/advisory-297.html ??????-Summary?????- Software: MyBB Sowtware?s Web Site: http://www.mybboard.com Versions: 1.0.4 Class: Remote Status: Unpatched Exploit: Available Discov [ more ] [ reply ] Sasser variant that effects 2k3 SP1 completely updated? 2006-03-13 Andrew Weaver (aweaver ee net) (1 replies) Has anyone seen a sasser variant that effects Windows 2k3 SP1? We have started seeing servers exhibiting the exact same effects that sasser had back when it was "all the rage" that are completely patched to the latest "Windows Update" spec before ever touching the non firewalled internet [ more ] [ reply ] Re: Sasser variant that effects 2k3 SP1 completely updated? 2006-03-15 Robert J. Stull (Stull_Robert_J cat com) [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login 2006-03-14 addmimistrator gmail com ORIGINAL ADVISORY: http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.ht ml http://kapda.ir/advisory-296.html ???Summary??? Software: MyBB Sowtware?s Web Site: http://www.mybboard.com Versions: 1.0.4 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered [ more ] [ reply ] FW: call for speakers and thoughts on VoIP Security - there's a long way to go! 2006-03-13 Ken Kousky (KKousky ip3inc com) Subject: call for speakers and thoughts on VoIP Security - there's a long way to go! There's no question that VoIP Security is a BIG issue. Most management surveys say that it's the first or second reason given for why companies are delaying on VoIP. VoIPSA is certainly a resource, as NIST. The [ more ] [ reply ] Secunia Research: Adobe Document/Graphics Server File URI ResourceAccess 2006-03-15 Secunia Research (remove-vuln secunia com) [eVuln] discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities 2006-03-15 alex evuln com New eVuln Advisory: discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities http://evuln.com/vulns/92/summary.html --------------------Summary---------------- eVuln ID: EV0092 Vendor: xhawk.net Vendor's Web Site: http://xhawk.net Software: discussion Sowtware's Web Site: http://xhaw [ more ] [ reply ] CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior 2006-03-15 CodeScan Labs (advisories codescan com) ======================================================================== = CodeScan Advisory, codescan.com <advisories (at) codescan (dot) com [email concealed]> = = Unauthenticated Arbitrary File Read in Horde v3.09 and prior = = Vendor Website: = http://www.horde.org = = Affected Version: = Versions prior to and includin [ more ] [ reply ] [SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities 2006-03-15 joey infodrom org (Martin Schulze) WLSI - Windows Local Shellcode Injection - Paper 2006-03-15 Cesar (cesarc56 yahoo com) Hi. For those who didn't attend to Black Hat Europe nor EuSecWest, here is the paper on which the presentation was based. WLSI - Windows Local Shellcode Injection Abstract: This paper describes a new technique to create 100% reliable local exploits for Windows operating systems, the technique us [ more ] [ reply ] CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net 2006-03-15 CodeScan Labs (advisories codescan com) ======================================================================== = CodeScan Advisory, codescan.com <advisories (at) codescan (dot) com [email concealed]> = = Multiple Vulnerabilities In ASPPortal.net = = Vendor Website: = http://www.aspportal.net = = Affected Version: = Version 3.00 = = Researched By = CodeScan [ more ] [ reply ] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability 2006-03-15 XFOCUS Security Team (security xfocus org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Relase Date: 2006-03-15 CVE: CVE-2006-0031 Affected Products: ================== Microsoft Office Excel 2000 Microsoft Office Excel XP Microsoft Office Excel 2003 Impact: ======= Microsoft Excel is a popular spreadsheet program of Microsoft Office p [ more ] [ reply ] |
|
Privacy Statement |
Yes, the author is correct in finding that if you: copy the user's IP address, copy the user's user-agent and copy the user's session ID then they can "hijack" your session.
That's because, to all
[ more ] [ reply ]