|
|
Colapse all |
Post message
[SECURITY] [DSA 995-1] New metamail packages fix arbitrary code execution 2006-03-13 joey infodrom org (Martin Schulze) [SECURITY] [DSA 994-1] New freeciv packages fix denial of service 2006-03-13 joey infodrom org (Martin Schulze) [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability 2006-03-12 dong-hun you (xploit hackermail com) ======================================== INetCop Security Advisory #2006-0x82-029 ======================================== * Title: zeroboard IP session bypass XSS vulnerability 0x01. Description Zeroboard is a popular web notice board used in Korea. INetCop Security found XSS vulnerabil [ more ] [ reply ] Multiple vulnerabilities in ENet library (Jul 2005) 2006-03-12 Luigi Auriemma (aluigi autistici org) [USN-264-1] gnupg vulnerability 2006-03-13 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-264-1 March 13, 2006 gnupg vulnerability CVE-2006-0049 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu [ more ] [ reply ] [USN-263-1] Linux kernel vulnerabilities 2006-03-13 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-263-1 March 13, 2006 linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities CVE-2005-3359, CVE-2006-0457, CVE-2006-0554, CVE-2006-0555, CVE-2006-0741, CVE-2006-0742 ============================================= [ more ] [ reply ] [USN-262-1] Ubuntu 5.10 installer password disclosure 2006-03-13 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-262-1 March 12, 2006 Ubuntu 5.10 installer vulnerability https://launchpad.net/bugs/34606 =========================================================== A security issue affects the following Ubuntu releases: [ more ] [ reply ] [ GLSA 200603-09 ] SquirrelMail: Cross-site scripting and IMAP command injection 2006-03-12 Stefan Cornelius (dercorny gentoo org) AntiVir PersonalEdition Classic: Local Privilige Escalation 2006-03-11 Ramon 'ports' Kukla (ml2 portsonline net) Copy protection scheme SafeDisc allows privilege escalation 2006-03-11 yourname yourdomain com I have a found a serious flaw in the well-known and widely deployed copy protection scheme SafeDisc. The issues arrises from the how the installation of the driver secdrv.sys is managed. When installed, the associated driver service is assigned the SE_CHANGE_CONFIG flag, which means that any user [ more ] [ reply ] SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit 2006-03-11 rod hedor (rodhedor hotmail com) SGI IRIX 6.*usr/sysadm/bin/runpriv draft resolution to be to complete at antecedence but to stoke seriously came ran ready-to-wear there is no need to explain in the interest of owners yonder protection them from geeks but whom need to make realize excellent. visit http://lezr.com/vb echo [ [ more ] [ reply ] XSS in vCard 2006-03-11 xx_hack_xx_2004 hotmail com Hello Vulnerable: vCard 2.x http://www.belchiorfoundry.com Exploit : http://example.com/vcard/create.php?card_id='><script>alert(document.coo kie)</script> http://example.com/vcard/create.php?uploaded='><script>alert(document.co okie)</script> http://example.com/vcard/create.php?card_fontsize='><s [ more ] [ reply ] Coppermine exploit used by a Chase Phish? 2006-03-11 Paul Laudanski (zx castlecops com) I got sent a Chase phish email tonight and in checking it out it appears to be live on a Coppermine gallery installation. Is this a new exploit of Coppermine, or just this site hasn't been yet patched? A photo of the phish site with the URL (domain blacked out): http://castlecops.com/p728141-Ma [ more ] [ reply ] Jupiter CMS <= 1.1.5 multiple XSS attack vectors. 2006-03-11 zerogue gmail com Jupiter CMS <= 1.1.5 multiple XSS attack vectors. Discovered by: Nomenumbra/[0x4F4C] Date: 3/11/2006 impact:high (privilege escalation,site defacement) Jupiter CMS (http://www.highstrike.net/) is a dynamic CMS system like mambo or limbo, allowing users to subscribe and posts events. Because no fil [ more ] [ reply ] [ GLSA 200603-07 ] flex: Potential insecure code generation 2006-03-10 Thierry Carrez (koon gentoo org) [SECURITY] [DSA 993-1] New GnuPG packages fix broken signature check 2006-03-10 joey infodrom org (Martin Schulze) [ GLSA 200603-08 ] GnuPG: Incorrect signature verification 2006-03-10 Thierry Carrez (koon gentoo org) Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit 2006-03-10 scaturan negimaki com afaik, there is no hardcoded workaround other than disable anonymous registration, using .htaccess/httpd.conf restrictions, or removing wp-register.php for the time being, if you're using mod_security, you can block it using something like this: SecFilterSelective "THE_REQUEST" "wp-register.php" [ more ] [ reply ] [KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability 2006-03-10 alireza hassani (trueend5 yahoo com) KAPDA New advisory Vendor: http://www.freeguppy.org Vulnerable: <= 4.5.11 Bug: Destroy database files (Remote DoS vulnerability) Exploitation: Remote with browser Exploit: available Description: -------------------- GuppY is a web portal intentionaly designed to be easy to use for you, the final [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 995-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
March 13th, 2006
[ more ] [ reply ]