|
|
Colapse all |
Post message
[eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities 2006-03-10 alex evuln com New eVuln Advisory: FreeForum PHP Code Execution & Multiple XSS Vulnerabilities http://evuln.com/vulns/89/summary.html --------------------Summary---------------- eVuln ID: EV0089 CVE: CVE-2006-0957 CVE-2006-0958 Vendor: ZoneO-Soft Vendor's Web Site: http://soft.zoneo.net/ Software: FreeForum Sowtw [ more ] [ reply ] [SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution 2006-03-10 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 991-1] New zoo packages fix arbitrary code execution 2006-03-10 joey infodrom org (Martin Schulze) [SECURITY] [DSA 919-2] New curl packages fix potential security problem 2006-03-10 joey infodrom org (Martin Schulze) [SECURITY] [DSA 990-1] New bluez-hcidump packages fix denial of service 2006-03-10 joey infodrom org (Martin Schulze) Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm 2006-03-09 Zone Labs Product Security (Product-Security at zonelabs com michael checkpoint com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm Severity: Low Impact: Local escalation of privileges Remotely exploitable: No Affected software: ZoneAlarm and its variations (6.x confirmed, other versio [ more ] [ reply ] Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem 2006-03-08 Mark Senior (senatorfrog gmail com) Correct me if I'm wrong, but I was under the impression that DNS responses that go over the max size of a UDP datagram won't get split into multiple UDP datagrams. Rather, a response with only partial data will be sent back, and the client has to reconnect over TCP to get the full data. RFC 2671 e [ more ] [ reply ] RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem 2006-03-08 Geo. (geoincidents nls net) >>In the scenario you describe, I cannot see any actual amplification... I'll give you a senario where you can see. lets say you have 2 name servers that are local to you. I setup a domain, example.com. In this domain I create a text record which is 100K in length, I don't know, perhaps I paste t [ more ] [ reply ] announcement: reporting and mitigating malicious websites and phishing 2006-03-08 Gadi Evron (ge linuxbox org) On the public botnets mailing list, there have been quite a few "off topic" reports of Malicious Websites. Sites holding malware, malicious code, drive-by installs, phishing sites, etc. The botnets list is of high traffic while it is busy figuring itself out. We expected this might happen, and s [ more ] [ reply ] RE: Purple Paper: Exegesis Of Virtual Hosts Hacking 2006-03-07 Craig Wright (cwright bdosyd com au) Hello, A quick peer review of the paper. First it is too simplistic. You have not provided a detailed methidology nor any way of repeating/verifying the data. You have defined no method of detailing where virtual hosts are on separate virtual machines, CHROOT environments, hardware cards [ more ] [ reply ] [USN-261-1] PHP vulnerabilities 2006-03-10 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-261-1 March 10, 2006 php4, php5 vulnerabilities CVE-2006-0207, CVE-2006-0208 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 ( [ more ] [ reply ] [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow 2006-03-10 Dirk Mueller (mueller kde org) n8cms 1.1 & 1.2 version Sql İnjection And XSS 2006-03-09 liz0 bsdmail com ----------------------------------------------------------------- n8cms 1.1 & 1.2 version Sql İnjection And XSS Site:http://www.nathanlandry.com Demo:http://www.nathanlandry.com/n8cms_v1.1/ Credit : Liz0ziM webpage:www.biyosecurity.com Mail :liz0 (at) bsdmail (dot) com [email concealed] -------------------------- [ more ] [ reply ] PHP Advanced Transfer Manager Download users password hashes 2006-03-09 liz0 bsdmail com PHP Advanced Transfer Manager Download users password hashes PHP Advanced Transfer Manager 1.* Site:http://phpatm.free.fr/ ---------------------------------------------------- Bugs: http://victim.com/path/users/username ---------------------------------------------------- example: http://www.vi [ more ] [ reply ] PHP Upload Center Download users password hashes And phpshell Upload 2006-03-09 liz0 bsdmail com PHP Upload Center Download users password hashes And phpshell Upload Site:http://ksv.hypermart.net/php/ ---------------------------------------------------- 1)Download users password hashes: http://victim.com/path/users/username 2)phpshell Upload Example: Download http://geocities.com/li [ more ] [ reply ] DVguestbook 1.0 And 1.2.2 Cross Site Scripting 2006-03-09 liz0 bsdmail com ------------------------------------------------------------------------ ------------- DVguestbook 1.0 And 1.2.2 Cross Site Scripting Site:http://suprem.free.fr Credit : Liz0ziM webpage:www.biyosecurity.com Mail :liz0 (at) bsdmail (dot) com [email concealed] --------------------------------------------------------------- [ more ] [ reply ] UnrealIRCd3.2.3 Server-Link Denial of Service 2006-03-09 admin redneck servebeer com -Description- UnrealIRCd 3.2.3 is vulnerable to strings sent from a linked server for adding/removing Q:lines with special characters. Could be sent through services. Fixed as of version 3.2.4 -PoC- #!/usr/bin/perl # Denial of Service exploit for UnrealIRCd 3.2.3 # Successfully tested on both Win3 [ more ] [ reply ] Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 2006-03-08 omega13a sbcglobal net Aluria/WhenU Troubled Past and Whitewashing History 2006-03-08 Paul Laudanski (zx castlecops com) I realize this may not be a bug report in the classic instance, but I do feel the community needs to be advised of what is going on with Aluria and their apparent WhenU delisting coverup. We're all supposed to be in this security thing together, but the recent actions on Aluria's part leaves mu [ more ] [ reply ] RE: [Full-disclosure] PHP-based CMS mass-exploitation 2006-03-08 hchemin godaddy com This is a mambo based exploit. There are linux based worm variants which compromise an site running a vulnerable version of Mambo and then execute a malicious perl script which in turns attempts to exploit remote sites. Harry > -------- Original Message -------- > Subject: [Full-disclosure] PHP [ more ] [ reply ] Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 2006-03-09 reedarvin gmail com Re: Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting 2006-03-09 no_reply securityfocus com RevilloC MailServer 1.x "USER" Command Handling Remote Buffer Overflow Exploit 2006-03-09 securma morx org Product: RevilloC MailServer and Proxy v 1.21 (http://www.revilloC.com) The mail server is a central point for emails coming in and going out from home or office. The service will work with any standard email client that supports POP3 and SMTP. Vulnerability Description: sending a large buffer aft [ more ] [ reply ] txtForum: Script Injection Vulnerability 2006-03-09 enji seclab tuwien ac at =========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================== [ more ] [ reply ] |
|
Privacy Statement |
Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 07/03/06 04:52 AM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: Jiros (http://www.jiros.net)
Ve
[ more ] [ reply ]