|
|
Colapse all |
Post message
[FLSA-2006:168516] Updated pcre packages fix a security issue 2006-03-07 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:168264-2] Updated X.org packages fix security issue 2006-03-07 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:168264-1] Updated XFree86 packages fix security issues 2006-03-07 Marc Deslauriers (marcdeslauriers videotron ca) [ MDKSA-2006:053 ] - Updated freeciv packages fix DoS vulnerabilities 2006-03-08 security mandriva com CanSecWest/core06 Vancouver April 3-7 2006-03-08 Dragos Ruiu (dr kyx net) The call for papers is now closed and the proposals have been reviewed for the CanSecWest/core06 Applied Technical Security Conference held on April 5-7 2006 at the Mariott Renaissance Harbourside in Vancouver, B.C. Canada. The selected submissions are : An hour of Rap and Comedy about SAP - St [ more ] [ reply ] RE: Cisco PIX embryonic state machine 1b data DoS 2006-03-07 Randy Ivener (rivener) (rivener cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Response ============== This is Cisco PSIRT's response to the statements made by Arhont Ltd.- Information Security in their messages: "Cisco PIX embryonic state machine 1b data DoS" and "Cisco PIX embryonic state machine TTL(n-1) DoS" both post [ more ] [ reply ] Dropbear SSH server Denial of Service 2006-03-07 Pablo Fernandez (pablo littleQ net) Dropbear SSH server Denial of Service Credits: Pablo Fernandez March 7th, 2006 I. BACKGROUND Dropbear is a relatively small SSH 2 server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly use [ more ] [ reply ] Cisco PIX embryonic state machine TTL(n-1) DoS 2006-03-07 Konstantin V. Gavrilenko (mlists arhont com) Arhont Ltd - Information Security Arhont Advisory by: Konstantin V. Gavrilenko (http://www.arhont.com) http://www.hackingciscoexposed.com Arhont ref: arh200511-1 Advisory: Cisco PIX embryonic state machine TTL(n-1) DoS Class: design bug? Version: Tested on PIX535, PIX OS ver 6.3(4) [ more ] [ reply ] Cisco PIX embryonic state machine 1b data DoS 2006-03-07 Konstantin V. Gavrilenko (mlists arhont com) IE iFrame + Sun JVM + JS bug. Exploitable? 2006-03-07 drguile hotmail com We encountered an interesting bug while working on our web interfaces. We posted it to Sun, but we are curious if the security community sees any way to exploit this in more than a DOS sense. This isnt our speciality, that's why we are inquiring here. This is a copy of the post to Sun's bug tracki [ more ] [ reply ] [eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities 2006-03-07 alex evuln com New eVuln Advisory: ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities http://evuln.com/vulns/87/summary.html --------------------Summary---------------- eVuln ID: EV0087 CVE: CVE-2006-0940 CVE-2006-0941 Software: ShoutLIVE Sowtware's Web Site: http://cynic.x10hosting.com/downloadfile.php? [ more ] [ reply ] Multiple vulnerabilities in Alien Arena 2006 GE 5.00 2006-03-07 Luigi Auriemma (aluigi autistici org) Loudblog 0.41 SQL Injection, Local file read/include 2006-03-07 tzitaroth gmail com "Loudblog is a sleek and easy-to-use Content Management System (CMS) for publishing media content on the web." SQL Injection in podcast.php (magic_quotes=off): http://[target]/loudblog/podcast.php?id=1' and '1'='0' union select password,null,null,null,null,null,null,null,null,null,null,null,null,nu [ more ] [ reply ] Cpanel Path Disclosure Vulnerability 2006-03-07 Silversmith ashiyane com Cpanel hsa the vulnerability to discover the path of the files exp: loginto your cpanel account goto fantastico try to install one of the scripts ! exp: 4images if the server set a permission on the /tmp , cpanel tmp files yuo should see this Warning: main(/home/userid/public_html/fantversion.ph [ more ] [ reply ] [SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution 2006-03-07 Moritz Muehlenhoff (jmm debian org) PHP-based CMS mass-exploitation 2006-03-07 Daniel Bonekeeper (thehazard gmail com) This is not the first time that we see those kind of "attacks", but on the recent days, I've noticed those requests on my webservers with a considerable frequency: 83.84.14X.XXX - - [06/Mar/2006:18:18:12 -0500] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]= com_content [ more ] [ reply ] phpBannerExchange 2.0 Directory Traversal Vulnerability 2006-03-07 h4cky0u org gmail com ------------------------------------------------------ HYSA-2006-004 h4cky0u.org Advisory 013 ------------------------------------------------------ Date - Tue Mar 07 2006 TITLE: ====== phpBannerExchange 2.0 Directory Traversal Vulnerability SEVERITY: ========= High SOFTWARE: ========= [ more ] [ reply ] IM Lock 2006 - Insecure Registry Permission Vulnerability 2006-03-06 unsecure writeme com Application: IM Lock 2006 Vendor: www.comvigo.com Corporation: Comvigo, Inc. Version: Latest: (2 March 2006) - Home Edition, Enterprise & Professional Description: IM Lock 2006 discloses passwords to local users. Background: =========== Security Auditing & Management software, IM Lock controls an [ more ] [ reply ] RE: linksys router + irc DoS 2006-03-06 Daniel Ramirez Valdez (daniel ramirez neoris com) Version 5 is the only WRT54G that runs VXWorks (for now) http://www.linksysinfo.org/modules.php?name=Content&pa=showpage&pid=6#ta ble Mine is version 4, so I cannot test this. Daniel Ramírez Valdez, CISSP Neoris / Networking Group Office: 52.81.8888.5442 Mobile: 52.81.8064.4845 mailto: daniel.rami [ more ] [ reply ] link bank code execution and xss 2006-03-06 retard 30gigs com ??? summary software: Link Bank vendors website: http://daverave.64digits.com/index.php?page=linkbank versions: n/a class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: high ??? description Link Bank does not sanatise post sumbited t [ more ] [ reply ] histhost v1.0.0 xss and possible rmdir 2006-03-06 retard 30gigs com ??? summary software: HitHost vendors website: http://daverave.64digits.com/index.php?page=hithost versions: <= 1.0.0 class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: medium ??? description hithost uses $_GET variables in crucial [ more ] [ reply ] [USN-260-1] flex vulnerability 2006-03-07 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-260-1 March 06, 2006 flex vulnerability CVE-2006-0459 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] SQL injection in Invision Power Board v2.1.5 2006-03-06 ???? ???? (mr_snake_my hotmail com) SQL injection in Invision Power Board v2.1.5 Software: Invision Power Board Web Site : http://forums.invisionpower.com Versions: v2.1.5 Type: SQL Injection Class: Remote example : http://www.victem.com/forum/index.php?showtopic=[anytopic]&pid=1&st=-1[s ql] Discovered by : Mr.SNAKE GreeTz : [ more ] [ reply ] SQL injection & XSS IN vbzoom v1.11 2006-03-06 ???? ???? (mr_snake_my hotmail com) Software: vbzoom v1.11 Web Site:http://www.vbzoom.com Versions: V1.11 == SQL Injection == http://www.victem.com/vz/show.php?UserID=1&MainID=1&SubjectID=[SQL] http://www.victem.com/vz/show.php?UserID=1&MainID=[SQL]&SubjectID=1 ==== XSS ==== http://www.victem.com/vz/comment.php?UserID='>XSS ht [ more ] [ reply ] |
|
Privacy Statement |
Fedora Legacy Update Advisory
Synopsis: Updated pcre packages fix a security issue
Advisory ID: FLSA:168516
Issue date: 2006-03-07
Product: Red Hat Linux, Fedora Core
Keywords:
[ more ] [ reply ]