#######################################################################

Luigi Auriemma

Application: Sauerbraten engine
http://sauerbraten.org
Versions: <= 2006_02_28 and current CVS
Platforms: Windows, *nix, *BSD and MacOS
Bugs: A] sgetst

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Liero Xtreme
http://lieroxtreme.thegaminguniverse.com
Versions: <= 0.62b
Platforms: Windows
Bugs: A] server crash/freeze
B]

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

SyScan'06 CALL FOR PAPER

**ABOUT SYSCANâ??06**
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with. SyScanâ??06 intends

[ more ]  [ reply ]

Web Application Security Consortium (WASC) Announcement

We're proud to present the german translation of the Threat Classification. On behalf of WASC,
we'd like to thank the following for their hard work and contribution:

Achim Hoffmann
Albert Caruana
Stefan Strobel
Daniela Strobel

Download:
htt

[ more ]  [ reply ]

/*****************************************************************

Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit by Kozan

Bug Discovered and Exploit Coded by: Kozan
Credits to ATmaCA
Web: www.spyinstructors.com
Mail: kozan (at) spyinstructors (dot) com [email concealed]

Affected Vendor:

Microsoft (www.m

[ more ]  [ reply ]

[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php

KAPDA New advisory

Vulnerable products : Runcms 1.x
Vendor: www.runcms.org
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
roozbeh[at]yahoo[dot]com
www.kapda.ir
www.persiax.com

Date :
--

[ more ]  [ reply ]

FTPoed is prone to HTML injection attacks. It is possible for a malicious FTPoed user to inject hostile HTML code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of FTPoed.
FTPoed does not adequately filter HTML tags from various f

[ more ]  [ reply ]

Which model of the WRT54G did you test on?

The reason I'm asking is that there are 5 different models (and a few subset models too), and only the newest (version 5) run VXWorks, whereas the rest run Linux - so it'd be nice to know where the problem is.

Thanks.

-m

[ more ]  [ reply ]

DESCRIPTION
evoBlog is prone to HTML injection attacks. It is possible for a malicious evoBlog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of evoBlog.
evoBlog does not adequately filt

[ more ]  [ reply ]

ORIGIONAL SOURCE: http://notlegal.ws/gamepanel.txt

summary
software: Game-Panel
vendors website: http://game-panel.com
versions: <= 2.6.1
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: sycko
risk level: medium
description
game-panel uses a global

[ more ]  [ reply ]

New eVuln Advisory:
Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability
http://evuln.com/vulns/86/summary.html

--------------------Summary----------------
eVuln ID: EV0086
CVE: CVE-2006-0896
Software: Simple Machines Forum - SMF
Sowtware's Web Site: http://www.simplemachines.org/
Versio

[ more ]  [ reply ]

Hello bugtraq,

I noticed a problem with thttpd-2.25b - Two buffer overflows and
command execution in htpasswd.c. htpasswd is not installed setuid
root, however in some user installations htpasswd might be executed
via sudo. Exploting the above vulnerabilities would allow a
non-priveledged user to

[ more ]  [ reply ]

There is a vulnerability in the Internet Explorer
java applet handling engine. It occurs while running at Sun Microsystems Java VM and is caused by inproper HTML 'INPUT' control focus handling.
After focusing the control before the successful applet intialization numerous browser failures appears.

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 986-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 6th, 2006

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 985-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 6th, 2006

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

DSplit is the small brother of an old tool known as UKsplitter wich is
now abandonned, does not work in vmware, fails to run under windows 2003.

DSplit has been coded for persons like me, targeted by AV firms and
I'm not
responsible of the bad uses of

[ more ]  [ reply ]

Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities
in L-Soft's LISTSERV list management system. The worst of these carries a
critical risk rating.

Affected versions include:

- LISTSERV version 14.4, including LISTSERV Lite and HPO
- LISTSERV version 14.3, including LISTSE

[ more ]  [ reply ]

ORIGIONAL SOURCE: http://notlegal.ws/simplogsploit.txt

???summary
software: simplog
vendors website: http://daverave.64digits.com/home.php?page=simplog
versions: <= 1.0.2
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: retard and jim
risk level: me

[ more ]  [ reply ]

Visual Studio 6.0 Buffer Overflow Vulnerability

Bug Discovered by Kozan
Credits to ATmaCA
Web: www.spyinstructors.com
Mail: kozan (at) spyinstructors (dot) com [email concealed]

Affected Vendor:

Microsoft (www.microsoft.com)

Affected Products:

Microsoft Visual Studio 6.0 (with latest Service Pack 6)
Microsoft Development

[ more ]  [ reply ]

there is an xss in wbb 2.3.4
example:

http://example.com/wbb/acp/misc.php?sid=yoursessionid&action=workingtop&
taskname=Backup%20Database&percent=<script>aler(document.cookie)</script
>

thnx

[ more ]  [ reply ]

--Security Report--
Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 04/03/06 04:36 AM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: TotalECommerce (http:/

[ more ]  [ reply ]

/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST] - Advisory #19 - 04/03/06
--------------------------------------------------------
Program: Pixel Post
Homepage: http://www.pixelpost.org/
Vulnerable Versions: 1.4.3, 1.5 beta1 and possibly lower versions.
Risk

[ more ]  [ reply ]

/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #18 - 03/03/06
--------------------------------------------------------
Program: phpBB
Homepage: http://www.phpbb.com
Vulnerable Versions: All phpBB versions
Risk: High Risk!!
Impact: Multiple DoS V

[ more ]  [ reply ]