|
|
Colapse all |
Post message
[SECURITY] [DSA 981-1] new bmv packages fix arbitrary code execution 2006-03-02 joey infodrom org (Martin Schulze) ProtoVer Sample IMAP testsuite release 2006-03-02 Evgeny Legerov (research gleg net) Hi all, I am pleased to announce the release of ProtoVer Sample IMAP testsuite. ProtoVer Sample IMAP testsuite is a collection of IMAP4rev1 server (Non-Authenticated state) verification tests generated with the help of the full version of ProtoVer IMAP testsuite. The testsuite is licensed unde [ more ] [ reply ] PluggedOut Nexus SQL injection 2006-03-02 h e (het_ebadi yahoo com) PluggedOut Nexus SQL injection Nexus is an open source script you can run on your web server to give you a community based website where people can register, search each others interests, and communicate with one another either through a private messaging system, or via chat requests and forums. Pro [ more ] [ reply ] [SECURITY] [DSA 984-1] New xpdf packages fix several problems 2006-03-02 joey infodrom org (Martin Schulze) [SECURITY] [DSA 980-1] New tutos package fixes several vulnerabilities 2006-03-02 joey infodrom org (Martin Schulze) JOOMLA CMS 1.0.7 DoS & path disclosing 2006-03-02 ghc ghc ru RST/GHC -- JOOMLA CMS -- ADVISORY #37 Product: Joomla Affected version: 1.0.7 Last version: 1.0.7 Vendor: Joomla! URL: http://www.joomla.org/ online demo: http://demo.joomla.org/ VULNERABILITY CLASS: DoS, path disclosing [Product Description] Joomla! is a Content Management System (CMS) created by [ more ] [ reply ] [KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS 2006-03-02 addmimistrator gmail com original advisories: http://www.kapda.ir/advisory-266.html http://myimei.com/security/2006-02-19/vbulletin3012353s_valid_emailxss-a ttack.html KAPDA New advisory Software: vBulletin Vendor: http://www.vBulletin.com Versions: 3.0.12-3.5.3 Class: Remote Status: Unpatched Exploit: Available Solution: [ more ] [ reply ] Re: recursive DNS servers DDoS as a growing DDoS problem 2006-03-02 v9 (v9 fakehalo us) Here are some dns servers I gathered/scanned during the time I researched this months ago(that appear to still be up): 68.1.199.151 68.1.196.116 68.1.195.161 68.1.193.177 Just remember when you test/capture packets that the domain being resolved must NOT exist(ie. "x"). On Thu, 2 Mar 2006, Gadi E [ more ] [ reply ] [OSX]: /usr/bin/passwd local root exploit. 2006-03-02 v9 (v9 fakehalo us) Original reference: http://fakehalo.us/xosx-passwd.pl --------------------------------------------------------------------- #!/usr/bin/perl # # /usr/bin/passwd[OSX]: local root exploit. # # by: vade79/v9 v9 (at) fakehalo (dot) us [email concealed] (fakehalo/realhalo) # # (Apple) OSX's /usr/bin/passwd program has support for [ more ] [ reply ] Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability 2006-03-01 roozbeh_afrasiabi yahoo com [ADDITIONS AND CORRECTIONS] Detail and PoC : -------------------- The application does not validate the "lid" variable upon submission to ratelink.php(*) and ratefile.php. h**p://[target]/public/modules/mylinks/ratelink.php?lid={number}">[code] h**p://[target]/public/modules/downloads/ratefile.p [ more ] [ reply ] [FLSA-2006:178989] Updated perl-DBI package fixes security issue 2006-03-02 Marc Deslauriers (marcdeslauriers videotron ca) [USN-259-1] irssi vulnerability 2006-03-02 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-259-1 March 01, 2006 irssi-text vulnerability CVE-2006-0458 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) T [ more ] [ reply ] Advisory: ICQmail.com & Mail2World.com (ms_inbox.aspCurrent_folder) XSS vulnerability 2006-02-25 nukedx nukedx com --Security Report-- Advisory: ICQmail.com & Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 01:43 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: M2W (http:/ [ more ] [ reply ] RE: Evil side of Firefox extensions 2006-03-01 salexander frontporch com A lot of problems can be chalked up to user error but we all need to face the fact that users do not click No. People are conditioned to just click Yes/Ok/Next no matter what; even when they know better. Even home users would be better off with the feature enabled. If they had to enter a password [ more ] [ reply ] FW: WordPress 2.0.1 Multiple Vulnerabilities 2006-02-28 Michael Wade ferguson com (1 replies) I see this only as a problem if the admin has it set to automatically post comments. Does anyone know if this is the behavior on a default installation? That and idiot admins approving a comment with bad code in it. And what about filtering out %22? Does it do this already? -----Original Message- [ more ] [ reply ] Re: [Full-disclosure] Quarantine your infected users spreading malware 2006-02-27 Dana Hudes (dhudes hudes org) Even done in the most well-meaning manner this is still computer trespass unless it is permitted by the subscriber agreement for an ISP and done by that ISPs staff. I am all in favor of reducing newbie zombies. the only way I can see to do so is to get the user to consent to the upgrade. Micros [ more ] [ reply ] Fwd: APPLE-SA-2006-03-01 Security Update 2006-001 2006-03-01 Dave McKinney (dm securityfocus com) FYI -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2006-03-01 Security Update 2006-001 Security Update 2006-001 is now available and addresses the following issues: apache_mod_php CVE-ID: CVE-2005-3319, CVE-2005-3353, CVE-2005-3391, CVE-2005-3392 Available for: Mac OS X v10.3.9, Mac OS [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
---
Debian Security Advisory DSA 981-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
February 26th, 2006
[ more ] [ reply ]