|
|
Prev week |
Colapse all |
Post message
Re: ArGoSoft FTP server remote heap overflow 2006-03-01 Jerome Athias (jerome athias free fr) Hi, as i replied privately to you, yes i think we can say that. You could consider it as an update... Note that the vendor was contacted without response. Regards /JA Steven M. Christey a écrit : > A buffer overflow in DELE was originally reported to Bugtraq by CorryL > in March 2005, for ArGoSof [ more ] [ reply ] Evolution Emailer DoS 2006-03-01 Alan Cox (alan ftp linux org uk) About 7 weeks ago an automated mailing list spewed a large but valid email containing a lot of URLS and other formatting. When this email is fed into evolution the behaviour it causes leads evolution to expand dramatically in size and eat vast amounts of CPU time. If you've got a lot of patience an [ more ] [ reply ] SAP Web Application Server http request url parsing vulnerability 2006-03-01 arnold grossmann gmail com Advisory Name: SAP Web Application Server http request url parsing vulnerability Release Date: 01/03/2006 Affected Applications: SAP WebAS Kernel up to version 7.00 Affected Platforms: Platform-Independant Local / Remote: Remote Severity: Medium to High Author: A. Grossmann arnold.grossmann ( [ more ] [ reply ] Secunia Research: Lighttpd Script Source Disclosure Vulnerability 2006-03-01 Secunia Research (remove-vuln secunia com) Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities 2006-03-01 Daniel Veditz (dveditz cruzio com) Re: WordPress 2.0.1 Multiple Vulnerabilities 2006-03-01 Javor Ninov (drfrancky securax org) wp-content/ is also prone to directory listing Javor Ninov aka DrFrancky k4p0k4p0 (at) hotmail (dot) com [email concealed] wrote: > /* > --------------------------------------------------------------- > [N]eo [S]ecurity [T]eam [NST]® WordPress 2.0.1 Multiple Vulnerabilities > ------------------------------------------------- [ more ] [ reply ] Re: Fedex Kinkos Smart Card Authentication Bypass 2006-03-01 Lance James (bugtraq securescience net) Eric B wrote: > Wait, so if I read this right, consumers with existing cards could > dupe their legit cards for fake ones and cash in the fake ones yet > still have credit on the legit card? > > So I'm assuming Fedex has no database/authentication system storing > these serials...brilliant. > Yup. [ more ] [ reply ] [eVuln] Leif M. Wright's Blog Multiple Vulnerabilities 2006-03-01 alex evuln com New eVuln Advisory: Leif M. Wright's Blog Multiple Vulnerabilities http://evuln.com/vulns/82/summary.html --------------------Summary---------------- eVuln ID: EV0082 CVE: CVE-2006-0843 CVE-2006-0844 CVE-2006-0845 CVE-2006 Software: Leif M. Wright's Blog Sowtware's Web Site: http://leifwright.com/s [ more ] [ reply ] Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities 2006-02-28 Steve Shockley (steve shockley shockley net) Renaud Lifchitz wrote: > Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities The css part of this "exploit" is actively used by Intellicontact (or whatever they call themselves this week), the host of the factcheck.org mailing list. For example: <LINK href=http://mail1.icptrac [ more ] [ reply ] Updated Noah Classifieds Component for Joomla!/Mambo 2006-03-01 noahsec1 davidmckinnisconsulting com Updated Noah Classifieds Component for Joomla!/Mambo fixes vulnerabilities Problem: Several vulnerabilities were recently discovered in Noah Classifieds 1.3 which also affect the Joomla!/Mambo component. Details on the vulnerabilities are available at http://www.kapda.ir/advisory-268.html The exp [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED] 2006-03-01 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-06:10.nfs 2006-03-01 FreeBSD Security Advisories (security-advisories freebsd org) Re: ArGoSoft FTP server remote heap overflow 2006-03-01 Steven M. Christey (coley mitre org) A buffer overflow in DELE was originally reported to Bugtraq by CorryL in March 2005, for ArGoSoft FTP 1.4.2.8 (CVE-2005-0696): http://www.securityfocus.com/archive/1/392653 According to CorryL's disclosure timeline, no patch had been released by the disclosure date. So, is this a rediscovery [ more ] [ reply ] Limbo CMS code execution 2006-02-28 Alexander Hristov (joffer gmail com) Official page : http://www.limbo-cms.com/ Vulnerable : Limbo 1.* Fix : No Bug : http://somehost/path-to-limbo/index.php?option=frontpage&Itemid=system(C ODE) example : index.php?option=frontpage&Itemid=system(uname) Google search string : inurl:"option=frontpage" -- Best Regards, Aleksander Hri [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:09.openssh 2006-03-01 FreeBSD Security Advisories (security-advisories freebsd org) Re: Bypass Fortinet anti-virus using FTP 2006-02-28 Mathieu Dessus (mdessus gmail com) > Information pertaining to this vulnerability has been posted on Fortinet's security advisories web page. > http://www.fortinet.com/FortiGuardCenter/ftp_vuln.html On this page, we can read "Fortinet advises that a RECENTLY discovered vulnerability...". It was just discovered and announced to Fort [ more ] [ reply ] recursive DNS servers DDoS as a growing DDoS problem 2006-02-28 Gadi Evron (ge linuxbox org) Hi guys. We discussed recursive DNS servers before (servers which allow to query anything - including what they are not authoritative for, through them). The attack currently in the wild is a lot bigger and more complicated than this, but to begin, here is an explanation (by metaphor) of that pa [ more ] [ reply ] bttlxeForum 2.* XSS Vulnerability 2006-02-26 stormhacker hotmail com --------------------Summary---------------- Software: bttlxeForum Sowtware's Web Site: http://www.bttlxe.com/ Versions: 2.* Type: Cross-Site Scripting Class: Remote Exploit: Available Solution: Not Available Discovered by: runvirus (worlddefacers.de securitycentra.com) -----------------Description- [ more ] [ reply ] Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities 2006-02-28 Daniel Veditz (dveditz cruzio com) Daniel Veditz wrote: > [a plain text message] Just got half a dozen bounces because my plain-text email supposedly contained "Suspicious I-Frame.a (Malicious Mobile Code) virus". Those of you behind McAfee GroupShield barriers may not be getting the whole conversation here if people can't even use [ more ] [ reply ] Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities 2006-02-28 Renaud Lifchitz (r lifchitz sysdream com) Hello, If you carefully look at the inline attachments, you will find this (first proof of concept) : <html><head></head><body style="margin: 0px; padding: 0px; border: 0px;"><iframe src="http://www.sysdream.com" width="100%" height="100%" frameborder="0" marginheight="0" marginwidth="0"></iframe> [ more ] [ reply ] PEHEPE Membership Management System Multiple Vulnerabilities 2006-02-28 mail yunusemreyilmaz com - Advisory: PEHEPE Membership Management System Multiple Vulnerabilities - Author: Yunus Emre Yilmaz -- mail[at]yunusemreyilmaz(dot)com - Application: PEHEPE MemberShip Management System (http://www.pehepe.org/UYELİK3) - Affected Version : v3 ( maybe older versions..) - Risk : Critical -- Det [ more ] [ reply ] [ MDKSA-2006:051 ] - Updated gettext packages fix temporary file vulnerabilities 2006-02-28 security mandriva com Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities 2006-02-28 Daniel Veditz (dveditz cruzio com) Renaud Lifchitz wrote: > Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities We believe this to be a testing error. The problem of loading remote iframe and css content was fixed prior to the release of Mozilla Thunderbird 1.0 The testcase included in the advisory contains the if [ more ] [ reply ] Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability 2006-02-28 Adam Chesnutt (icetre digitalfreezer net) I checked this against my 602v1 also last night, no go James Garrison wrote: > Not my WG602v2. > > info (at) teamintell (dot) com [email concealed] wrote: >> Netgear WG602 reportedly contains a default administrative account. >> This issue can allow a remote attacker to gain administrative access >> to the device. >> >> supe [ more ] [ reply ] Virex on-access scanning unreliable 2006-02-28 hahn math hu-berlin de Vulnerability: The on-access scanner of McAfee Virex 7.7 for Mac is unreliable and fails the EICAR test. Using any webbrowser to download the EICAR testvirus from http://www.eicar.org/anti_virus_test_file.htm will not trigger the Virex on-access scanner and will not be noticed in most cases. If Vi [ more ] [ reply ] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities 2006-02-28 Renaud Lifchitz (r lifchitz sysdream com) [security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access 2006-02-28 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00601530 Version: 1 HPSBMA02099 SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be [ more ] [ reply ] (PHP) mb_send_mail security bypass 2006-02-28 ced clerget free fr Vulnerable: PHP4, PHP5 with use of sendmail 8.13.4 >< When safemode disabled and open_basedir restriction in effect, we can pass extra parameters to sendmail command in mail function, especially the -C and -X arguments. -C for alternate configuration file -X to log all in a file Can be used to view [ more ] [ reply ] |
|
Privacy Statement |
----------
Firefox is very popular and secure web browser. Until now, it is used by
milions of people and thousands of internet clubs. One of the great features of
Firefox are extensions. You can use them to create things inside your browser
which are beyond your imagination. But everythi
[ more ] [ reply ]