[KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability

KAPDA New advisory

Vulnerable products : Runcms 1.x
Vendor: www.runcms.org
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
roozbeh[at]yahoo[dot]com
www.kapda.ir
www.persiax.com

Date :
--------------------

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200602-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

In response to:

"How would you detect such a vulnerability without actually hacking the
system? Is one supposed to not notice these things? Will that really
make them go away?"

White Box and black box testing used in combination. These are not pen.
tests contrary to the belief of many people. An

[ more ]  [ reply ]

On 2006-02-19 Ronald Chmara wrote:
> On Feb 17, 2006, at 5:23 AM, Ansgar -59cobalt- Wiechers wrote:
>> I have to disagree on the part that hacking into other people's
>> systems *without* doing any damage should be illegal. Why is that?
>> Well, first of all because the definition of what is and wha

[ more ]  [ reply ]

Many ISP's who do care about issues such as worms, infected users
"spreading the love", etc. simply do not have the man-power to handle
all their infected users' population

It is becoming more and more obvious that the answer may not be at the
ISP's doorstep, but the ISP's are indeed a critical

[ more ]  [ reply ]

/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #16 - 18/02/06
--------------------------------------------------------
Program: Invision Power Board 2.1.4
Homepage: http://www.invisionboard.com
Vulnerable Versions: 2.1.4 & Lower versions
Risk:

[ more ]  [ reply ]

##########################################################
# GulfTech Security Research February 21, 2006
##########################################################
# Vendor : Markus Wolff
# URL : http://pear.php.net/package/LiveUser/
# Version : PEAR LiveUser <= 0.16.8
# Risk : Arbitrary

[ more ]  [ reply ]

Hello

A large number of people state that;
1 They are security professionals
2 That they need to break into systems to be effective.
3 That ethics do not matter.

The first point is that the two are mutually exclusive. Any professional
must by definition be a professional - this means that they

[ more ]  [ reply ]

On Mon, 20 Feb 2006, Gadi Evron wrote:
> Christine Kronberg wrote:
>> On Sun, 19 Feb 2006, Gadi Evron wrote:
>>
>>> Today, we received a notification about a new Linux malware ItW (In the
>>> Wild).
>>
>> They are not exactly new. I've seen them floating around for about
>> two months now. Th

[ more ]  [ reply ]

Does anyone know of a good contact address for the people that make the
H&R Block tax software? Their web site isn't very helpful.

-Fixer

[ more ]  [ reply ]

You know, This may be a little hard to follow but I think I can tie it
together with piracy.

A lot of persons commenting mentioned the lack of skill due to the
legal ramifications of "practice".
So you have persons with actual skill in penetration and then those
without due to the legal rules in p

[ more ]  [ reply ]

We just got some emails for amazon phishing scams. Turns out the scam
domain was registered just today (same day). Internic and others aren't
reporting it, but Melbourne IT does. Phishing site resides on Yahoo's
servers, but their Abuse department closed at 5pm. A full 6 or so hours
to run b

[ more ]  [ reply ]

Hello,

First on the trespass angle. In reality this would equate to more of a
break and enter violation. The UK and EU laws in this respect have a
good grounding in fitting the sentence to the crime. The range is based
on the resultant effect.

In the UK, the Computer Misuse Act 1990 (c.18) has a

[ more ]  [ reply ]

/*
---------------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® PunBB 1.2.10 Multiple DoS Vulnerabilities
---------------------------------------------------------------
Program : PunBB 1.2.10
Homepage: http://www.punbb.org
Vulnerable Versions: PunBB 1.2.10 & lower

[ more ]  [ reply ]

SecurityReason Note :
=====================
http://securityreason.com/achievement_securityalert/27

The adv was posted on : 15.11.2005
Exploit for this issue also was realised : http://securityreason.com/achievement_exploitalert/5

And the fix too : http://securityreason.com/patch/6

More informati

[ more ]  [ reply ]

New eVuln Advisory:
BirthSys SQL Injection Vulnerability
http://evuln.com/vulns/74/summary.html

--------------------Summary----------------
eVuln ID: EV0074
CVE: CVE-2006-0775
Software: BirthSys
Sowtware's Web Site: http://clvfoto.free.fr/site/download.php3
Versions: 3.1
Critical Level: Moderate
Ty

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-254-1 February 21, 2006
noweb vulnerability
CVE-2005-3342
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:044
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]