|
|
Colapse all |
Post message
[ GLSA 200602-12 ] GPdf: Heap overflows in included Xpdf code 2006-02-21 Thierry Carrez (koon gentoo org) Mozila Thunderbird 1.5 Address Book DoS 2006-02-21 Javor Ninov (drfrancky securax org) Affected: Mozila Thunderbird 1.5 /possibly other versions/ Mozila Thunderbird 1.5 address book allows fields of unlimited size in the address book which leads to a DoS if you import such ldif file POC: create a file.ldif and insert following then import it in address book: ------- start -------- n [ more ] [ reply ] [eVuln] Magic Downloads Unauthorized Data Modification 2006-02-21 alex evuln com New eVuln Advisory: Magic Downloads Unauthorized Data Modification http://evuln.com/vulns/73/summary.html --------------------Summary---------------- eVuln ID: EV0073 CVE: CVE-2006-0722 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Downloads Sowtware's Web Si [ more ] [ reply ] MiniNuke CMS System all versions (pages.asp) SQL Injection 2006-02-20 nukedx nukedx com --Security Report-- Advisory: MiniNuke CMS System all versions (pages.asp) SQL Injection vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 19/02/06 10:31 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: MiniNuke (www.m [ more ] [ reply ] [eVuln] Magic News Lite PHP Code Execution & Unauthorized Data Modification 2006-02-20 alex evuln com New eVuln Advisory: Magic News Lite PHP Code Execution & Unauthorized Data Modification http://evuln.com/vulns/72/summary.html --------------------Summary---------------- eVuln ID: EV0072 CVE: CVE-2006-0723 CVE-2006-0724 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software [ more ] [ reply ] Whitepaper by Amit Klein: "HTTP Response Smuggling" 2006-02-20 Amit Klein (AKsecurity) (aksecurity hotpop com) [USN-256-1] bluez-hcidump vulnerability 2006-02-21 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-256-1 February 21, 2006 bluez-hcidump vulnerability CVE-2006-0670 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) [ more ] [ reply ] how to crash apache/php in cpanel 2006-02-20 Ed Wiget (ewiget rhpstudios com) I am really not sure if this is a cpanel, php, or apache problem but will let others find out. This is the entire reason I am supplying this information.... In a recent post concerning a mambo error message: Warning: ob_start(): output handler 'ob_gzhandler' cannot be used after 'URL-Rewriter' [ more ] [ reply ] grab cookie information with Melange Chat Server 1.10 2006-02-21 Nexus (nexus logik gmail com) A common problem has been found by many sites running the Melange Chat Server (Here on out states as m-chat). M-Chat is a simple IRC like chat program for private websites. it can be ran from a java script, by using the browser to connect to the host on port 6666 (hence www.host.com:6666). Howev [ more ] [ reply ] [USN-255-1] openssh vulnerability 2006-02-21 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-255-1 February 21, 2006 openssh vulnerability CVE-2006-0225 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability 2006-02-20 João Antunes (jantunes di fc ul pt) ---------------------------------------- Synopsis ---------------------------------------- TrueNorth IA eMailserver 5.3.4 is prone to a remote buffer overflow vulnerability in the IMAP server. Product: Internet Anywhere eMailserver Corporate Edition Version: 5.3.4 and probably the older versions Ven [ more ] [ reply ] Re: Not completely fixed? 2006-02-21 Werner Koch (wk gnupg org) On Mon, 20 Feb 2006 17:14:52 +0100, Marcus Meissner said: > While files with other content report: > $ gpg -o xx xx.any > gpg: no valid OpenPGP data found. > gpg: processing message failed: eof > $ echo $? > 2 > $ Just to explain this one: The code uses a heuristic to test whether it is a binary o [ more ] [ reply ] [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4 2006-02-21 mkanat bugzilla org Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security bugs that have recently been discovered and fixed in the Bugzilla code: + The 'whinedays' and 'mostfreqthreshold' parameters are not correctly validated [ more ] [ reply ] [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack 2006-02-21 addmimistrator gmail com Hello Everybody ???Summary??? Software: CuteNews Sowtware?s Web Site: http://cutephp.com Versions: 1.4.1 Class: Remote Status: Unpatched Exploit: Available Solution: NotAvailable Discovered by: imei addmimistrator Risk Level: Mediume&High ??-Description??- There is a security bug in CuteNews version [ more ] [ reply ] SUSE Security Announcement: gpg,liby2util signature checking problems (SUSE-SA:2006:009) 2006-02-20 Marcus Meissner (meissner suse de) Geeklog Remote Code Execution 2006-02-19 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research February 19, 2006 ########################################################## # Vendor : Geeklog # URL : http://www.geeklog.net/ # Version : All Versions # Risk : Multiple Vulnerabilities ############## [ more ] [ reply ] [eVuln] Time Tracking Software Multiple Vulnerabilities 2006-02-19 alex evuln com New eVuln Advisory: Time Tracking Software Multiple Vulnerabilities http://evuln.com/vulns/69/summary.html --------------------Summary---------------- eVuln ID: EV0069 CVE: CVE-2006-0689 CVE-2006-0690 CVE-2006-0691 Vendor: TTS Software Software: Time Tracking Software Sowtware's Web Site: http://sc [ more ] [ reply ] Secunia Research: NJStar Word Processor Font Name Buffer Overflow 2006-02-20 Secunia Research (remove-vuln secunia com) Guestbox XSS/an admin bypass 2006-02-20 innate gmx de author.: l0om - www.excluded.org product: guestbox (latest non-BETA) 0.6 page: http://spring.realone.ch dork: "Login - Guestbox 0.6" inurl:guestbox.php someone asked me to check the guestbook named "guestbox" and thats the advisory based on my checks. 1.0 everyone can set admin comments to al [ more ] [ reply ] More info: gBook Multiple Unspecified Cross-Site Scripting Vulnerabilities 2006-02-20 mkproductions users sourceforge net [eVuln] Magic Calendar Lite Authentication Bypass 2006-02-20 alex evuln com New eVuln Advisory: Magic Calendar Lite Authentication Bypass http://evuln.com/vulns/71/summary.html --------------------Summary---------------- eVuln ID: EV0071 CVE: CVE-2006-0673 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Calendar Lite Sowtware's Web Sit [ more ] [ reply ] update on the linux worm 2006-02-19 Gadi Evron (ge linuxbox org) A quick digest of some updates from the last few hours on this issue: 1. The worm is based on 'kaiten', which has been going around in different variants for a long time now. 2. This worm is new. 3. The first part exploits PHP applications, like these variants normally do. 4. The second part s [ more ] [ reply ] |
|
Privacy Statement |
> The New Face of Phishing
> By Brian Krebs | February 13, 2006
<snip>
> Now here's where it gets really interesting. The phishing site, which
> is still up at the time of this writing, is protected by a Secure
> Sockets Layer (SSL) encryption certificate issued by a division of
>
[ more ] [ reply ]