|
|
Prev week |
Colapse all |
Post message
grab cookie information with Melange Chat Server 1.10 2006-02-21 Nexus (nexus logik gmail com) A common problem has been found by many sites running the Melange Chat Server (Here on out states as m-chat). M-Chat is a simple IRC like chat program for private websites. it can be ran from a java script, by using the browser to connect to the host on port 6666 (hence www.host.com:6666). Howev [ more ] [ reply ] Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit 2006-02-21 Crispin Cowan (crispin novell com) Cristian Stoica wrote: > I have a question: > If you use an ecryption algorithm to store/get data into/from the > database you will not be able to do SQL injections ? > With a simple encryption algorithm, I do with php explode, > transform the string into an array and run the algorithm on e [ more ] [ reply ] [USN-255-1] openssh vulnerability 2006-02-21 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-255-1 February 21, 2006 openssh vulnerability CVE-2006-0225 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability 2006-02-20 João Antunes (jantunes di fc ul pt) ---------------------------------------- Synopsis ---------------------------------------- TrueNorth IA eMailserver 5.3.4 is prone to a remote buffer overflow vulnerability in the IMAP server. Product: Internet Anywhere eMailserver Corporate Edition Version: 5.3.4 and probably the older versions Ven [ more ] [ reply ] Re: Not completely fixed? 2006-02-21 Werner Koch (wk gnupg org) On Mon, 20 Feb 2006 17:14:52 +0100, Marcus Meissner said: > While files with other content report: > $ gpg -o xx xx.any > gpg: no valid OpenPGP data found. > gpg: processing message failed: eof > $ echo $? > 2 > $ Just to explain this one: The code uses a heuristic to test whether it is a binary o [ more ] [ reply ] [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4 2006-02-21 mkanat bugzilla org Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security bugs that have recently been discovered and fixed in the Bugzilla code: + The 'whinedays' and 'mostfreqthreshold' parameters are not correctly validated [ more ] [ reply ] [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack 2006-02-21 addmimistrator gmail com Hello Everybody ???Summary??? Software: CuteNews Sowtware?s Web Site: http://cutephp.com Versions: 1.4.1 Class: Remote Status: Unpatched Exploit: Available Solution: NotAvailable Discovered by: imei addmimistrator Risk Level: Mediume&High ??-Description??- There is a security bug in CuteNews version [ more ] [ reply ] SUSE Security Announcement: gpg,liby2util signature checking problems (SUSE-SA:2006:009) 2006-02-20 Marcus Meissner (meissner suse de) Geeklog Remote Code Execution 2006-02-19 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research February 19, 2006 ########################################################## # Vendor : Geeklog # URL : http://www.geeklog.net/ # Version : All Versions # Risk : Multiple Vulnerabilities ############## [ more ] [ reply ] [eVuln] Time Tracking Software Multiple Vulnerabilities 2006-02-19 alex evuln com New eVuln Advisory: Time Tracking Software Multiple Vulnerabilities http://evuln.com/vulns/69/summary.html --------------------Summary---------------- eVuln ID: EV0069 CVE: CVE-2006-0689 CVE-2006-0690 CVE-2006-0691 Vendor: TTS Software Software: Time Tracking Software Sowtware's Web Site: http://sc [ more ] [ reply ] Re: First WMF mass mailer ItW (phishing Trojan) 2006-02-20 Lance James (bugtraq securescience net) Lance James wrote: > Gadi Evron wrote: > >> The first worm (mass mailer) to (ab)use the WMF 0day is now spreading in >> Australia. >> >> Also to quickly reply to my own post (sorry) - but a quick historical analysis of the exploit and trojan itself demonstrates this: Bulk Mailing via a m [ more ] [ reply ] Secunia Research: NJStar Word Processor Font Name Buffer Overflow 2006-02-20 Secunia Research (remove-vuln secunia com) Guestbox XSS/an admin bypass 2006-02-20 innate gmx de author.: l0om - www.excluded.org product: guestbox (latest non-BETA) 0.6 page: http://spring.realone.ch dork: "Login - Guestbox 0.6" inurl:guestbox.php someone asked me to check the guestbook named "guestbox" and thats the advisory based on my checks. 1.0 everyone can set admin comments to al [ more ] [ reply ] More info: gBook Multiple Unspecified Cross-Site Scripting Vulnerabilities 2006-02-20 mkproductions users sourceforge net [eVuln] Magic Calendar Lite Authentication Bypass 2006-02-20 alex evuln com New eVuln Advisory: Magic Calendar Lite Authentication Bypass http://evuln.com/vulns/71/summary.html --------------------Summary---------------- eVuln ID: EV0071 CVE: CVE-2006-0673 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Calendar Lite Sowtware's Web Sit [ more ] [ reply ] update on the linux worm 2006-02-19 Gadi Evron (ge linuxbox org) A quick digest of some updates from the last few hours on this issue: 1. The worm is based on 'kaiten', which has been going around in different variants for a long time now. 2. This worm is new. 3. The first part exploits PHP applications, like these variants normally do. 4. The second part s [ more ] [ reply ] Re: Vulnerability in WinRAR - Phishing based 2006-02-19 Andreas Beck (becka-list-bugtraq bedatec de) preben (at) watchcom (dot) no [email concealed] wrote: > Phishing through WinRAR 3.51 > Due to the build-up of WinRAR, some vital parts of the programs > functions and url's are visible through a simple HEX editor. This is not specific to WinRAR. It is true for almost every usual binary. Exceptions are only those using a comp [ more ] [ reply ] new linux malware 2006-02-18 Gadi Evron (ge linuxbox org) Today, we received a notification about a new Linux malware ItW (In the Wild). Chas Tomlin (http://www.ecs.soton.ac.uk/~cet/) provided Shadowserver (http://www.shadowserver.org/) and Nicholas Alright who notified the relevant operational communities, with the information on the binaries. He cap [ more ] [ reply ] [OpenPKG-SA-2006.005] OpenPKG Security Advisory (tin) 2006-02-19 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [OpenPKG-SA-2006.004] OpenPKG Security Advisory (postgresql) 2006-02-19 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Re: First WMF mass mailer ItW (phishing Trojan) 2006-02-17 Lance James (bugtraq securescience net) Gadi Evron wrote: > The first worm (mass mailer) to (ab)use the WMF 0day is now spreading in > Australia. > Respectfully speaking: There are a few corrections to this that need to be expressed. The language you're using describing it as a mass-mailing worm is coming off confusing to some. The W [ more ] [ reply ] Re: Internet Explorer remotely exploitable vulnerability in JScript's document.write() method 2006-02-17 temp mihopahost com Re: Vulnerabilites in new laws on computer hacking 2006-02-17 Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) Paul, On 2006-02-15 Paul Schmehl wrote: > --On Saturday, February 11, 2006 16:35:20 +0000 self-destruction (at) itsbest (dot) com [email concealed] wrote: >> New generations of teenagers will be scared of doing online >> exploration. I'm not talking about damaging other companies' computer >> systems. I'm talking about accessi [ more ] [ reply ] Re: Vulnerabilites in new laws on computer hacking 2006-02-17 ArkanoiD (ark eltex net) nuqneH, I'd even say, if you hire someone whose security knowledge is based solely on breaking into systems, this guy will not able to produce valuable reports for customers because his viewpoint is likely to be flawed; his knowledge on protecting system usually falls into "patch-this-hole" pattern [ more ] [ reply ] Re: Vulnerabilites in new laws on computer hacking 2006-02-17 Seth Breidbart (sethb panix com) "Marcus J. Ranum" <mjr (at) ranum (dot) com [email concealed]> wrote: > If you're trying to understand the security properties of a > system by breaking into it, you not producing valuable > reports, anyhow. All you are doing is telling them where > to put the next band-aid. I know of too many (more than none is too many) exa [ more ] [ reply ] Re: Vulnerabilites in new laws on computer hacking 2006-02-16 Sysmin Sys73m47ic (sysmin systematic gmail com) > > "Advanced societies" are updating computer crime laws faster than the > > rest of the world. This means that new generations of these more > > "advanced societies" will have no clue about how remote computer attacks > > are carried out. Future generations of security "experts" will be among > > [ more ] [ reply ] |
|
Privacy Statement |
others find out. This is the entire reason I am supplying this
information....
In a recent post concerning a mambo error message:
Warning: ob_start(): output handler 'ob_gzhandler' cannot be used after
'URL-Rewriter'
[ more ] [ reply ]