|
|
Colapse all |
Post message
Secunia Research: Lotus Notes Multiple Archive Handling DirectoryTraversal 2006-02-10 Secunia Research (vuln secunia com) SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007) 2006-02-10 Ludwig Nussel (ludwig nussel suse de) [eVuln] GuestBookHost Authentication Bypass 2006-02-09 alex evuln com New eVuln Advisory: GuestBookHost Authentication Bypass http://evuln.com/vulns/56/summary.html --------------------Summary---------------- eVuln ID: EV0056 CVE: CVE-2006-0542 Software: GuestBookHost Sowtware's Web Site: http://nukedweb.memebot.com/ Versions: 2005.04.25 Critical Level: Moderate Type [ more ] [ reply ] runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package 2006-02-09 rgod autistici org --- RunCMS <= 1.3a2 remote code execution ------------------------------------ software: site: http://www.runcms.org/public/modules/news/ description: "RUNCMS (E-Xoops) is a extensible content management system based on the v1 core of Xoops" ------------------------------------------- [ more ] [ reply ] [SECURITY] [DSA 967-1] New elog packages fix arbitrary code execution 2006-02-10 joey infodrom org (Martin Schulze) RE: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0 2006-02-09 Amin Tora (atora EPLUS com) Can a tool as this be as useful when there are rainbow tables out there to utilize for this kind of cracking? Amin Tora, CISSP,CHSP,CCSI Senior Security Consultant ePlus Technology Inc. Mailstop #168 13595 Dulles Technology Drive Herndon, VA 20171 Office: (703) 984-8007 Cell: (703) 675-0738 Fax: [ more ] [ reply ] Secunia Research: Lotus Notes HTML Speed Reader Link BufferOverflows 2006-02-10 Secunia Research (vuln secunia com) LayerOne 2006 - Event Update and Announcement 2006-02-10 Layer One (layeronecfp gmail com) LayerOne - 2006 April 15-16, 2006 Pasadena Hilton Pasadena, CA http://layerone.info Initial LayerOne speaker line-up Since the opening of our CFP cycle we have been recieving quite a few papers from a wide background of indivduals. Recently we have begun accepting talks for this years event. There [ more ] [ reply ] Secunia Research: Lotus Notes UUE File Handling Buffer Overflow 2006-02-10 Secunia Research (vuln secunia com) [ Secuobs - Advisory ] Bluetooth : DoS on Nokia cell phones 2006-02-10 Infratech Research (research infratech fr) [Software affected] Bluetooth Stack on Nokia cell phones [Version] Nokia N70 and maybe other models [Impact] Denial of Service on Bluetooth Stack (maybe more) - Message "System Error" - Phone DoS (shutdown) [Credits] Pierre Betouin - pierre.betouin (at) infratech (dot) fr [email concealed] - Bug found with BSS v0.6 GPL fuzz [ more ] [ reply ] iDEFENSE Security Advisory 02.10.06: IBM Lotus Domino Server LDAP DoS Vulnerability 2006-02-10 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) IBM Lotus Domino Server LDAP DoS Vulnerability iDEFENSE Security Advisory 02.10.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389 February 10, 2006 I. BACKGROUND IBM Lotus Domino Server software provides messaging, calendaring and scheduling capabilities on a variety of o [ more ] [ reply ] [eVuln] Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities 2006-02-09 alex evuln com New eVuln Advisory: Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities http://evuln.com/vulns/55/summary.html --------------------Summary---------------- eVuln ID: EV0055 CVE: CVE-2006-0605 CVE-2006-0606 Software: Shoutbox Sowtware's Web Site: http://www.unknowndomain.co.uk/ Versi [ more ] [ reply ] Secunia Research: Lotus Notes TAR Reader File Extraction BufferOverflow 2006-02-10 Secunia Research (vuln secunia com) CPAINT AJAX Library Cross Site Scripting 2006-02-10 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research February 9, 2006 ########################################################## # Vendor : CPAINT # URL : http://sourceforge.net/projects/cpaint # Version : CPAINT <= 2.0.2 # Risk : Cross Site Scripting # [ more ] [ reply ] Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0 2006-02-09 Solar Designer (solar openwall com) On Thu, Feb 09, 2006 at 03:44:25PM -0500, Amin Tora wrote: > Can a tool as this be as useful when there are rainbow tables out there > to utilize for this kind of cracking? For salted hashes (such as of Unix passwords), definitely yes. In fact, I am not aware of rainbow table implementations for [ more ] [ reply ] ProtoVer Sample LDAP testsuite release 2006-02-10 Evgeny Legerov (research gleg net) Hi, I am pleased to announce the release of ProtoVer Sample LDAP testsuite. The purpose of ProtoVer Sample LDAP testsuite is to evaluate security and stability of LDAP v3 server protocol implementations. The testsuite contains 3665 individual test cases in raw binary format generated with the h [ more ] [ reply ] Re: CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion 2006-02-10 noreply dragonflycms org [security bulletin] SSRT051102 rev.1 - HP HTTP Server Running on Windows, Forced Use of Weaker Security Protocol 2006-02-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00592810 Version: 1 HPSBMA02093 SSRT051102 rev.1 - HP HTTP Server Running on Windows, Forced Use of Weaker Security Protocol NOTICE: The information in this Security Bulletin should be acted upo [ more ] [ reply ] Secunia Research: IBM Lotus Domino iNotes Client Script InsertionVulnerabilities 2006-02-10 Secunia Research (vuln secunia com) Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow 2006-02-10 Secunia Research (vuln secunia com) What can a Remote Vulnerability Scanner do in Future? 2006-02-06 Alice Bryson (abryson bytefocus com) hi there: I'm engaged in design a Remote Vulnerability Scanner. We have done a non-preemptive multithread engine and written almost 2000 vulnerability plugins. Each one of plugins according to one CVE ID. After we done these work, we get confused and don't know what to do. first, although Mi [ more ] [ reply ] Fwd: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan. 2006-02-06 Mert SARICA (mert sarica gmail com) ---------- Forwarded message ---------- From: Mert SARICA <mert.sarica (at) gmail (dot) com [email concealed]> Date: 05.Þub.2006 13:59 Subject: Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan. To: prashant.meswani (at) ukonline.co (dot) uk [email concealed] Of course it is a real [ more ] [ reply ] [security bulletin] SSRT051007 rev.2 - HP Tru64 UNIX Running DNS BIND4/BIND8 with Forwarders: Remote Unauthorized Privileged Access 2006-02-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00595837 Version: 2 HPSBTU02095 SSRT051007 rev.2 - HP Tru64 UNIX Running DNS BIND4/BIND8 with Forwarders: Remote Unauthorized Privileged Access NOTICE: The information in this Security Bulletin [ more ] [ reply ] [SECURITY] [DSA 966-1] New adzapper packages fix denial of service 2006-02-09 joey infodrom org (Martin Schulze) John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0 2006-02-09 Solar Designer (solar openwall com) Hi, This is to announce several related items at once. :-) After 7+ years of development snapshots only (yes, I know, that was wrong), John the Ripper 1.7 release is out: http://www.openwall.com/john/ John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 a [ more ] [ reply ] |
|
Privacy Statement |
Secunia Research 10/02/2006
- Lotus Notes Multiple Archive Handling Directory Traversal -
======================================================================
Table of Contents
Affected Software.
[ more ] [ reply ]