|
|
Colapse all |
Post message
iDefense Security Advisory 02.01.06: Winamp m3u Parsing Stack Overflow Vulnerability 2006-02-01 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Winamp m3u Parsing Stack Overflow Vulnerability iDefense Security Advisory 02.01.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=377 February 1, 2006 I. BACKGROUND Winamp is a popular media player for Windows which supports many audio/video file formats. More information c [ more ] [ reply ] iDefense Security Advisory 02.01.06: Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability 2006-02-01 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability iDefense Security Advisory 02.01.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378 February 1, 2006 I. BACKGROUND Winamp is a popular media player for Windows which supports many audio/video file formats. More i [ more ] [ reply ] Database Manager Default pass 2006-01-31 fireboynet webmails com Tunis the 31/jan/2006 bug found by Fireboy fireboynet (at) webmails (dot) com [email concealed] Product affected:DBMan for Windows and Unix Product vendor: http://www.gossamer-threads.com the problem with DBman is default passwords these are default pass : admin/admin,author/author,guest/guest if the admin not change the [ more ] [ reply ] Verified evasion in Snort 2006-01-26 a securityfocus com, non securityfocus com,poet securityfocus com, in securityfocus com (at),connu securityfocus com, dot_ securityfocus com,isu securityfocus com, d_ot securityfocus com, edu security (1 replies) <pre> Dan Kaminsky gave a presentation at shmoocon and mentioned using ip fragmentation timers to evade intrusion detection systems. It's a pretty straightforward technique and easy to code up so we decided to look and see if Snort was vulnerable. ------------------------------------------------ [ more ] [ reply ] Internet Explorer remotely exploitable vulnerability in JScript's document.write() method 2006-01-31 porkythepig anspi pl There is a remotely exploitable vulnerability in the Internet Explorer in the JScripting/Flash plugin section. The problem lies in bad scripting of document.write() method being executed trough VBscript procedure triggered from ActionScript code within the crafted flash animation. While exiting the [ more ] [ reply ] DISIT - OPEN SOURCE DISASSEMBLER ENGINE 2006-01-31 Piotr Bania (bania piotr gmail com) Hi, If someone is interrested I have released beta version of my disassembler engine, available here: http://www.piotrbania.com/all/disit/ best regards, Piotr Bania -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr (at) gmail (dot) com [email concealed]> - 0xCD, 0x19 Fingerp [ more ] [ reply ] [security bulletin] SSRT051007 rev.1 - HP Tru64 UNIX Running DNS BIND Remote Unauthorized Privileged Access 2006-02-01 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00595837 Version: 1 HPSBTU02095 SSRT051007 rev.1 - HP Tru64 UNIX Running DNS BIND Remote Unauthorized Privileged Access NOTICE: The information in this Security Bulletin should be acted upon as [ more ] [ reply ] [SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution 2006-02-01 joey infodrom org (Martin Schulze) [SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution 2006-02-01 joey infodrom org (Martin Schulze) [eVuln] SZUserMgnt Authentication Bypass 2006-02-01 alex evuln com New eVuln Advisory: SZUserMgnt Authentication Bypass http://evuln.com/vulns/53/summary.html --------------------Summary---------------- Software: SZUserMgnt Sowtware's Web Site: http://www.subzane.com Versions: 1.4 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched Exploi [ more ] [ reply ] [eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities 2006-02-01 alex evuln com New eVuln Advisory: Calendarix SQL Injection & Authorization Bypass Vulnerabilities http://evuln.com/vulns/52/summary.html --------------------Summary---------------- Software: Calendarix Sowtware's Web Site: http://www.calendarix.com/ Versions: 0.6.20050830 Critical Level: Moderate Type: SQL Inje [ more ] [ reply ] ZRCSA-200601: SPIP - Multiple Vulnerabilities 2006-01-31 research zone-h fr Zone-H Research Center Security Advisory 200601 http://www.zone-h.fr Date of release: 31/01/2006 Software: SPIP (http://www.spip.net) Affected versions: < 1.8.2-e , < 1.9 Alpha 2 (5539) Risk: Medium Discovered by: Kevin Fernandez "Siegfried" and Benoît Sklénard "netcraft" from the Zone-H Research T [ more ] [ reply ] Blackboard Authentication Error 2006-02-01 jdo24 cornell edu (1 replies) Hello, Here at my university we use Blackboard as the chosen tool for having online class websites, grading, chatrooms, announcements, quizzing, etc., in a convenient fashion. Blackboard works alongside our Kerberos authentication to be sure that the person who is accessing the information is the [ more ] [ reply ] Windows Access Control Demystified 2006-01-31 sudhakar+bugtraq cs princeton edu Hello everybody, We have constructed a logical model of Windows XP access control, in a declarative but executable (Datalog) format. We have built a scanner that reads access-control configuration information from the Windows registry, file system, and service control manager database, and feeds [ more ] [ reply ] [SECURITY] [DSA 960-2] New libmail-audit-perl packages fix insecure temporary file use 2006-01-31 joey infodrom org (Martin Schulze) Xmame 0.102 local vulnerability proof-of-concept 2006-01-31 Rafael San Miguel Carrasco (smcsoc yahoo es) The following proof-of-concept demonstrates the existence of the local vulnerability found in xmame 0.102. It uses the brute-force technique. The RET address interval works on Intel Debian GNU/Linux. To test for the vulnerability, run "gcc exploit-c -o exploit" and then "perl fb.pl". exploit.c: [ more ] [ reply ] Nmap 4.00 Released 2006-01-31 Fyodor (fyodor insecure org) Bugtraqers, Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 4.00 from http://www.insecure.org/nmap/ . I try not to burden the Bugtraq list with more than one Nmap announcement per year. So I encourage those of you who would like to hear abo [ more ] [ reply ] [SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use 2006-01-31 joey infodrom org (Martin Schulze) FarsiNews 2.1 PHP Remote File Inclusion 2006-01-31 h e (het_ebadi yahoo com) Remote File Inclusion in FarsiNews 2.1 and below Credit: The information has been provided by Hamid Ebadi (Hamid Network Security Team) :admin (at) hamid (dot) ir. [email concealed] The original article can be found at : http://hamid.ir/security Vulnerable Systems: FarsiNews 2.1 Beta 2 and below Vulnerable Code: The fo [ more ] [ reply ] [SECURITY] [DSA 957-2] New ImageMagick packages fix arbitrary command execution 2006-01-31 joey infodrom org (Martin Schulze) MyCO multiple vulnerabilities 2006-01-31 revnic gmail com MyCO multiple vulnerabilities Software: MyCO guestbook 1.0 www.punctweb.com Credit: Revnic Vasile revnic (at) gmail (dot) com [email concealed] Description: MyCO is a PHP guestbook that uses a MySQL database Vulnerability: the /admin directory is accessible by everyone. XSS can be injected into the field "Name" when regist [ more ] [ reply ] Proof of concept for CommuniGate Pro Server vulnerability 2006-01-31 Evgeny Legerov (research gleg net) Hi all, The simple code below can be used to reproduce one of CommuniGate 5.0.6 LDAP vulnerabilities (http://www.gleg.net/cg_advisory.txt) #!/usr/bin/env python # Use this code at your own risk. # It may crash your server! # Author: Evgeny Legerov import sys import socket HELP=""" CommuniGate P [ more ] [ reply ] Re: EasyCMS vulnerable to XSS injection. 2006-01-31 kim easycms no Kind of you to notice, our system will during the next week be patched for XSS flaws in the different input fields which might be of concern for XSS. The rest of the system will also be checked to reensure that all user-input is processed securely. We take this matter seriusly, and would like to in [ more ] [ reply ] Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist 2006-01-31 Juha-Matti Laurio (juha-matti laurio netti fi) Nullsoft has released a fixed version 5.13 now. Internet Storm Center shared the information last night at http://isc.sans.org/diary.php?storyid=1080 An official download link is http://www.winamp.com/player/ - Juha-Matti > > You can disable auto launching Winamp for playlist files as a workar [ more ] [ reply ] Cerberus Helpdesk vulnerable to XSS 2006-01-30 preben watchcom no Inputs in the Cerberus Helpdesk is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters. You can add XSS that will hit every user of the system, and even simple scripting tags like <script>alert(?f?)</script> is allowed PoC: http://www.SITE.example/tt [ more ] [ reply ] BrowserCRM vulnerable for XSS 2006-01-31 preben watchcom no Inputs in the BrowserCRM is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters. Some fields have been filtered in a basic form, so that simple scripting like "<script>alert('XSS')</script>" is not possible. Howevere, since the filtering is not based [ more ] [ reply ] |
|
Privacy Statement |
or is NOT an exploitable bug?
-----Original Message-----
From: Crowdat Kurobudetsu [mailto:crowdat (at) gmail (dot) com [email concealed]]
Sent: Tuesday, January 24, 2006 6:24 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Buffer Overflow /Font on mIRC
- 1
[ more ] [ reply ]