BugTraq Mode:
(Page 1218 of 1748)  < Prev  1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223  Next >
What A Click! [Internet Explorer] 2006-01-24
mikx (mikx mikx de)
It's now almost 18 months ago that i posted my first security advisory "What
A Drag! -revisited-", seems to be a good time to post "What A Click!".

Both bugs had about the same exploit potential, but i assume this one will
have far less impact and media response (which i consider a great thing fo

[ more ]  [ reply ]
Re: IndonesiaHack Advisory HTML injection in PHP Fusebox 2006-01-23
brian428 yahoo com
This isn't a vulnerability. The framework is doing what it is supposed to, and it isn't the job of the framework to place arbitrary restrictions on what the user can pass into it. For example, the CF version of Fusebox has also had this "vulnerability" pointed out. But CF already has a mechanism to

[ more ]  [ reply ]
[eVuln] Text Rider Sensitive Information Disclosure 2006-01-24
alex evuln com
New eVuln Advisory:
Text Rider Sensitive Information Disclosure
http://evuln.com/vulns/46/summary.html

--------------------Summary----------------

Software: Text Rider
Sowtware's Web Site: http://robot.ir/blog/mollasadra/textrider/
Versions: 2.4
Critical Level: Dangerous
Type: Sensitive Informatio

[ more ]  [ reply ]
Newsphp Multiple SQL Injection Vulnerabilities 2006-01-22
s3ude securityfocus com, hotmail com securityfocus com (at)
Software: NewsPHP
Web Site: http://www.newsphp.com
Versions: All
Type: Multiple SQL Injection
Class: Remote

Exploit :

1-

http://www.target.com/index.php?discuss=SQL

2-

http://www.target.com/index.php?tim=SQL

3-

http://www.target.com/index.php?id=SQL

4-

http://www.target.com/index.php?word

[ more ]  [ reply ]
[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting 2006-01-24
roozbeh_afrasiabi yahoo com
[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting

KAPDA New advisory

Vulnerable products : MYBB 1.x
Vendor: www.mybboard.net/
Risk: medium
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
www.persiax.com

Date :
--------------------
Found : Jan 21 2006
Vendor Contacted : N/A
Relea

[ more ]  [ reply ]
[SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting 2006-01-24
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 953-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 24th, 2006

[ more ]  [ reply ]
[eVuln] miniBloggie Authentication Bypass 2006-01-24
alex evuln com
New eVuln Advisory:
miniBloggie Authentication Bypass
http://evuln.com/vulns/47/summary.html

--------------------Summary----------------
Vendor: myWebland
Vendor's Web Site: http://mywebland.neopages.net/
Software: miniBloggie
Versions: 1.0
Critical Level: Moderate
Type: SQL Injection
Class: Remote

[ more ]  [ reply ]
[security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege 2006-01-24
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00591401

Version: 1

HPSBUX02091 SSRT061099 rev.1 - HP-UX Local Increased Privilege

NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.

Release Date: 200

[ more ]  [ reply ]
Re: Tumbleweed EMF 6.x Processing Issues 2006-01-24
support tumbleweed com
Tumbleweed is not aware of any vulnerability in the Email Firewall product that would cause messages to bypass the policy engine. It is possible that the symptoms you are observing are as a result of a configuration problem. Please contact our global support team who can assist you in diagnosing a

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-06:06.kmem 2006-01-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-06:06.kmem Security Advisory
The FreeBSD Project

Topic: Lo

[ more ]  [ reply ]
Rosiello Security - Eterm-LibAST Advisory 2006-01-25
angelo rosiello org

Eterm-LibAST Advisory

Rosiello Security
http://www.rosiello.org

I. BACKGROUND

Eterm (http://www.eterm.org) is a color vt102 terminal emulator intended as an xterm(1) replacement. It is designed with a Freedom of Choice philosophy, leaving as much power, fle

[ more ]  [ reply ]
Updated ipsec-tools packages fix vulnerability 2006-01-25
security mandriva com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:020
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]
[eVuln] ExpressionEngine 'Referer' XSS Vulnerability 2006-01-25
alex evuln com
New eVuln Advisory:
ExpressionEngine 'Referer' XSS Vulnerability
http://evuln.com/vulns/48/summary.html

--------------------Summary----------------

Software: ExpressionEngine
Sowtware's Web Site: http://www.pmachine.com
Versions: 1.4.1
Critical Level: Moderate
Type: Cross-Site Scripting
Class: Rem

[ more ]  [ reply ]
[SECURITY] [DSA 947-2] New clamav packages fix heap overflow 2006-01-25
Michael Stone (mstone klecker debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 947-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
January 25th, 2006

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-06:07.pf 2006-01-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-06:07.pf Security Advisory
The FreeBSD Project

Topic: IP

[ more ]  [ reply ]
HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability 2006-01-25
h4cky0u org gmail com
------------------------------------------------------
HYSA-2006-001 h4cky0u.org Advisory 010
------------------------------------------------------
Date - Wed Jan 25 2006

TITLE:
======

phpBB 2.0.19 search.php and profile.php DOS Vulnerability

SEVERITY:
=========

High

SO

[ more ]  [ reply ]
Workaround for unpatched Oracle PLSQL Gateway flaw 2006-01-25
David Litchfield (davidl ngssoftware com)
There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS
and the Oracle HTTP Server, that allows attackers to bypass the
PLSQLExclusion list and gain access to "excluded" packages and procedures.
This can be exploited by an attacker to gain full DBA control of the backend
dat

[ more ]  [ reply ]
Technical Note by Amit Klein: "XST Strikes Back" 2006-01-25
Amit Klein (AKsecurity) (aksecurity hotpop com)
Technical note

XST Strikes Back
(or perhaps "Return from the Proxy"...)

Amit Klein, January 2006

Introduction
============

About three years ago, the concept of "Cross Site Tracing" [1]
was introduced to the

[ more ]  [ reply ]
[eVuln] CheesyBlog XSS Vulnerability 2006-01-25
alex evuln com
New eVuln Advisory:
CheesyBlog XSS Vulnerability
http://evuln.com/vulns/49/summary.html

--------------------Summary----------------

Software: CheesyBlog
Sowtware's Web Site: http://cheesepizza.net/
Versions: 1.0
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched
Ex

[ more ]  [ reply ]
[SECURITY] [DSA 955-1] New mailman packages fix denial of service 2006-01-25
Michael Stone (mstone klecker debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 955-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
January 25th, 2006

[ more ]  [ reply ]
Call For Paper - SyScan'06 Singapore 2006-01-25
organiser (at) syscan (dot) org [email concealed] (organiser syscan org)
*CALL FOR PAPER

ABOUT SYSCAN?06*
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with. SyScan?06 intends to be a non-prod

[ more ]  [ reply ]
[SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution 2006-01-25
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 954-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 25th, 2006

[ more ]  [ reply ]
ANN: New release of CORE FORCE free endpoint security package 2006-01-24
Core FORCE team (force force coresecurity com)
Greetings

CoreLabs, the research arm of Core Security Technologies is pleased to
announce a new release of CORE FORCE, a free software endpoint security
solution.

CORE FORCE 080.120 is now available for download at
http://force.coresecurity.fom

This new release ships new UI improvements based on

[ more ]  [ reply ]
[eVuln] Note-A-Day Weblog Sensitive Information Disclosure 2006-01-22
alex evuln com
New eVuln Advisory:
Note-A-Day Weblog Sensitive Information Disclosure
http://evuln.com/vulns/44/summary.html

--------------------Summary----------------

Software: Note-A-Day
Sowtware's Web Site: http://noteaday.com/
Versions: 2.1
Critical Level: Moderate
Type: Sensitive Information Disclosure
Cla

[ more ]  [ reply ]
[eVuln] e-moBLOG SQL Injection Vulnerability 2006-01-22
alex evuln com
New eVuln Advisory:
e-moBLOG SQL Injection Vulnerability
http://evuln.com/vulns/43/summary.html

--------------------Summary----------------

Software: e-moBLOG
Sowtware's Web Site: http://www.e-motionalis.net/
Versions: 1.3
Critical Level: Moderate
Type: Cross-Site Scripting
Class: Remote
Status: U

[ more ]  [ reply ]
fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321) 2006-01-22
ma+bt dt e-technik uni-dortmund de
fetchmail-SA-2006-01: crash when bouncing messages.

Topics: #1 crash when bouncing a message
#2 fetchmail 6.2.5.X end of life

Author: Matthias Andree
Version: 1.0
Announced: 2006-01-22
Type: free() with bogus pointer
Impact: fetchmail crashes
Danger: low
Credits: Nathaniel W. Turner (bug re

[ more ]  [ reply ]
High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server 2006-01-22
NGSSoftware Insight Security Research (nisr ngssoftware com)
Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability
in Red Hat Directory Server and Red Hat Certificate Server. It is possible
that under certain circumstances these flaws could permit an unauthenticated
attacker to remotely compromise the Directory or Certificate server, in
o

[ more ]  [ reply ]
[ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability 2006-01-22
Sune Kloppenborg Jeppesen (jaervosz gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
[USN-245-1] KDE library vulnerability 2006-01-20
Martin Pitt (martin pitt canonical com)
===========================================================
Ubuntu Security Notice USN-245-1 January 20, 2006
kdelibs vulnerability
CVE-2006-0019
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)a
Ubu

[ more ]  [ reply ]
(Page 1218 of 1748)  < Prev  1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus