|
|
Colapse all |
Post message
CodeCon program announced, early registration deadline nearing 2006-01-21 Len Sassaman (rabbi abditum com) BlogPHP config.php SQL injection login bypassed 2006-01-21 addmimistrator gmail com --------------------Summary---------------- Software: BlogPHP Sowtware's Web Site: http://www.blogphp.net/ Versions: 1(2) Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei -----------------Description--------------- Vulnerable scripts [ more ] [ reply ] Tumbleweed EMF 6.x Processing Issues 2006-01-21 jcary2543 yahoo com I've actually seen instances where inbound Internet e-mail is completely bypassing policy engine rules. The following article was referenced on their web site. It's also interesting to note that today they released another article pointing to an alleged increase in global spam. Could this produ [ more ] [ reply ] MDKSA-2006:019 - Updated kdelibs packages fix vulnerability 2006-01-21 Mandriva Security Team (security mandriva com) [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities 2006-01-18 alex evuln com New eVuln Advisory: SaralBlog XSS & Multiple SQL Injection Vulnerabilities http://evuln.com/vulns/40/summary/bt/ --------------------Summary---------------- Software: SaralBlog Sowtware's Web Site: http://www.saralblog.org/ Versions: 1.0 Critical Level: Moderate Type: Multiple Vulnerabilities Clas [ more ] [ reply ] [eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities 2006-01-18 alex evuln com New eVuln Advisory: eggblog Multiple SQL Injection & XSS Vulnerabilities http://evuln.com/vulns/39/summary/bt/ --------------------Summary---------------- Software: eggblog Sowtware's Web Site: http://www.epicdesigns.co.uk/projects/eggblog Versions: 2.0 Critical Level: Moderate Type: Multiple Vuln [ more ] [ reply ] [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure 2006-01-20 alex evuln com New eVuln Advisory: RCBlog Directory Traversal & Sensitive Information Disclosure http://evuln.com/vulns/42/summary.html --------------------Summary---------------- Software: RCBlog Sowtware's Web Site: http://www.fluffington.com/ Versions: 1.0.3 Critical Level: Dangerous Type: Sensitive Informati [ more ] [ reply ] [SECURITY] [DSA 946-1] New sudo packages fix privilege escalation 2006-01-20 joey infodrom org (Martin Schulze) [SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow 2006-01-20 Michael Stone (mstone klecker debian org) MySQL 5.0 information leak? 2006-01-20 Bernd Wurst (bernd bwurst org) (2 replies) Hi. I just upgraded to mysql 5.0.18 and started using all those cool new features. :) But concerning VIEWs, I think the information_schema is too verbose to the user. I started creating a VIEW that searches information from several tables, mangles the data and gives the user a clean table with [ more ] [ reply ] SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003) 2006-01-20 Ludwig Nussel (ludwig nussel suse de) [SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow 2006-01-20 Michael Stone (mstone klecker debian org) BlogPHP config.php SQL injection login bypass 2006-01-20 addmimistrator gmail com --------------------Summary---------------- Software: BlogPHP Sowtware's Web Site: http://www.blogphp.net/ Versions: 1(2) Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei -----------------Description--------------- Vulnerable scripts [ more ] [ reply ] BlogPHP config.php SQL injection login bypass 2006-01-20 addmimistrator gmail com SELECT level,email,url FROM ".$pre."users WHERE username = '".$_COOKIE[blogphp_username]."' AND password = '".$_COOKIE[blogphp_password]."'" --------------------Summary---------------- Software: BlogPHP Sowtware's Web Site: http://www.blogphp.net/ Versions: 1(2) Type: SQL Injection Class: Remote S [ more ] [ reply ] DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow' 2006-01-20 KF (lists) (kf_lists digitalmunition com) I am not sure why but this post appeared to be rejected. DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow' Author: Kevin Finisterre Vendor: http://www.ambicom.com/products/air2net Product: 'AmbiCom Blue Neighbors <= V2.50 Build 2500' References: http://www.digitalmunition.com/DMA[2006-0115 [ more ] [ reply ] [SECURITY] [DSA 949-1] New crawl packages fix potential group games execution 2006-01-20 joey infodrom org (Martin Schulze) MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities 2006-01-20 Mandriva Security Team (security mandriva com) [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow 2006-01-19 Dirk Mueller (mueller kde org) phpXplorer file inclusion biyosecurity.be 2006-01-18 liz0 bsdmail com site:www.phpxplorer.org ------------------------------------------------ http://victim/folder/system/action.php?sShare=guest&sAction=../../../../ ../../../../../../../../etc/passwd%00 ------------------------------------------------- example: http://fta.lv/phpXplorer/system/action.php?sShare=guest& [ more ] [ reply ] iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability 2006-01-17 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability iDefense Security Advisory 01.17.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=372 January 17, 2006 I. BACKGROUND Cisco IOS Software is the world's leading network infrastructure software, deli [ more ] [ reply ] iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability 2006-01-17 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability iDefense Security Advisory 01.17.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374 January 17, 2006 I. BACKGROUND EMC Legato NetWorker is a cross-platform backup and recovery application. II. DESCRIPTION Remo [ more ] [ reply ] iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability 2006-01-17 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) EMC Legato Networker nsrd.exe DoS Vulnerability iDefense Security Advisory 01.17.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375 January 17, 2006 I. BACKGROUND EMC Legato NetWorker is a cross-platform backup and recovery application. II. DESCRIPTION Remote exploitatio [ more ] [ reply ] Re: Microsoft knew about the WMF flaw for years 2006-01-17 Steven M. Christey (coley mitre org) Throughout all this discussion, we should not forget that it was not just Microsoft, but other developers who appear to have implemented and preserved this same WMF functionality over the years, e.g. Wine. The problem might have originated with Microsoft's design choices way back when, but few subs [ more ] [ reply ] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT 2006-01-17 ak red-database-security com |
|
Privacy Statement |
http://www.codecon.org/2006/program.html
CodeCon is the premier showcase of innovative software projects. It is a
workshop for developers of real-world applications with working code and
active development projects. All presentations will given by o
[ more ] [ reply ]