|
|
Colapse all |
Post message
Change passwd 3.1 (SquirrelMail plugin ) 2006-01-19 rod hedor (rodhedor hotmail com) Change passwd 3.1 (SquirrelMail plugin ) Coded by rod hedor web-- http://lezr.com [local exploit] * Multiple buffer overflows are present in the handling of command line arguements in chpasswd. The bug allows a hacker to exploit the process to run arbitrary code. #include <stdio.h> #in [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:05.80211 2006-01-18 FreeBSD Security Advisories (security-advisories freebsd org) MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability 2006-01-19 Mandriva Security Team (security mandriva com) Critical security advisory #006 tftpd32 Format string 2006-01-19 admin critical lt Critical security advisory #006 Tftpd32 2.81 Format String + DoS PoC Critical Security - 22:03 2006.01.19 Critical Security research: http://www.critical.lt Product site: http://tftpd32.jounin.net/ Credits : Critical Security Team (www.critical.lt) Original Advisory: http://www.critical.lt/?vulnerab [ more ] [ reply ] Phpclanwebsite BBCode IMG Tag XSS Vulnerability 2006-01-18 night_warrior771 securityfocus com, "[at]" securityfocus com,hotmail com securityfocus com ##Night_Warrior<Kurdish Hacker> ##night_warrior771[at]hotmail.com ##Phpclanwebsite BBCode IMG Tag XSS Vulnerability ##Contact :night_warrior771[at]hotmail.com ##hompage : www.phpclanwebsite.com Vulnerable: [img]javascript:alert('XSS')[/img] Contact :night_warrior771[at]hotmail.com Night_Warrior [ more ] [ reply ] [security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS) 2006-01-19 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00592668 Version: 1 HPSBUX02092 SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. R [ more ] [ reply ] Google's Blogger.com classic HTTP response splitting vulnerability 2006-01-18 Meder Kydyraliev (meder o0o nu) -2- [XSS] in ar-blog v 5.2 2006-01-18 s3ude hotmail com Software: ar-blog Web Site: http://www.ar-blog.com Versions: ar-blog v 5.2 Type: Cross Site Scripting Class: Remote Exploit : 1- http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all =9 2- http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9 Example : [ more ] [ reply ] CAID 33756 - DM Deployment Common Component Vulnerabilities 2006-01-18 Williams, James K (James Williams ca com) Title: CAID 33756 - DM Deployment Common Component Vulnerabilities CA Vulnerability ID: 33756 Discovery Date: 2005-12-20 CA Advisory Date: 2006-01-17 Discovered By: Cengiz Aykanat (CA internal audit), and Karma[at]DesignFolks[dot]com[dot]au. Impact: Remote attacker can cause a denial of ser [ more ] [ reply ] Re: Re: MSN Messenger Password Decrypter for WinXP/2003 2006-01-18 null msn-pwd-recovery com Hi, This is the author of the MSN Messenger Password Recovery tool. Searched in google and found this post. I would like to assure you that this program is not dangerous and does not perform any illegal actions. All it does is read the registry values and decrypt them. What's wrong with using UPX? A [ more ] [ reply ] Cisco Security Advisory: Cisco Call Manager Privilege Escalation 2006-01-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Call Manager Privilege Escalation Advisory ID: cisco-sa-20060118-ccmpe http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml Revision 1.0 ============ For Public Release 2006 January 18 1600 UTC (GMT) - - [ more ] [ reply ] [eVuln] WebspotBlogging Authentication Bypass Vulnerability 2006-01-19 alex evuln com New eVuln Advisory: WebspotBlogging Authentication Bypass Vulnerability http://evuln.com/vulns/41/summary.html --------------------Summary---------------- Software: WebspotBlogging Sowtware's Web Site: http://www.webspot.co.uk/ Versions: 3.0 Critical Level: Dangerous Type: SQL Injection Class: Rem [ more ] [ reply ] Land Down Under Signature HTML Code Injection 2006-01-18 night_warrior771 securityfocus com, "[at]" securityfocus com,hotmail com securityfocus com ##Night_Warrior<Kurdish Hacker> ##night_warrior771[at]hotmail.com ##Land Down Under Signature HTML Code Injection ##http://www.neocrome.net example: <STYLE =text/css>BODY { background-image: url('http://www.geocities.com/night_warrior771/blank.jpeg'); }</STYLE> Contact :night_warrior771[at]hotma [ more ] [ reply ] Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability 2006-01-18 Fortinet Research (vulnmonitor fortinet com) IRM 015: File system path disclosure on TYPO3 Web Content Manager 2006-01-19 Advisories (advisories irmplc com) (1 replies) ---------------------------------------------------------------------- IRM Security Advisory No. 015 File system path disclosure on TYPO3 Web Content Manager Vulnerablity Type / Importance: Information Leakage / Medium Problem discovered: January 13th 2006 Vendor contacted: January 13th 2006 Advi [ more ] [ reply ] Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager 2006-01-19 Michael Shigorin (mike osdn org ua) HITBSecConf2005 Videos Released 2006-01-19 Praburaajan (prabu hackinthebox org) Hi all, After a long wait and a series of misadventures, we are pleased to announce the availability of the HITBSecConf2005 Kuala Lumpur videos. You can grab them here: http://video.hitb.org/2005.html The videos are distributed via Bit Torrent network and are broken down into two separate package [ more ] [ reply ] MyBB Signature HTML Code Injection 2006-01-18 night_warrior771 securityfocus com, "[at]" securityfocus com,hotmail com securityfocus com [USN-244-1] Linux kernel vulnerabilities 2006-01-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-244-1 January 18, 2006 linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities CVE-2005-3356, CVE-2005-4605, CVE-2005-4618, CVE-2005-4639, CVE-2006-0095, CVE-2006-0096 ============================================= [ more ] [ reply ] Re: MSN Messenger Password Decrypter for WinXP/2003 2006-01-17 frank boldewin (frank boldewin gmx de) the MSN-Password-Recovery.exe is a normal nullsoft installer. after installing the software there's one pe-file called: MSN Password Recovery.exe which is upx packed. after unpacking with upx -d i throwed it into IDA and had a short look for suspicious code snippets. funny is this one: .text:0 [ more ] [ reply ] ICQ Cross Site Scripting Vulnerability 2006-01-18 simo morx org Title: ICQ Cross Site Scripting Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org> Date: 10 January 2006 MorX Security Research Team http://www.morx.org Service: Web/Chat Vendor: ICQ.com Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity: Medium/High Tested on [ more ] [ reply ] XMB Forum HTML Code Injection 2006-01-18 night_warrior771 securityfocus com, "[at]" securityfocus com,hotmail com securityfocus com Cisco Security Advisory: Cisco Call Manager Denial of Service 2006-01-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Call Manager Denial of Service Advisory ID: cisco-sa-20060118-ccmdos http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml Revision 1.0 ============ For Public Release 2006 January 18 1600 UTC (GMT) - -- [ more ] [ reply ] Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS 2006-01-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS Document ID: 68793 Advisory ID: cisco-sa-20060118-sgbp http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml Revision 1.0 ============ For Public Release 2006 [ more ] [ reply ] [eVuln] aoblogger Multiple Vulnerabilities 2006-01-17 alex evuln com New eVuln Advisory: aoblogger Multiple Vulnerabilities http://evuln.com/vulns/37/summary/bt/ --------------------Summary---------------- Software: aoblogger Sowtware's Web Site: http://mikeheltonisawesome.com/ Versions: 2.3 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Stat [ more ] [ reply ] [eVuln] Flog Information Disclosure Vulnerability 2006-01-17 alex evuln com New eVuln Advisory: Flog Information Disclosure Vulnerability http://evuln.com/vulns/38/summary/bt/ --------------------Summary---------------- Software: Flog Sowtware's Web Site: http://www.fluffington.com Versions: 1.0.1 Critical Level: Harmless Type: Information Disclosure Class: Remote Status: [ more ] [ reply ] |
|
Privacy Statement |
#####
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$
ft.html
###############################
SQL Injection in package SYS.KUPV$FT
Name SQL Injection in package SYS.KUPV$FT
Affected Oracle 10g Release 1
Severity High Risk
Category SQL Injection
Vendor URL http:
[ more ] [ reply ]