|
|
Colapse all |
Post message
Phpclanwebsite BBCode IMG Tag XSS Vulnerability 2006-01-17 night_warrior771 securityfocus com, "[at]" securityfocus com,hotmail com securityfocus com ##Night_Warrior<Kurdish Hacker> ##night_warrior771[at]hotmail.com ##Phpclanwebsite BBCode IMG Tag XSS Vulnerability ##Contact :night_warrior771[at]hotmail.com ##hompage : www.phpclanwebsite.com Vulnerable: [img]javascript:alert('XSS')[/img] Contact :night_warrior771[at]hotmail.com Night_Warrior [ more ] [ reply ] [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess() 2006-01-17 Thierry Zoller (Thierry Zoller lu) Dear List, Title : CheckPoint - CheckQuotes! Ref : TZO-012006-Checkpoint Author : Thierry Zoller TXT : http://secdev.zoller.lu/research/checkpoint.txt URL : http://secdev.zoller.lu/research/checkpoint.htm Introduction : ~~~~~~~~~~~~~~ As employees become more mobile, sophisticated VPN s [ more ] [ reply ] Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA 2006-01-17 ak red-database-security com Transparent Data Encryption stores key unencrypted in the SGA Name Transparent Data Encryption stores key unencrypted in the SGA Affected Oracle Database 10g Release 2 Severity High Risk Category Information disclosure Vendor URL http://www.oracle.com/ Author Alexander Kornbrust (ak at [ more ] [ reply ] Oracle Reports - Read parts of files via customize(fixed after 875 days) 2006-01-17 ak red-database-security com Oracle Critical Patch Update - January 2006 2006-01-17 NGSSoftware Insight Security Research (nisr nextgenss com) Oracle has released a critical patch update that addresses a number of flaws found by NGSResearchers and others. More information can be found at: http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html NGSSQuirreL for Oracle, http://www.ngssoftware.com/squirrelora.htm, has been upda [ more ] [ reply ] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days) 2006-01-17 ak red-database-security com Oracle Reports - Read parts of files via desname (fixed after 874 days) 2006-01-17 ak red-database-security com Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext 2006-01-17 ak red-database-security com Oracle DBMS ? Access Control Bypass in Login 2006-01-17 shulman imperva com Oracle DBMS ? Access Control Bypass in Login ********************************************************** Background *********************** Oracle is a widely deployed DBMS. Clients use a protocol called TNS to communicate to the Oracle server. Protocol messages are used for session setup, authentica [ more ] [ reply ] Attacking Automatic Wireless Network Selection 2006-01-17 Dino A. Dai Zovi (ddz matasano com) Hello BUGTRAQ, Simple Nomad recently discussed issues with Windows XP creating Ad- Hoc wireless networks at this year's ShmooCon. There are, however, many more similar and more serious problems with how Windows and MacOS X locate and automatically join wireless networks. These have been pu [ more ] [ reply ] MyBB 1.0.2 Sniffing table perfix bug in search.php 2006-01-14 addmimistrator gmail com --------------------Summary---------------- Software: mybb Sowtware's Web Site: http://mybboard.com Versions: 1.0.2 Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei Risk: low -----------------Description--------------- mybb has a security bug that allows [ more ] [ reply ] [eVuln] geoBlog SQL Injection Vulnerability 2006-01-16 alex evuln com New eVuln Advisory: geoBlog SQL Injection Vulnerability http://evuln.com/vulns/33/summary/bt/ --------------------Summary---------------- Software: geoBlog Sowtware's Web Site: http://sourceforge.net/projects/bitdamaged/ Versions: MOD_1.0 Critical Level: Dangerous Type: SQL Injection Class: Remote [ more ] [ reply ] WEP-Client-Communication-Dumbdown (WCCD) Vulnerability 2006-01-16 Michael Wade ferguson com http://www.securitystartshere.net/page-vulns-wccd.htm WEP-Client-Communication-Dumbdown (WCCD) Vulnerability Vulnerability Description: ThinkSECURE has discovered that certain well-known wireless chipsets, using vulnerable drivers under the Windows XP operating system and when configured to us [ more ] [ reply ] Re: Fullpath disclosure in roundcube webmail 2006-01-17 roundcube gmail com Since Roundcube is only available in Alpha version, it's pre-configured with a high verbose level. It allows you to configure wether erros should be displayed or just be logged into a file: $rcmail_config['debug_level'] = 1; Also the reported error is a custom message that RoundCube produces while [ more ] [ reply ] [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities 2006-01-16 alex evuln com New eVuln Advisory: CaLogic Calendars Multiple XSS Vulnerabilities http://evuln.com/vulns/24/summary/bt/ --------------------Summary---------------- Software: CaLogic Calendars Sowtware's Web Site: http://www.calogic.de/ Versions: 1.2.2 Critical Level: Moderate Type: Cross-Site Scripting Class: Re [ more ] [ reply ] Cerberus FTP Server 2.32 Denial of Service 2006-01-15 cvh securityfocus com, a securityfocus com,kapda ir securityfocus com Cerberus FTP Server 2.32 Denial of Service Denial of Service(DoS) ------- KAPDA New advisory Vulnerable products : Cerberus FTP Server 2.32 Vendor: http://www.cerberusftp.com/ Risk: High Vulnerabilities: Denial of service Date : -------------------- Found : Aug 21 2005 Vendor Contacted : Aug 21 [ more ] [ reply ] [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation 2006-01-17 joey infodrom org (Martin Schulze) [SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities 2006-01-17 joey infodrom org (Martin Schulze) PowerPortal Cross-Site Scripting Vulnerability 2006-01-17 night_warrior771 hotmail com ##Night_Warrior<Kurdish Hacker> ##night_warrior771[at]hotmail.com ##PowerPortal Cross-Site Scripting Vulnerability ##Contact :night_warrior771[at]hotmail.com ##http://powerportal.sourceforge.net/ Vuln XSS : http://www.example.com/modules/content/search.php?func=results&search=[X SS] http://www.examp [ more ] [ reply ] Secunia Research: Mozilla Thunderbird Attachment SpoofingVulnerability 2006-01-17 Secunia Research (vuln secunia com) [eVuln] microBlog BBCode XSS Vulnerability 2006-01-17 alex evuln com New eVuln Advisory: microBlog BBCode XSS Vulnerability http://evuln.com/vulns/36/summary/bt/ --------------------Summary---------------- Software: microBlog Sowtware's Web Site: http://www.stamcar.com/projekti/microblog/ Versions: 2.0 RC-10 Critical Level: Harmless Type: Cross-Site Scripting Class [ more ] [ reply ] [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation 2006-01-16 Thierry Carrez (koon gentoo org) [eVuln] microBlog SQL Injection Vulnerability 2006-01-17 alex evuln com New eVuln Advisory: microBlog SQL Injection Vulnerability http://evuln.com/vulns/35/summary/bt/ --------------------Summary---------------- Software: microBlog Sowtware's Web Site: http://www.stamcar.com/projekti/microblog/ Versions: 2.0 RC-10 Critical Level: Moderate Type: SQL Injection Class: Re [ more ] [ reply ] [eVuln] BlogPHP Authentication Bypass 2006-01-17 alex evuln com New eVuln Advisory: BlogPHP Authentication Bypass http://evuln.com/vulns/34/summary/bt/ --------------------Summary---------------- Software: BlogPHP Sowtware's Web Site: http://www.blogphp.net/ Versions: 1.0 Critical Level: Harmless Type: SQL Injection Class: Remote Status: Unpatched Exploit: Ava [ more ] [ reply ] |
|
Privacy Statement |
The packet does not crash the router if it is addressed to the router. To the crash the router (from the LAN-side, anyway), it must be addressed to an external (WAN-side) IP address.
example:
router is 192.168.1.1
evil_pc is 192.168.1.101 (e
[ more ] [ reply ]