|
|
Colapse all |
Post message
ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability 2006-01-17 Sune Kloppenborg Jeppesen (jaervosz gentoo org) IndonesiaHack Advisory HTML injection in PHP Fusebox 2006-01-17 king_purba yahoo co uk IndonesiaHack Advisory HTML injection in PHP Fusebox Author : Ph03n1X Email : king_purba (at) yahoo.co (dot) uk [email concealed] Software Description Name : PHP Fusebox 4.0.6 Vendor : http://prdownloads.sourceforge.net/php-fusebox/FB3_PHP_b6.zip?download PoC : http://site.xxx/fusebox/index.php?fuseaction=<h1><marquee>Ha [ more ] [ reply ] MDKSA-2006:016 - Updated clamav packages fix vulnerability 2006-01-17 Mandriva Security Team (security mandriva com) MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities 2006-01-17 Mandriva Security Team (security mandriva com) MDKSA-2006:014 - Updated wine packages fix WMF vulnerability 2006-01-16 Mandriva Security Team (security mandriva com) White Album Sql İnjection biyosecurity.be 2006-01-16 liz0 bsdmail com WHITEAlbum Sql İnjection Website:http://whiteangle.com/ ------------------------------------------------------------------- exploit : http://[victim]/folder/pictures.php?dir=[SQL] ------------------------------------------------------------------- Credit:Liz0ziM mail:liz0 (at) bsdmail (dot) com [email concealed] www.b [ more ] [ reply ] Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements 2006-01-14 inge henriksen booleansoft com ** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ ** Advisory Name: Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements Release Date: 14. January 2006 Vulnerable Product: Microsoft(R) Internet E [ more ] [ reply ] [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1 2006-01-14 zinho hackerscenter com [USN-243-1] tuxpaint vulnerability 2006-01-16 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-243-1 January 16, 2006 tuxpaint vulnerability CVE-2005-3340 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The [ more ] [ reply ] [SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution 2006-01-16 joey infodrom org (Martin Schulze) Announcement: The Web Application Firewall Evaluation Criteria v1 Released 2006-01-15 contact webappsec org The Web Application Firewall Evaluation Criteria project is proud to announce v1.0 of The Web Application Firewall Evaluation Criteria (WAFEC), its first official release. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create [ more ] [ reply ] PunBB BBCode URL Tag Script Injection Vulnerability 2006-01-16 night_warrior771 hotmail com ##Night_Warrior<Kurdish Hacker> ##night_warrior771[at]hotmail.com ##PunBB BBCode URL Tag Script Injection Vulnerability ##Contact :night_warrior771[at]hotmail.com Vulnerable: [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF' style='top:expression(eval(this.sss));'sss=`i=new/* [ more ] [ reply ] Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability 2006-01-16 info digitalarmaments com CMU SNMP utilities snmptrad Format String Vulnerability Digital Armaments advisory is 01.04.2006 http://www.digitalarmaments.com/2006040164883273.html I. Background The package is CMU-SNMP utilities. In this package snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM mes [ more ] [ reply ] EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability 2006-01-15 Josh Zlatin (josh ramat cc) [eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability 2006-01-15 alex evuln com New eVuln Advisory: Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability http://evuln.com/vulns/31/summary/bt/ --------------------Summary---------------- Software: Bit 5 Blog Sowtware's Web Site: http://bit5blog.sourceforge.net/ Versions: 8.01 Critical Level: Moderate Type: SQL Injectio [ more ] [ reply ] Microsoft knew about the WMF flaw for years 2006-01-16 Richard M. Smith (rms computerbytesman com) Hi, Stephen Toulouse writing in a Microsoft security blog has now confirmed that the Microsoft has known about the WMF flaw for many years: Looking at the WMF issue, how did it get there? http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx "The potential danger of this type of m [ more ] [ reply ] Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit 2006-01-16 patrickthomassen gmail com Enjoy. /* DESCRIPTION Veritas NetBackup Stack Overflow (tcp/13701) "Volume Manager Daemon" Module Advisories http://www.idefense.com/intelligence/vulnerabilities/display.php?id=336 http://www.frsirt.com/english/advisories/2005/2349 USAGE C:\NetBackup>nb 192.168.0.2 4444 192.168.0.200 0 [ more ] [ reply ] [eVuln] Benders Calendar SQL Injection 2006-01-15 alex evuln com New eVuln Advisory: Benders Calendar SQL Injection http://evuln.com/vulns/30/summary/bt/ --------------------Summary---------------- Software: Benders Calendar Sowtware's Web Site: http://sourceforge.net/projects/benderscalendar/ Versions: 1.0 Critical Level: Harmless Type: SQL Injection Class: Re [ more ] [ reply ] iWar 0.07 PSTN auditing tool released... 2006-01-15 Da Beave (beave bundy vistech net) I've released iWar version 0.07, "Now with 100% more VoIP!" iWar is a PSTN (phone network) security auditing tool. The major thing this release adds is the VoIP/IAX2 support! You can now sit in a Starbuck's, sipping on coffee and scan phone numbers :) I've started adding the signal proces [ more ] [ reply ] [USN-242-1] mailman vulnerabilities 2006-01-16 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-242-1 January 16, 2006 mailman vulnerabilities CVE-2005-3573, CVE-2005-4153 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (War [ more ] [ reply ] Homeftp r1.0.7 Denial of Service 2006-01-15 cvh securityfocus com, a securityfocus com,kapda ir securityfocus com Homeftp r1.0.7 Denial of Service Denial of Service(DoS) ------- KAPDA New advisory Vulnerable products : homeftp r1.0.7 Vendor: http://downstairs.dnsalias.net/ Risk: High Vulnerabilities: Denial of service of complete PC Date : -------------------- Found : Aug 2005 Vendor Contacted : Not Contac [ more ] [ reply ] WehnTrust - When you have to trust Wehntrust 2006-01-16 Thierry Zoller (Thierry Zoller lu) (1 replies) Dear List, Small blurp I came around; when Wehntrust creates the autostart key it forgets to correctly quote the string in the key and thus may trigger an autostart of c:\program.bat|exe|com up-on reboot... [2] Quoting [1] : ^^^^^^^^^^^^ ----------------------------------------------------------- [ more ] [ reply ] Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust 2006-01-16 H D Moore (sflist digitaloffense net) |
|
Privacy Statement |
Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200601-09:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]