|
|
Prev week |
Colapse all |
Post message
[ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server 2006-01-13 ISecAuditors Security Advisories (advisories isecauditors com) DDSN CMS Admin Panel SQL Injection Vulnerability 2006-01-13 khc bsdmail org Web Site : http://www.ddsn.com and http://www.cm3cms.com Description : DDSN is an expert provider of professional services surrounding the science of content management: Design, information architecture, deployment, and integration. In addition we offer our own content management software: Our [ more ] [ reply ] DIMVA 2006 Call for Papers 2006-01-13 thomas suse de (Thomas Biege) Sorry, if you receive multiple copies of this Call for Papers. RECENT UPDATES!!! ----------------- - Due to multiple requests the paper submission deadline has been extended to Friday, January 27, 2006! - Selected papers will be published in revised and extended version in a special issue of S [ more ] [ reply ] Linksys VPN Router (BEFVP41) DoS Vulnerability 2006-01-13 paul14075 gmail com Linksys BEFVP41 (possibly others) (not sure which firmware) can be instantenously crashed by sending a specially crafted IP packet with a null length for IP option #0xE4 , like this one: 00 0f 66 99 a3 45 00 10 5a cc 59 84 08 00 46 00 00 2c 04 d2 00 00 ff aa 06 2a c0 a8 01 65 43 08 c6 15 e4 00 [ more ] [ reply ] [eVuln] Light Weight Calendar PHP Code Execution 2006-01-13 alex evuln com New eVuln Advisory: Light Weight Calendar PHP Code Execution http://evuln.com/vulns/29/summary.html --------------------Summary---------------- Software: Light Weight Calendar Sowtware's Web Site: http://sourceforge.net/projects/lwcal/ Versions: 1.0 Critical Level: Dangerous Type: PHP Code Executi [ more ] [ reply ] AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability 2006-01-13 night_warrior771 hotmail com ##Night_Warrior<Kurdish Hacker> ##night_warrior771[at]hotmail.com ##AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability ##http://www.alstrasoft.com http://vicktimhost/template/fullview.php?tempid=[XSS] Contact :night_warrior771[at]hotmail.com Night_Warrior<Kurdihs Hacker> [ more ] [ reply ] DCP Portal Cross-Site Scripting Vulnerability 2006-01-13 night_warrior771 hotmail com ##Night_Warrior<Kurdish Hacker> ##night_warrior771[at]hotmail.com ##DCP Portal Cross-Site Scripting Vulnerability ##http://www.dcp-portal.org http://vicktimhost/calendar.php?show=full_month&s=1&submit=GO&day=[XSS] http://vicktimhost/search.php post this code <script>alert('night_warrior');</script> [ more ] [ reply ] MyBB 1.0.2 SQL injection 2006-01-13 addmimistrator gmail com Hey this is a bug report for mybb software ( forum software downloadable from http://www.mybboard.com) bug found by imei; bug is in usercp.php file line 830 (ver 1.0.2 latest ver) that allows SQL injection bug is in result of poor checking for $mybb->input['threadmode'] value that can have quote and [ more ] [ reply ] WMF vulnerability was a deliberate backdoor? 2006-01-13 Brooks, Shane (SBrooks orangelake com) I've recently had my attention brought to a post from Steve Gibson in the grc.com forums, which contains the following quote: <snippet> The only conclusion that can reasonably be drawn is that this [setAbortProc procedure] was a deliberate backdoor put into all of Microsoft's recent editions of W [ more ] [ reply ] [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability 2006-01-10 Advisories (Advisories eeye com) EEYEB-20050801 Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability Release Date: January 10, 2006 Date Reported: July 31, 2005 Time to Patch: 163 Days Severity: High (Code Execution) Systems Affected: Windows ME Windows 98 Windows NT Windows 2000 Windows XP SP1 / SP2 Windows Serve [ more ] [ reply ] [SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution 2006-01-11 joey infodrom org (Martin Schulze) FreeBSD Security Advisory FreeBSD-SA-06:02.ee 2006-01-11 FreeBSD Security Advisories (security-advisories freebsd org) Hacking With The Google Search Engine 2006-01-14 Paul Laudanski (zx castlecops com) By Darren W. Miller, aka defendingthenet, CastleCops Staff Writer Jan 14, 2006 Google: Yes, You Can Find Just About Anything Hackers and security experts use various custom and open source tools to complete their tasks. In fact, one of the tools they use you probably use every time you browse t [ more ] [ reply ] FullPath disclosure in Xaraya 1.0.1 2006-01-14 king_purba yahoo co uk Author : Ph03n1X http://student.te.ugm.ac.id/~phoenix03 Description Software : Xaraya v 1.0.1 http://xaraya.com PoC : 1. http://site.xxx/xaraya/xaraya-1.0.1/html/includes/xarTemplate.php Call to undefined function: xarcoregetvardirpath() in/usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarTempl [ more ] [ reply ] MyBB 1.0.2 SQL injection in usercp.php 2006-01-14 addmimistrator gmail com this is a bug report for MyBB 1.0.2(latest version) bug found by imei there is a security bug in usercp.php line 830 that Allows SQL Injection and can result to full access to admin cp. bug is in result of poor checking of $mybb->input['threadmode'] value against all other values in usercp.php file [ more ] [ reply ] ezDatabase 2.0 and below 2006-01-14 none none com ezDatabase 2.0 and below ezDatabase 2.0 and below ========================================= www.ezdatabase.org "ezDatabase is the foundation for your online databases. It is a powerful web based application that allows even non-technical users to create online databases for their website. ezDatabas [ more ] [ reply ] [KAPDA::#21] - HomeFtp v1.1 Denial of Service 2006-01-14 cvh securityfocus com, "[a]" securityfocus com,kapda ir securityfocus com [KAPDA::#21] - HomeFtp v1.1 Denial of Service KAPDA New advisory Vulnerable products : HomeFtp v1.1 Vendor: Helmsman(http://www.Frigate3.com) Risk: High Vulnerabilities: Denial of service Date : -------------------- Found : Aug 21 2005 Vendor Contacted : Aug 21 2005 Release Date : Jan 14 2006 A [ more ] [ reply ] [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops 2006-01-14 Advisories (advisories nmrc org) [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities 2006-01-11 alex evuln com New eVuln Advisory: MyPhPim Multiple SQL Injection and XSS Vulnerabilities --------------------Summary---------------- Software: MyPhPim Sowtware's Web Site: http://sourceforge.net/projects/myphpim/ Versions: 01.05 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpat [ more ] [ reply ] PayPal Phishing Site Exploits Google XSS Vulnerability 2006-01-11 Paul Laudanski (zx castlecops com) There is a new PayPal phishing site that is crafty and cunning in attempting to hide its true address from the surfer. Unsuspecting users might fall for this devious trickery. It is thru a Google XSS attack that the phishing site uses to begin its lure and deception of the surfer. Read full details [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw 2006-01-11 FreeBSD Security Advisories (security-advisories freebsd org) MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities 2006-01-11 Mandriva Security Team (xsecurity mandriva com) [FLSA-2006:152803] Updated lesstif packages fix security issues 2006-01-10 Marc Deslauriers (marcdeslauriers videotron ca) [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities 2006-01-10 Stefan Cornelius (dercorny gentoo org) FreeBSD Security Advisory FreeBSD-SA-06:03.cpio 2006-01-11 FreeBSD Security Advisories (security-advisories freebsd org) mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation 2006-01-10 xwings securityfocus com, at securityfocus com,mysec securityfocus com, dot securityfocus com, org securityfocus com mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation Xmame buffer overflow, with a possibility of privilege escalation mysec.org Security Advisory 11 Jan 2006 http://www.mysec.org I. BACKGROUND Xmame and xmess are ports of MAME, the Multiple Arcade M [ more ] [ reply ] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability 2006-01-12 secresearch fortinet com |
|
Privacy Statement |
INTERNET SECURITY AUDITORS ALERT 2006-001
- Original release date: January 09, 2006
- Last revised: January 13, 2006
- Discovered by: Jesus Olmos Gonzalez
- Severity: 4/5
=============================================
I. VULNERABILITY
-------------------
[ more ] [ reply ]