|
|
Colapse all |
Post message
[NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops 2006-01-14 Advisories (advisories nmrc org) [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities 2006-01-11 alex evuln com New eVuln Advisory: MyPhPim Multiple SQL Injection and XSS Vulnerabilities --------------------Summary---------------- Software: MyPhPim Sowtware's Web Site: http://sourceforge.net/projects/myphpim/ Versions: 01.05 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpat [ more ] [ reply ] PayPal Phishing Site Exploits Google XSS Vulnerability 2006-01-11 Paul Laudanski (zx castlecops com) There is a new PayPal phishing site that is crafty and cunning in attempting to hide its true address from the surfer. Unsuspecting users might fall for this devious trickery. It is thru a Google XSS attack that the phishing site uses to begin its lure and deception of the surfer. Read full details [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw 2006-01-11 FreeBSD Security Advisories (security-advisories freebsd org) MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities 2006-01-11 Mandriva Security Team (xsecurity mandriva com) [FLSA-2006:152803] Updated lesstif packages fix security issues 2006-01-10 Marc Deslauriers (marcdeslauriers videotron ca) [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities 2006-01-10 Stefan Cornelius (dercorny gentoo org) FreeBSD Security Advisory FreeBSD-SA-06:03.cpio 2006-01-11 FreeBSD Security Advisories (security-advisories freebsd org) mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation 2006-01-10 xwings securityfocus com, at securityfocus com,mysec securityfocus com, dot securityfocus com, org securityfocus com mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation Xmame buffer overflow, with a possibility of privilege escalation mysec.org Security Advisory 11 Jan 2006 http://www.mysec.org I. BACKGROUND Xmame and xmess are ports of MAME, the Multiple Arcade M [ more ] [ reply ] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability 2006-01-12 secresearch fortinet com iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow 2006-01-13 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow iDefense Security Advisory 01.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities January 13, 2006 I. BACKGROUND Novell SUSE Linux Enterprise Server is a platform for open source computing in an enterprise env [ more ] [ reply ] [ GLSA 200601-08 ] Blender: Heap-based buffer overflow 2006-01-13 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code 2006-01-13 Sune Kloppenborg Jeppesen (jaervosz gentoo org) SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002) 2006-01-13 Marcus Meissner (meissner suse de) [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability 2006-01-13 Sune Kloppenborg Jeppesen (jaervosz gentoo org) MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities 2006-01-13 Mandriva Security Team (security mandriva com) [SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution 2006-01-13 joey infodrom org (Martin Schulze) [SECURITY] [DSA 939-1] New fetchmail packages fix denial of service 2006-01-13 joey infodrom org (Martin Schulze) Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access 2006-01-12 secresearch fortinet com Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability 2006-01-12 secresearch fortinet com Helm XSS Vulnerability 2006-01-12 M.Neset KABAKLI (neset wakiza com) I.Vulnerability Helm Hosting Control Panel Cross Site Scripting Vulnerability II.Vendor Web Host Automation Ltd. (www.webhostautomation.com) III.Affected Systems * Helm v3.2.8 (and probably previous versions). IV.About Helm is a multi-server management and hosting control system for Windows 20 [ more ] [ reply ] [USN-240-1] bogofilter vulnerability 2006-01-11 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-240-1 January 11, 2006 bogofilter vulnerability CVE-2005-4591 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) T [ more ] [ reply ] Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injectionvulnerability 2006-01-13 nukedx nukedx com (1 replies) --Security Report-- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 12/01/06 08:47 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: MiniNuke (www.miniex [ more ] [ reply ] Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remoteuser password change exploit 2006-01-13 nukedx nukedx com [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities 2006-01-12 alex evuln com New eVuln Advisory: Wordcircle Multiple SQL Injection & XSS Vulnerabilities --------------------Summary---------------- Software: Wordcircle Sowtware's Web Site: http://www.wordcircle.org/ Versions: 2.17 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched Exploi [ more ] [ reply ] [eVuln] Wordcircle Authentication Bypass 2006-01-12 alex evuln com New eVuln Advisory: Wordcircle Authentication Bypass --------------------Summary---------------- Software: Wordcircle Sowtware's Web Site: http://www.wordcircle.org/ Versions: 2.17 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Availab [ more ] [ reply ] [eVuln] ACal Authentication Bypass & PHP Code Insertion 2006-01-12 alex evuln com New eVuln Advisory: ACal Authentication Bypass & PHP Code Insertion --------------------Summary---------------- Software: ACal Sowtware's Web Site: http://acalproj.sourceforge.net/ Versions: 2.2.5 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available [ more ] [ reply ] [eVuln] TankLogger SQL Injection Vulnerability 2006-01-12 alex evuln com New eVuln Advisory: TankLogger SQL Injection Vulnerability --------------------Summary---------------- Software: TankLogger Sowtware's Web Site: http://tanklogger.sourceforge.net/ Versions: 2.4 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution [ more ] [ reply ] ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability 2006-01-12 zdi-disclosures 3com com ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-001.html January 12, 2006 -- CVE ID: CVE-2006-0162 -- Affected Vendor: Clam AntiVirus -- Affected Products: Clam AntiVirus 0.80 through 0.87.1 -- TippingPoint(TM) IPS Customer [ more ] [ reply ] Interspire TrackPoint NX XSS Vulnerability 2006-01-12 M.Neset KABAKLI (neset wakiza com) I.Vulnerability Interspire TrackPoint NX Cross Site Scripting Vulnerability II.Vendor Interspire (www.interspire.com) III.Affected Systems - Interspire TrackPoint NX (< 0.1) IV.About TrackPoint is a web based sales tracking software. V.Description An attacker is able to inject HTML and clien [ more ] [ reply ] |
|
Privacy Statement |
_______
Nomad Mobile Research Centre
A D V I S O R Y
www.nmrc.org
Simple Nomad [thegnome (at) nmrc (dot) org [email concealed]]
[ more ] [ reply ]