|
|
Colapse all |
Post message
Cisco, haven't we learned anything? (technician reset) 2006-01-12 Gadi Evron (ge linuxbox org) In this (http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml) recent Cisco advisory, the company alerts us to a security problem with Cisco MARS (Cisco Security Monitoring Analysis and Response System). The security issue is basically a user account on the system that will give you ro [ more ] [ reply ] [SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution 2006-01-12 joey infodrom org (Martin Schulze) FogBugz Cross Site Scripting Vulnerability 2006-01-12 M.Neset KABAKLI (neset wakiza com) I.Vulnerability FogBugz Cross Site Scripting Vulnerability II.Vendor Fog Creek Software (www.fogcreek.com) III.Affected Systems - FogBugz (<= 4.029) IV.About FogBugz is a complete web based project management system for software teams. Designed by Joel Spolsky of Joel on Software fame (www.fog [ more ] [ reply ] Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injectionvulnerability 2006-01-13 nukedx nukedx com --Security Report-- Advisory: XSS attack on Superonline.com email service. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 12/01/06 08:47 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: MiniNuke (www.miniex.net) Version: 1.8.2 an [ more ] [ reply ] [SECURITY] [DSA 903-2] New unzip packages fix unauthorised permissions modification 2006-01-12 joey infodrom org (Martin Schulze) Session data pollution vulnerabilities in web applications 2006-01-12 Alla Bezroutchko (alla scanit be) (1 replies) In web applications I've tested recently I have stumbled upon something that seems to be new class of bugs. Quick googling did not turn up any reference to this kind of vulnerabilities, so I thought I should describe it. The problem boils down to the application reusing the same session variable na [ more ] [ reply ] Re: [Full-disclosure] Session data pollution vulnerabilities inweb applications 2006-01-12 Frank Knobbe (frank knobbe us) [USN-241-1] Apache vulnerabilities 2006-01-12 Adam Conrad (adconrad ubuntu com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================== Ubuntu Security Notice USN-241-1 January 12, 2006 apache2, apache vulnerabilities CVE-2005-3352, CVE-2005-3357 =========================================================== A security [ more ] [ reply ] EUSecWest papers and CanSecWest CFP 2006-01-12 Dragos Ruiu (dr kyx net) url: http://eusecwest.com url: http://cansecwest.com (CanSecWest Call For Papers attached below) EUSecWest/core06 Conference --------------------------- Announcing the final selection of papers for the EUSecWest conference in London, U.K. on Feb. 20/21 at the Victoria Park Plaza Hotel. The follo [ more ] [ reply ] [SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution 2006-01-12 joey infodrom org (Martin Schulze) Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks 2006-01-12 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: ======================== Access Point Memory Exhaustion from ARP Attacks =============================================== Advisory ID: cisco-sa-20060112-wireless http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless. [ more ] [ reply ] Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability 2006-01-12 Stefan Esser (sesser hardened-php net) Advisory 02/2006: PHP ext/mysqli Format String Vulnerability 2006-01-12 Stefan Esser (sesser hardened-php net) H-Sphere Security Vulnerability 2006-01-12 M.Neset KABAKLI (neset wakiza com) I.Vulnerability H-Sphere Hosting Control Panel Cross Site Scripting Vulnerability II.Vendor Positive Software (www.psoft.net) III.Affected Systems * H-Sphere (<= 2.4.3 Patch 8) IV.About H-Sphere is a scalable multiserver web hosting control panel that provides complete hosting automation for L [ more ] [ reply ] BSD Securelevels: Circumventing protection of files flagged immutable 2006-01-09 RedTeam Pentesting (release redteam-pentesting de) Advisory: XSS attack on Superonline.com email service. 2006-01-11 nukedx nukedx com --Security Report-- Advisory: XSS attack on Superonline.com email service. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 01/01/06 04:18 AM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx_at_nukedx.com Web: http://www.nukedx.com } --- About: Via this method,the Superonline Mails a [ more ] [ reply ] MDKSA-2006:010 - Updated cups packages fix several vulnerabilities 2006-01-11 Mandriva Security Team (xsecurity mandriva com) [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow 2006-01-11 Advisories (Advisories eeye com) EEYEB-20051117A Apple QuickTime STSD Atom Heap Overflow Release Date: January 10, 2006 Date Reported: November 17, 2005 Patch Development Time (In Days): 54 Days Severity: High (Code Execution) Vendor: Apple Systems Affected: Quicktime on Windows 2000 Quicktime on Windows XP Quicktime on Mac [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:01.texindex 2006-01-11 FreeBSD Security Advisories (security-advisories freebsd org) [USN-235-2] sudo vulnerability 2006-01-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-235-2 January 09, 2006 sudo vulnerability CVE-2005-4158 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] [eVuln] MyPhPim Arbitrary File Upload 2006-01-11 alex evuln com New eVuln Advisory: MyPhPim Arbitrary File Upload --------------------Summary---------------- Software: MyPhPim Sowtware's Web Site: http://sourceforge.net/projects/myphpim/ Versions: 01.05 Critical Level: Moderate Type: File Upload Class: Remote Status: Unpatched Exploit: Available Solution: Not [ more ] [ reply ] Advisory:XSS vulnerability on WebWiz Forums <= 6.34(search_form.asp) 2006-01-11 nukedx nukedx com --Security Report-- Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) --- Date: 08/01/06 07:19 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx_at_nukedx.com Web: http://www.nukedx.com } --- About: Via this method the WebWiz Forums <= 6.34 are being subjected to an attack namely [ more ] [ reply ] [FLSA-2006:167803] Updated mysql packages fix security issues 2006-01-11 Marc Deslauriers (marcdeslauriers videotron ca) eStara Softphone SIP stack Buffer Overflow Vulnerability 2006-01-11 zwell sohu com eStara Softphone is a SIP softphone. There exists a buffer overflow venerability in the SIP stack when a SIP packet with SDP data, and the data length of the attribute filed ("a") large than 4021 bytes. By exploiting this buffer overflow, an attacker can potentially gain control of the return addres [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED] 2006-01-11 FreeBSD Security Advisories (security-advisories freebsd org) SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001) 2006-01-11 Ludwig Nussel (ludwig nussel suse de) PostgreSQL security releases 8.0.6 and 8.1.2 2006-01-11 PostgreSQL Security (secuity postgresql org) PostgreSQL versions 8.0.6 and 8.1.2 have been released fixing a remote denial of service vulnerability on the win32 platform. Details ------- Vulnerability type: Denial of service Remotely exploitable: Yes Affected versions: PostgreSQL 8.0.0-8.0.5, 8.1.0-8.1.1 Fixed versions: PostgreSQL 8.0.6, [ more ] [ reply ] |
|
Privacy Statement |
Versions affected: PHP Toolkit for PayPal v0.50 (and may be prior)
Date: 12th January 2006
Type of Vulnerability: Sensitive Information Disclosure and Payment System
Bypass
Severity: Critical
Solution Status: Unpatched
Vendor was n
[ more ] [ reply ]