|
|
Prev week |
Colapse all |
Post message
industry standards - current status [was: what we REALLY learned from WMF] 2006-01-06 Gadi Evron (ge linuxbox org) Comments and text below the quoted text. > mis-information. I believe even *you* posted erroneous information. Nice. #1. > First everyone bitches about how bad Microsoft security is, how they > don't "get it" and how they don't care. Then, when they issue a patch > out-of-cycle, we hear pom [ more ] [ reply ] AIM Multiple Cross Site Scripting Vulnerability 2006-01-08 simo morx org Title: AIM Multiple Cross Site Scripting Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org> Discovered: 26 December 2005 Published: 7 January 2006 MorX Security Research Team http://www.morx.org Service: Web Vendor: AIM.com Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin atta [ more ] [ reply ] Html_Injection in vBulletin 3.5.2 2006-01-08 the_bekir savsak com Vulnerable Version: 3.5.2 (prior versions also may be affected) Bug: Html_Injection (Second order Cross_Site_Scripting) Exploitation: Remote with browser Html_Injection : The software does not properly filter HTML tags in the title of events before being passed to user in 'calendar.php'&'reminder. [ more ] [ reply ] MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities 2006-01-09 Mandriva Security Team (xsecurity mandriva com) MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities 2006-01-09 Mandriva Security Team (xsecurity mandriva com) AOL Multiple Cross Site Scripting Vulnerability 2006-01-08 simo morx org Title: AOL Multiple Cross Site Scripting Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org> Discovered: 26 December 2005 Published: 7 January 2006 MorX Security Research Team http://www.morx.org Service: Web Vendor: AOL.com Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin atta [ more ] [ reply ] iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability 2006-01-09 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Multiple Vendor mod_auth_pgsql Format String Vulnerability iDefense Security Advisory 01.09.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367 January 09, 2006 I. BACKGROUND The mod_auth_pgsql apache module allows user authentication against information stored in a Postgre [ more ] [ reply ] [SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution 2006-01-09 joey infodrom org (Martin Schulze) Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability 2006-01-09 info digitalarmaments com Digital Armaments advisory is 12.22.2005 http://www.digitalarmaments.com/2006090173928420.html I. Background auth_ldap is an LDAP authentication module for Apache, the world's most popular web server. auth_ldap has excellent performance, and supports Apache on both Unix and Windows NT. It also has [ more ] [ reply ] [eVuln] Venom Board SQL Injection Vulnerability 2006-01-09 alex evuln com New eVuln Advisory: Venom Board SQL Injection Vulnerability --------------------Summary---------------- Software: Venom Board Sowtware's Web Site: http://sourceforge.net/projects/venomboard/ Versions: 1.22 Critical Level: Moderate Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit: [ more ] [ reply ] [SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution 2006-01-09 joey infodrom org (Martin Schulze) [eVuln] Foxrum BBCode XSS Vulnerabilty 2006-01-09 alex evuln com New eVuln Advisory: Foxrum BBCode XSS Vulnerabilty --------------------Summary---------------- Software: Foxrum Sowtware's Web Site: http://www.foxrum.fr.st/ Versions: 4.0.4f Critical Level: Harmless Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit: Available Solution: Available [ more ] [ reply ] NetBSD Security Advisory 2006-002: settimeofday() time wrap 2006-01-09 NetBSD Security Officer (security-officer NetBSD org) NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure 2006-01-09 NetBSD Security Officer (security-officer NetBSD org) [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability 2006-01-09 Michael Stone (mstone klecker debian org) [SECURITY] [DSA 929-1] New petris packages fix buffer overflow 2006-01-09 Michael Stone (mstone klecker debian org) [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities 2006-01-09 frankruder hotmail com Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities //this bug report is update for <<Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities>> by cocoruder 2006.01.07 by cocoruder page:http://ruder.cdut.net email:frankruder_at_hotmail.com Last Up [ more ] [ reply ] Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities 2006-01-07 frankruder hotmail com Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities by cocoruder page:http://ruder.cdut.net email:frankruder_at_hotmail.com Last Update:2006.01.07 class:design error Remote:yes local:yes Product Affected: Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft Windows Ser [ more ] [ reply ] xorg server 6.8.2 and below on 64bit arch 2006-01-08 serj varna net This might be nothing or might be something comment please! My system is 64bit turion with 64 bit ubuntu on top. On this machine long = void* = 8 bytes. On a 32 bit arch long = void* = 4 bytes. Great now lets have look on this. typedef struct { int type; unsigned long serial; Bool send_e [ more ] [ reply ] Re: Interview: Ilfak Guilfanov 2006-01-07 merlyn stonehenge com (Randal L Schwartz) >>>>> "Matthew" == Matthew Murphy <mattmurphy (at) kc.rr (dot) com [email concealed]> writes: Matthew> The URL for that blog post is: Matthew> http://blogs.securiteam.com/index.php/archives/176 The "Security Now!" podcast interviewed Ilfak as well. For an audio interview and transcript, see episode #21 at <http://www.grc.com [ more ] [ reply ] [eVuln] NavBoard BBcode XSS Vulnerability 2006-01-07 alex evuln com New eVuln Advisory: NavBoard BBcode XSS Vulnerability --------------------Summary---------------- Vendor: NavBoard Vendor's Web Site: http://navarone.f2o.org/ Software: NavBoard Sowtware's Web Site: http://sourceforge.net/projects/navboard/ Versions: checked: V16 Stable(2.6.0) and V17beta2 Critical [ more ] [ reply ] [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking 2006-01-07 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Survey on Vuln Disclosure: Request for Participation 2006-01-06 Richard Forno (rforno infowarrior org) (x-posted to Full-Disclosure and elsewhere) Greetings -- As part of my doctoral studies, I am seeking community input regarding how secrecy and openness can be balanced in the analysis and alerting of security vulnerabilities to protect critical national infrastructures. To answer this question, m [ more ] [ reply ] Recon2006 - Call for papers 2006-01-06 Hugo Fortier (hfortier recon cx) RECON 2006 - Call for papers - 06/01/06 Montreal, Quebec, Canada 16 - 18 June 2006 We are pleased to announce the second annual RECON conference, which will take place in Montreal from the 16th to the 18th of June 2006. We are looking for original technical presentations, in the fields o [ more ] [ reply ] Re: MD:Pro - Malware Distribution Project 2006-01-06 Rembrandt (rembrandt jpberlin de) > On 01 February 2006 Frame4 Security Systems will launch their Malware Distribution Project (MD:Pro) service, which will offer developers of security systems and anti-malware products a vast collection of downloadable malware from a secure and reliable source, exclusively for the purposes of analys [ more ] [ reply ] MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities 2006-01-06 Mandriva Security Team (security mandriva com) |
|
Privacy Statement |
> The "Security Now!" podcast interviewed Ilfak as well. For an audio interview
> and transcript, see episode #21 at <http://www.grc.com/securitynow.htm>.
Why the hell does Gibson get a Forum and a reference *on this list*?
http://www.grcsucks.com/
Denis Jedig
synetico
[ more ] [ reply ]