New eVuln Advisory:
ADNForum Multiple Vulnerabilities

--------------------Summary----------------
Vendor: Agustin Dondo
Vendor's Web Site: http://www.agustin.co.nr/
Software: ADNForum
Sowtware's Web Site: http://adnforum.sourceforge.net/
Versions: 1.0b
Critical Level: Moderate
Type: Multiple Vulner

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

With all the misinformation and theorizing going around, I figured the
community might be interested in some... you know, accurate information.
It's really refreshing, sometimes.

So, SecuriTeam blogs has posted an interview with Ilfak Guilfanov
(a

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Buffer Overflow in PHP MySQL functions

I. RISK

Low - Remote code execution on some systems
The function is not normaly exposed to external users via input data

II. AFFECTED VERSIONS

4.x Branch under Windows

III. BACKGROUND

PHP contains many built

[ more ]  [ reply ]

Just n' update:
DAP searches for all its mirrors from mirrorsearch.speedbit.com

I have no knowledge about HOW the mirrors are gathered. Still waiting for DAP developers to comment on this.

regards,
-Bipin Gautam
http://bipin.tk

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-235-1 January 05, 2006
sudo vulnerability
CVE-2005-4158
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-236-1 January 05, 2006
xpdf, poppler, cupsys, tetex-bin vulnerabilities
CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627
===========================================================

A security issue a

[ more ]  [ reply ]

Microsoft released a patch for the WMF vulnerability this afternoon.
KB912919
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

http://www.microsoft.com/technet/security/bulletin/ms06-jan.mspx

Has anyone looked into this, tried it, or know what it modifies?

In the workarounds FAQ

[ more ]  [ reply ]

Uninformed is pleased to announce the release of its third volume. This
volume includes 7 articles that cover a wide array of topics including
reverse engineering, exploitation technology, rootkit technology,
fuzzing, and other areas of research. The articles included in this
volume are:

- Engi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This email is intended to provide contact information for reporting
vulnerabilities in Symantec products. If you believe that you have
discovered a vulnerability in one of Symantec supported products, we
encourage you to contact secure (at) symantec (dot) com. [email concealed]

I

[ more ]  [ reply ]

I'm passing this on for Patrice Fournier who is not around today.
------------------------------------------------------------------------
------

HylaFAX security advisory
4 Jan 2006

Subject: HylaFAX hfaxd and notify/faxrcvd vulnerabilities

Introduction:

HylaFAX is a mature (est. 1991) enterpri

[ more ]  [ reply ]

SYSCP WEBFTP LOCAL FILE INCLUSION VULNERABILITY

Thomas Henlich

DESCRIPTION

Thomas Henlich has discovered a vulnerability in WebFTP, which can be
used by remote attackers to disclose potentially sensitive information
and to compromise a vulnerable system.

Input passed to the "webftp_language" par

[ more ]  [ reply ]

I've seen graphs on the sans.org site indicating that traffic on this
port has seen a major rise. It sounds like something linux might be
vulnerable to. I've tried finding out what gives, but neither Google
nor the major security sites I've tried show any hits for "sbininitd",
other than to note

[ more ]  [ reply ]

Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability

iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364
January 05, 2006

I. BACKGROUND

BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium busines

[ more ]  [ reply ]

##Night_Warrior<Kurdihs Hacker>
##night_warrior771[at]hotmail.com
##CyberShop User Login Sql Injection
##Site:http://www.gencbeyin.gen.tr/cybershop/test

Code For User Login :

Username : ' or ''='
Password: ' or ''='

Contact :night_warrior771[at]hotmail.com
Night_Warrior<Kurdihs Hacker>

[ more ]  [ reply ]

____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | /_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/

.OR.ID
ECHO_ADV_25$2006

--------------

[ more ]  [ reply ]

On 01 February 2006 Frame4 Security Systems will launch their Malware Distribution Project (MD:Pro) service, which will offer developers of security systems and anti-malware products a vast collection of downloadable malware from a secure and reliable source, exclusively for the purposes of analysis

[ more ]  [ reply ]

Open Letter on the Interpretation of "Vulnerability Statistics"
---------------------------------------------------------------
Author: Steve Christey, CVE Editor
Date: January 4, 2006

All,

As the new year begins, there will be many temptations to generate,
comment, or report on vulnerability st

[ more ]  [ reply ]

What we really learn from this all WMF "thingie", is that when Microsoft
wants to, it can.

Microsoft released the WMF patch ahead of schedule
( http://blogs.securiteam.com/index.php/archives/181 )

Yep, THEY released the PATCH ahead of schedule.

What does that teach us?

There are a few options:

[ more ]  [ reply ]

New eVuln Advisory:
TinyPHPForum Multiple Vulnerabilities

--------------------Summary----------------

Software: TinyPHPForum
Sowtware's Web Site: http://www.ralpharama.co.uk/tpf/
Versions: 3.6 and earlier
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
Explo

[ more ]  [ reply ]

Blue Coat WinProxy Remote DoS Vulnerability

iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363
January 05, 2006

I. BACKGROUND

BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium businesses. In addition to Inte

[ more ]  [ reply ]

Can someone *please* remove this post? The service this posting is referring to is not ready yet & I am guessing it has been leaked either via somebody working for us or as a result of the "interest" we have been getting in certain circles.

This service is not active until February 01, 2006, and we

[ more ]  [ reply ]

We just released a new version of the Metasploit Framework exploit module
for the Escape/SetAbortFunc code execution flaw. This module now pads the
Escape() call with random WMF records. You may want to double check your
IDS signatures -- most of the ones I saw today could be easily bypassed
or

[ more ]  [ reply ]

Greetings and Salutations:

I am requesting discussion on the below idea. I have seen this (in a very
crude way, see bottom) work. I suspect, however, that this idea could be
fine tuned to produce specific results.

Abstract:
As company partnerships increase, networking, databases and information

[ more ]  [ reply ]