|
|
Colapse all |
Post message
RE: Webwasher CSM Appliance Script Security Restriction Bypass 2006-01-03 Frank Berzau (frank cyberguard com) As discribed in our first response on Dec 23, we meanwhile ran additional tests against older versions of Webwasher CSM because the initial posting of ".v0rt3x" does not specify a version number. Our first test results are confirmed: The script mitigation of Webwasher CSM 5.1 and newer cannot be by [ more ] [ reply ] [eVuln] oaBoard PHP Code Execution 2006-01-01 alex evuln com New eVuln Advisory: oaBoard PHP Code Execution --------------------Summary---------------- Software: oaBoard Versions: 1.0 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (alex (at) evuln (dot) c [email concealed] [ more ] [ reply ] [eVuln] ScozBook "adminname" Authentication Bypass 2006-01-02 alex evuln com New eVuln Advisory: ScozBook "adminname" Authentication Bypass --------------------Summary---------------- Vendor: ScozNet Vendor's Web Site: http://www.scoznet.com/ Software: ScozBook Sowtware's Web Site: http://sourceforge.net/projects/scozbook/ Versions: BETA 1.1 Critical Level: Moderate Type: S [ more ] [ reply ] [eVuln] B-net Software Multiple XSS Vulnerabilities 2006-01-02 alex evuln com New eVuln Advisory: B-net Software Multiple XSS Vulnerabilities --------------------Summary---------------- Software: B-net Software Sowtware's Web Site: http://sourceforge.net/projects/b-net/ Versions: 1.0 Critical Level: Moderate Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit [ more ] [ reply ] [eVuln] inTouch Authentication Bypass 2006-01-01 alex evuln com New eVuln Advisory: inTouch Authentication Bypass --------------------Summary---------------- Software: inTouch (http://intouch.sourceforge.net/) Versions: 0.5.1 Alpha Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered [ more ] [ reply ] Drupal all versiyon xss cehennem.org 2006-01-02 liz0 bsdmail com Drupal all versiyon xss ---------------------------------------------------- site:http://www.drupal.org Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php -------------------------------------------------- img tag : on ------------------------------------------------------------------- [ more ] [ reply ] NicoFTP Stack Overflow 2006-01-02 k4p0k4p0 hotmail com /* * Name: NicoFTP Stack Overflow * Version: 3.0.1.19 * Developer: NicoSW * Developer site: www.nicosw.com (Offline) * Developer contact: nicoftp[at]nicosw[dot]com * Discovered by: K4P0 <k4p0k4p0[at]hotmail[dot]com> * Founded: 12/29/2005 (MM/DD/YYYY) * Published: 01/01/2006 (MM/DD/YYYY) */ [ more ] [ reply ] [eVuln] Chimera Web Portal System Multiple Vulnerabilities 2006-01-01 alex evuln com New eVuln Advisory: Chimera Web Portal System Multiple Vulnerabilities --------------------Summary---------------- Vendor: Phanatic Softwares (http://www.psoftwares.f2s.com/) Software: Chimera Web Portal System (http://sourceforge.net/projects/chimera/) Versions: 0.2 Critical Level: Moderate Type: [ more ] [ reply ] [eVuln] Chipmunk Guestbook XSS Vulnerability 2006-01-01 alex evuln com New eVuln Advisory: Chipmunk Guestbook XSS Vulnerability --------------------Summary---------------- Vendor: Chipmunk (http://www.chipmunk-scripts.com/) Software: Chipmunk Guestbook Versions: 1.4 and earlier Critical Level: Harmless Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit [ more ] [ reply ] [eVuln] PHPjournaler SQL Injection Vulnerability 2006-01-01 alex evuln com New eVuln Advisory: PHPjournaler SQL Injection Vulnerability --------------------Summary---------------- Software: PHPjournaler Versions: 1.0 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu [ more ] [ reply ] Re: RE: WMF Exploit 2006-01-01 grasshopa securityfocus com, at securityfocus com,gmail securityfocus com, com securityfocus com [KAPDA::#19] - Html Injection in vBulletin 3.5.2 2006-01-01 alireza hassani (trueend5 yahoo com) KAPDA New advisory Vendor: http://www.vbulletin.com Vulnerable Version: 3.5.2 (prior versions also may be affected) Bug: Html Injection (Second order cross site scripting) Exploitation: Remote with browser Description: -------------------- vBulletin is a powerful, scalable and fully customizable [ more ] [ reply ] [USN-233-1] fetchmail vulnerability 2006-01-02 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-233-1 January 02, 2006 fetchmail vulnerability CVE-2005-4348 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubu [ more ] [ reply ] [eVuln] VEGO Web Forum SQL Injection Vulnerability 2006-01-01 alex evuln com New eVuln Advisory: VEGO Web Forum SQL Injection Vulnerability --------------------Summary---------------- Vendor: VEGO Software: VEGO Web Forum Versions: 1.26 and earlier Critical Level: Moderate Type: SQL Injection Remote: yes Status: Unpatched Exploit: Available Solution: Not Available Discovere [ more ] [ reply ] [USN-234-1] cpio vulnerability 2006-01-02 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-234-1 January 02, 2006 cpio vulnerability CVE-2005-4268 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities 2006-01-01 XFOCUS Security Team (security xfocus org) MyBB 1.0 SQL injection in uploading file 2005-12-31 addmimistrator gmail com Hey there is a security bug in inc/function_upload.php script in mybb all version (except two days ago security updated version) that allows SQL INJECTION this bug is in function of upload attachment . when a file goes to upload this function test that if file has a valid extension . for this call g [ more ] [ reply ] MyBB XSS cross-site scripting 2005-12-31 addmimistrator gmail com (1 replies) Hey this is a security bug in printthread.PHP script of MyBB(all version also fully patched) that allows XSS crosssite scripting hacking and can be exploit without limitation. post this message on a thread and go to print view of thread to view execution of exploit. <script language=javascript>docu [ more ] [ reply ] [KAPDA::#18] - WebWiz Products SQL Injection 2005-12-30 advisory kapda ir [KAPDA::#18] - WebWiz Products SQL Injection Happy new year ! :) KAPDA New advisory Vulnerable products : webwiz site news access2000 : vesion 3.06 and prior versions webwiz journal access2000 : version 1.0 webwiz weekly poll access2000 : version 3.06 and prior versions database login access2000 [ more ] [ reply ] WMF browser-ish exploit vectors 2005-12-29 Evans, Arian (Arian Evans fishnetsecurity com) Here, let's make the rendering issue simple: Due to IE being so content help-happy there are a myriad of IE-friend file types (e.g.-.jpg) that one can simply rename a metafile to for purpose of web exploitation, and IE will pull out the wonderful hey; you're-not-a-jpeg-you're-a-something-else-that- [ more ] [ reply ] Yahoo mail Cross Site Scripting vulnerability 2005-12-29 simo morx org Title: Yahoo mail Cross Site Scripting Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org> Date: 22 December 2005 MorX Security Research Team http://www.morx.org Service: Webmail Vendor: Yahoo mail, and possibly others Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks [ more ] [ reply ] |
|
Privacy Statement |
We found a vulnerability in WinRAR 3.30 that overrun the program in Windows Platforms .
================================================
Synopsis: WinRAR Buffer Overflow Vulnerability in File Name
Product: WinRAR
Version: 3.30
Vender: RARLab (http://www.rarlab.com)
Remote: No
Local
[ more ] [ reply ]