|
|
Colapse all |
Post message
[PHP-CHECKER] 99 potential SQL injection vulnerabilities 2005-12-12 Yichen Xie (yxie cs stanford edu) iDefense Security Advisory 12.14.05: Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability 2005-12-14 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability iDefense Security Advisory 12.14.05 www.idefense.com/application/poi/display?id=356&type=vulnerabilities December 14, 2005 I. BACKGROUND Trend Micro Inc.'s ServerProtect provides antivirus scanning with centralized management of virus [ more ] [ reply ] iDefense Security Advisory 12.14.05: Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability 2005-12-14 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability iDefense Security Advisory 12.14.05 www.idefense.com/application/poi/display?id=354&type=vulnerabilities December 14, 2005 I. BACKGROUND Trend Micro Inc.'s ServerProtect provides antivirus scanning with centralized management of v [ more ] [ reply ] iDefense Security Advisory 12.14.05: Trend Micro ServerProtect Crystal Reports ReportServer File Disclosure 2005-12-14 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Trend Micro ServerProtect Crystal Reports ReportServer File Disclosure iDefense Security Advisory 12.14.05 www.idefense.com/application/poi/display?id=352&type=vulnerabilities December 14, 2005 I. BACKGROUND Trend Micro Inc.'s ServerProtect provides antivirus scanning with centralized management [ more ] [ reply ] iDefense Security Advisory 12.14.05: Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow 2005-12-14 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow iDefense Security Advisory 12.14.05 www.idefense.com/application/poi/display?id=353&type=vulnerabilities December 14, 2005 I. BACKGROUND Trend Micro Inc.'s ServerProtect provides antivirus scanning with centralized management of virus o [ more ] [ reply ] Re: [Full-disclosure] Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability 2005-12-13 Tom Ferris (tommy security-protocols com) Retina can do remote registry, and file version checks with the proper credentials. So more than likely, its doing a registry check for the hotfix. Tom Ferris Researcher www.security-protocols.com Key fingerprint = 0DFA 6275 BA05 0380 DD91 34AD C909 A338 D1AF 5D78 On Tue, 13 Dec 2005, Dave Kor [ more ] [ reply ] LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution 2005-12-14 retrogod aliceposta it LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / blind SQL injection / cross site scripting / local file inclusion / path disclosure / remote code/commands execution software: site: http://www.limbo-cms.com/ description: "Putting it in short Limbo is a Content Management System, which allows you t [ more ] [ reply ] RE: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability 2005-12-13 Marc Maiffret (mmaiffret eeye com) To be clear we did not make any claim except that Retina has been updated to be able to identify this vulnerability. Obviously being that it is a local vulnerability we audit for the vulnerability using credentials through normal means that you should find in most any vulnerability assessment scanne [ more ] [ reply ] Secunia Research: Internet Explorer Suppressed "Download Dialog"Vulnerability 2005-12-13 Secunia Research (vuln secunia com) ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug 2005-12-13 liz0 bsdmail com ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug ---------------------------------------------------- site:http://www.linux.it/~fedro/ demo:http://www.e-stamp.ru/forum203/ -------------------------------------------------- http://target.com/pacth/users/use [ more ] [ reply ] MDKSA-2005:226 - Updated mozilla-thunderbird package fix vulnerability in enigmail 2005-12-13 Mandriva Security Team (security mandriva com) phpCOIN 1.2.2 multiple vulnerabilities 2005-12-13 retrogod aliceposta it PhpCOIN 1.2.2 arbitrary remote\local inclusion / blind sql injection / path disclosure software: site: http://www.phpcoin.com/ description: "a free software package originally designed for web-hosting resellers to handle clients, orders, invoices, notes and helpdesk, but no longer limited to hostin [ more ] [ reply ] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability 2005-12-13 Advisories (Advisories eeye com) (1 replies) Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability Release Date: December 13, 2005 Date Reported: May 23, 2005 External Refferences: eEye ID# EEYEB-20050523 OSVDB ID# 18823 CVE # CAN-2005-2827 Microsoft # MS05-055 Severity: Medium (Local Privilege Escalation to Kernel) Syste [ more ] [ reply ] Re: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability 2005-12-13 Joshua Russel (joshua russel gmail com) [SECURITY] [DSA 920-1] New ethereal packages fix arbitrary code execution 2005-12-13 joey infodrom org (Martin Schulze) [USN-229-1] Zope vulnerability 2005-12-13 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-229-1 December 13, 2005 zope2.8 vulnerability CVE-2005-3323 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The [ more ] [ reply ] Re: Re: [KAPDA::#16] - SMF SQL Injection 2005-12-10 Steven M. Christey (coley mitre org) >substr(strtolower($_REQUEST['start']), 0, 1) > >So, the string is set to lower case, and then only the FIRST letter is >used within the query. How can anyone exploit the database with a one >character insertion? Of course this is within single quotes as well, >so it cannot even be a command. Thi [ more ] [ reply ] [USN-222-2] Perl vulnerability 2005-12-12 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-222-2 December 12, 2005 perl vulnerability CVE-2005-3962 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] [OpenPKG-SA-2005.028] OpenPKG Security Advisory (curl) 2005-12-10 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Status on PGP NTFS File Wipe issue, 11 Dec 2005 2005-12-11 Jon Callas (jon pgp com) On December 8, 2005, Vinnie Liu and The Metasploit Project released an issue with PGP Desktop's free space wipe feature. Their web page on the issue can be found at <http://metasploit.com/research/vulns/pgp_slackspace/>. This report has been replicated in other fora, including Bugtraq and Secu [ more ] [ reply ] [PHP-CHECKER] 99 potential SQL injection vulnerabilities 2005-12-11 php-checker glide stanford edu Hi, we are a group of Stanford researchers and we have recently developed an automated tool for detecting injection vulnerabilities in PHP. We ran our tool on the following list of software and found 99 potential security vulnerabilites (inspected bug reports attached below): e107 -- v0.7 myBlo [ more ] [ reply ] [USN-228-1] curl library vulnerability 2005-12-12 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-228-1 December 12, 2005 curl vulnerability CVE-2005-4077 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] Re: Website Baker <=2.6.0 SQL Injection -> Login bypass -> remote code execution 2005-12-12 ryan websitebaker org Arab Portal v2 Beta2 SQL Injections 2005-12-11 stranger-killer hotmail com Hi .. This is small bug for Arab Portal System v2 Beta 2 File name :- global.php Remote:- Yes Credit :- Devil-00 Messenger :- <devil-00 (at) s4a (dot) cc [email concealed]> E-Mail :- <stranger-killer (at) hotmail (dot) com [email concealed]> //--# Devil SQL Injection /* This SQL can do when :- magic_quotes_gpc = Off $session_id << Bad Var Attacking [ more ] [ reply ] SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution 2005-12-12 SEC Consult Research (research sec-consult com) Re: Re: [Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service 2005-12-11 JHannah01 gmail com iDEFENSE Security Advisory 12.12.05: SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow Vulnerability 2005-12-12 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow Vulnerability iDefense Security Advisory 12.12.05 www.iDefense.com/application/poi/display?id=350&type=vulnerabilities December 12, 2005 I. BACKGROUND SCO Unixware is a Unix operating system that runs on many OEM platforms. II. DESCRIPTION [ more ] [ reply ] |
|
Privacy Statement |
developed an automated tool for detecting injection vulnerabilities in
PHP. We ran our tool on the following list of software and found 99
potential security vulnerabilites (inspected bug reports attached
below):
e107 -- v0.7
myB
[ more ] [ reply ]