|
|
Colapse all |
Post message
Moodle <=1.6dev blind SQL Injection 2005-11-10 retrogod aliceposta it 5.02 10/11/2005 Moodle <=1.6dev blind SQL Injection / Remote commands/code execution / xss software: site: http://moodle.org/ description: "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effect [ more ] [ reply ] [USN-215-1] fetchmailconf vulnerability 2005-11-07 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-215-1 November 07, 2005 fetchmail vulnerability CVE-2005-3088 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubu [ more ] [ reply ] [SECURITY] [DSA 804-2] New kdelibs packages fix backup file information leak 2005-11-10 joey infodrom org (Martin Schulze) [SECURITY] [DSA 892-1] New awstats packages fix arbitrary command execution 2005-11-10 joey infodrom org (Martin Schulze) [FS-05-01] Multiple vulnerabilities in phpAdsNew 2005-11-10 Toni Koivunen (toni koivunen fitsec com) [FLSA-2005:166941] Updated httpd and mod_ssl packages fix two security issues 2005-11-09 Marc Deslauriers (marcdeslauriers videotron ca) Re: New Bug KESM in GoogleTalk 2005-11-10 crowdat gmail com Initially every anonymous email was notified and googletalk crashes, but now all anonymous emails go directly to spam folder, don't show the popup and don't crash, but if move the mail to the inbox and it's marked "no readed" , when open googletalk and shows the popup the application crash. [ more ] [ reply ] Folder Guard exe files protection bypass 2005-11-10 ShadowBeast underdevelop com There is a protection of the software "Folder Guard" that protects against localy running exe files, which can by bypassed by: running the exe files from the "Temperory internet files/xxxxx" directory, xxxxx stands for the randomal name granted by IE to the directory. u can also install programs to [ more ] [ reply ] MDKSA-2005:210 - Updated w3c-libwww packages fixes DoS vulnerability. 2005-11-10 Mandriva Security Team (security mandriva com) MDKSA-2005:209 - Updated fetchmail packages fixes fetchmailconf vulnerability 2005-11-10 Mandriva Security Team (security mandriva com) MDKSA-2005:208 - Updated emacs packages fix Lisp vulnerability 2005-11-10 Mandriva Security Team (security mandriva com) MDKSA-2005:207 - Updated libungif packages fix various vulnerabilities 2005-11-10 Mandriva Security Team (security mandriva com) [security bulletin] SSRT051012 - HP-UX envd Local Execution of Privileged Code 2005-11-09 security-alert hp com [security bulletin] SSRT051014 - HP-UX Trusted Mode remshd Remote Unauthorized Access 2005-11-09 security-alert hp com [security bulletin] SSRT051064 Revised - HP-UX ftpd Remote Unauthorized Data Access 2005-11-09 security-alert hp com [security bulletin] SSRT051041 Revised - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS) 2005-11-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00553092 Version: 3 HPSBUX01231 SSRT051041 Revised - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS) NOTICE: The information in this Security [ more ] [ reply ] ASPKnowledgebase vulnerable to XSS injection. 2005-11-09 preben watchcom no ASPKnowledgebase, by www.asp-programmers.com is vulnerable to XSS in some of it's input fields. If you compromise it's logon, to gain administrative privileges as my previous advisory describes - you can inject the admin form-fields with XSS. This will result in automatic execution of script when [ more ] [ reply ] ASPKnowledgebase vulnerable to SQL-inject 2005-11-08 preben watchcom no ASPKnowledgebase found at: http://www.asp-programmers.com/download-freeware.asp, does not properly sanitise it's admin logon fields. Therefore an SQL-inject will bypass the entire authentication process, giving you administrative rights. PoC of SQL could be 1'or'1'='1 on the admin logon page: /ad [ more ] [ reply ] New Bug KESM in GoogleTalk 2005-11-09 natalylopez380 hotmail com Hi!! My name is Nataly Lopez, I'm a 17 years old girl living in Venezuela; I have always loved computer security because that's also my father's work. Well, the reason for me to post this is for telling you about a bug in Google Talk I discovered with my friend chris77 (#velug @ irc.freenode.net) t [ more ] [ reply ] Multiple security issues in TikiWiki 1.9.x 2005-11-09 Moritz Naumann (securityfocus com moritz-naumann com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0003 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Multiple security issues in TikiWiki 1.9.x +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 09, 2005 PUBLISHED AT http://morit [ more ] [ reply ] CYBSEC - Security Advisory: Multiple XSS in SAP WAS 2005-11-09 Leandro Meiners (lmeiners cybsec com) (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_ WAS.pdf ) CYBSEC S.A. www.cybsec.com Advisory Name: Multiple XSS in SAP WAS (Web Application Server) Vulnerability Class: Cross-Site Scripting Release [ more ] [ reply ] CYBSEC - Security Advisory: Phishing Vector in SAP WAS 2005-11-09 Leandro Meiners (lmeiners cybsec com) (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Phishing_Vector_in_S AP_WAS.pdf ) CYBSEC S.A. www.cybsec.com Advisory Name: Phishing Vector in SAP WAS (Web Application Server) Vulnerability Class: Phishing Vector / Improp [ more ] [ reply ] CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS 2005-11-09 Leandro Meiners (lmeiners cybsec com) (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitt ing_in_SAP_WAS.pdf ) CYBSEC S.A. www.cybsec.com Advisory Name: HTTP Response Splitting in SAP WAS (Web Application Server) Vulnerability Class: HTTP Res [ more ] [ reply ] [USN-151-4] rpm vulnerability 2005-11-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-151-4 November 09, 2005 rpm vulnerability CVE-2005-1849, CVE-2005-2096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty War [ more ] [ reply ] [SECURITY] [DSA 890-1] New libungif4 packages fix several vulnerabilities 2005-11-09 joey infodrom org (Martin Schulze) [EEYEB-20050329] Windows Metafile Multiple Heap Overflows 2005-11-08 Advisories eeye com Windows Metafile Multiple Heap Overflows Release Date: November 8, 2005 Date Reported: March 29, 2005 Severity: High (Code Execution) Vendor: Microsoft Systems Affected: Windows 2000 Windows Server 2003 Overview: eEye Digital Security has discovered a heap overflow vulnerability in the way the [ more ] [ reply ] [SECURITY] [DSA 891-1] New gpsdrive packages fix arbitrary code execution 2005-11-09 joey infodrom org (Martin Schulze) MDKSA-2005:206 - Updated openvpn packages fix multiple vulnerabilities 2005-11-08 Mandriva Security Team (security mandriva com) |
|
Privacy Statement |
Release Date:
November 10, 2005
Date Reported:
May 28, 2005
Severity:
High (Remote Code Execution)
Vendor:
RealNetworks
Systems Affected:
Windows:
RealPlayer 10.5 (6.0.12.1040-1235)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 8
RealPlayer E
[ more ] [ reply ]