BugTraq Mode:
(Page 1258 of 1748)  < Prev  1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263  Next >
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte 2005-10-26
Andrey Bayora (andrey securityelf org)
Hello Debasis,
Please see my inline comments below.
Thanks.

Regards,
Andrey

----- Original Message -----
From: "Debasis Mohanty" <mail (at) hackingspirits (dot) com [email concealed]>
To: "'Andrey Bayora'" <andrey (at) securityelf (dot) org [email concealed]>;
<full-disclosure (at) lists.grok.org (dot) uk [email concealed]>
Cc: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Tuesday, October 25

[ more ]  [ reply ]
[KAPDA::#9] Techno Dreams Scripts Vulnerabilities 2005-10-26
advisory kapda ir
[KAPDA::#9]Techno Dreams Scripts Vulnerabilities

KAPDA New advisory

Vulnerable products :

Techno Dreams Announcement Script
Techno Dreams Guestbook Script
Techno Dreams Mailing List Script
Techno Dreams WebDirectory Script

Vendor: http://www.t-dreams.com/

Risk: High

Vulnerability: Sql injecti

[ more ]  [ reply ]
[SECURITY] [DSA 873-1] New net-snmp packages fix denial of service 2005-10-26
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 873-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 26th, 2005

[ more ]  [ reply ]
phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. 2005-10-25
Paul Laudanski (zx castlecops com)
On Sat, 22 Oct 2005, K-Gen Gen wrote:

> phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
>
> I sent the report to phpBB and they said that a patch will be available
> withing a few days and It will be integrated into 2.0.18 .
>
> Note: This works like XSS, and requires the v

[ more ]  [ reply ]
PHP-Nuke Cross-Site Scripting Vulnerability 2005-10-25
bhfh01 gmail com
i am sorry but i had a little problem with my
old e-mail address , my new one is bhfh01 (at) gmail (dot) com [email concealed]

the mail:

PHP-Nuke
Search Cross-Site Scripting Vulnerability

Vulnerable: i think all ver.
data:2005-09-5

The search field at modules.php?name=Search_Enhanced is vulnerable to html injection attac

[ more ]  [ reply ]
SQL-Injection in MyBulletinBoard allows attacker to become a board admin. 2005-10-26
Animal (cOre xaker ru)
Vendor: www.mybboard.com
Version: 1.00 Preview Release 2, RC4 and mayb prior.
Script: usercp.php
Code:
> if($mybb->input['away'] == "yes" && $mybb->settings['allowaway'] !=
> "no")
> {
> [...]
> $returndate =
> $mybb->input['awayday']."-".$mybb->input['awaymonth']."-".$mybb

[ more ]  [ reply ]
Woltlab Burning Board info_db.php multiple SQL injection 2005-10-26
admin batznet com
#################################################################
#
# Woltlab Burning Board info_db.php multiple SQL # injection
#
#################################################################
->discovered by [R]

Vendor: "Trooper"
URL: www.wbbcoderforum.de
Version: <= 2.7
T

[ more ]  [ reply ]
Secunia Research: Mantis "t_core_path" File Inclusion Vulnerability 2005-10-26
Secunia Research (vuln secunia com)
======================================================================

Secunia Research 26/10/2005

- Mantis "t_core_path" File Inclusion Vulnerability -

======================================================================
Table of Contents

Affected Software.......

[ more ]  [ reply ]
Looking for a security contact at Macrovision/InstallShield 2005-10-25
Richard M. Smith (rms computerbytesman com)
Hi,

I need a security contact at the InstallShield division of Macromedia. I
have found a very serious privacy leak bug in one of their ActiveX controls.

Richard M. Smith
http://www.ComputerBytesMan.com

PS. If your company uses InstallShield, you might also want to drop me a
line.

[ more ]  [ reply ]
[SECURITY] [DSA 872-1] New koffice packages fix arbitrary code execution 2005-10-26
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 872-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 26th, 2005

[ more ]  [ reply ]
[SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution 2005-10-26
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 548-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 26th, 2005

[ more ]  [ reply ]
MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities 2005-10-26
Mandriva Security Team (security mandriva com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:193
http://www.mandriva.com/security/
_____________________________________________________________________

[ more ]  [ reply ]
Looking for security contacts at Sony and Lenovo (FKA IBM) 2005-10-25
Richard M. Smith (rms computerbytesman com)
Hi,

I am looking for security contacts at Sony and Lenovo. Both companies are
shipping ActiveX controls pre-installed on their latest model computers
which have security problems that I need to report.

Richard M. Smith
http://www.ComputerBytesMan.com

[ more ]  [ reply ]
SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable) 2005-10-25
sikikmail gmail com
SparkleBlog is prone to HTMl injection attacks. It is possible for a malicious SparkleBlog user to inject hostile HTML script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of SparkleBlog.
SparkleBlog does not adequately filt

[ more ]  [ reply ]
SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability 2005-10-25
Bernhard Mueller (research sec-consult com)
SEC-CONSULT Security Advisory 20051025-0
======================================================================
title: Snoopy Remote Code Execution Vulnerability
program: Snoopy PHP Webclient
vulnerable version: 1.2 and earlier
homepage: http://s

[ more ]  [ reply ]
SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS 2005-10-25
Bernhard Mueller (research sec-consult com)
SEC-CONSULT Security Advisory 20051025-1
=====================================================================
title: RSA ACE Web Agent XSS
program: RSA ACE/Agent for Web
vulnerable version: 5.1, 5.1.1
newer versions may be vulnerable

[ more ]  [ reply ]
iDEFENSE Security Advisory 10.24.05: SCO Openserver authsh 'Home' Buffer Overflow Vulnerability 2005-10-24
iDEFENSE Labs (labs-no-reply idefense com)
SCO Openserver authsh 'Home' Buffer Overflow Vulnerability

iDEFENSE Security Advisory 10.24.05
http://www.idefense.com/application/poi/display?type=vulnerabilities
October 24, 2005

I. BACKGROUND

SCO OpenServer is a UNIX-like operating system for x86 platforms.

II. DESCRIPTION

Local exploitation

[ more ]  [ reply ]
[SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution 2005-10-25
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 871-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 25th, 2005

[ more ]  [ reply ]
Network Appliance iSCSI Authentication Bypass 2005-10-25
advisories matasano com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# Security Advisory: Network Appliance iSCSI Authentication Bypass

## Origin Date: Wed Aug 3 2005

## Publication Date: Mon Oct 24 2005

## Synopsis

Unauthenticated iSCSI Initiators can bypass iSCSI authentication on
NetApp Filers by manipulating the

[ more ]  [ reply ]
Mozilla Thunderbird SMTP down-negotiation weakness 2005-10-25
Thomas Henlich (thomas henlich de) (1 replies)
MOZILLA THUNDERBIRD SMTP DOWN-NEGOTIATION WEAKNESS

Thomas Henlich <thomas (at) henlich (dot) de [email concealed]>

SUMMARY

Mozilla Thunderbird SMTP down-negotiation behaviour allows a man-
in-the-middle (MITM) attack to bypass TLS initialization and/or
downgrade CRAM-MD5 to PLAIN authentication, leading to exposure
of authen

[ more ]  [ reply ]
Re: Mozilla Thunderbird SMTP down-negotiation weakness 2005-10-26
Jason Haar (Jason Haar trimble co nz) (1 replies)
Re: Mozilla Thunderbird SMTP down-negotiation weakness 2005-10-26
Tony Finch (dot dotat at)
iDEFENSE Security Advisory 10.24.05: SCO Unixware Setuid ppp prompt Buffer Overflow Vulnerability 2005-10-24
iDEFENSE Labs (labs-no-reply idefense com)
SCO Unixware Setuid ppp prompt Buffer Overflow Vulnerability

iDEFENSE Security Advisory 10.24.05
http://www.idefense.com/application/poi/display?type=vulnerabilities
October 24, 2005

I. BACKGROUND

SCO UnixWare is a UNIX operating system.

More information is available at:

http://www.sco.com/pr

[ more ]  [ reply ]
[SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities 2005-10-25
snsadv lac co jp (snsadv)
----------------------------------------------------------------------
SNS Advisory No.85
XOOPS Multiple Cross-site Scripting Vulnerabilities

Problem first discovered on: Sun, 25 Sep 2005
Published on: Tue, 25 Oct 2005
----------------------------------------------------------------------

Severity

[ more ]  [ reply ]
[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution 2005-10-25
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 870-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 25th, 2005

[ more ]  [ reply ]
[ GLSA 200510-21 ] phpMyAdmin: Local file inclusion and XSS vulnerabilities 2005-10-25
Thierry Carrez (koon gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200510-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
[ GLSA 200510-20 ] Zope: File inclusion through RestructuredText 2005-10-25
Thierry Carrez (koon gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200510-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
[ GLSA 200510-19 ] cURL: NTLM username stack overflow 2005-10-22
Thierry Carrez (koon gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200510-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
Skype security advisory 2005-10-25
. EADS CCR DCR/STI/C (dcrstic ccr eads net)
Synopsis
========

The EADS/CRC security team discovered a flaw in Skype client.

Skype is a P2P VoIP software that can bypass firewalls and NAT
to connect to the Skype network. Skype is very popular because
of its sound quality and ease of use.

Skype client is available for Windows, Linu

[ more ]  [ reply ]
(Page 1258 of 1748)  < Prev  1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus