|
|
Colapse all |
Post message
cacam_logsecurity_win32 exploit published on 20051018 by Metasploit 2005-10-19 Williams, James K (James Williams ca com) Cisco Security Advisory:Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability 2005-10-19 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability ======================================================================== == Document ID: 67919 Revision 1.0 For Public Release 2005 October 19 [ more ] [ reply ] SecurityAlert SA025 : PHPNuke Remote Directory Traversal 2005-10-19 sp3x securityreason com Author: sp3x Date: 19. October 2005 Affected software : =================== PHPNuke version : 7.8 - 7.9 + patch 3.1 Description : ============= PHP-Nuke is a Web Portal System, storytelling software, News system, online community or w hatever you want to call it. The goal of PHP-Nuke is to have an [ more ] [ reply ] SUSE Security Announcement: openSSL protocol downgrade attack (SUSE-SA:2005:061) 2005-10-19 Marcus Meissner (meissner suse de) Metasploit Framework v2.5 2005-10-19 H D Moore (sflist digitaloffense net) The Metasploit Framework is an advanced open-source exploit development platform. The 2.5 release includes three user interfaces, 105 exploits and 75 payloads. The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down ve [ more ] [ reply ] Multiple Critical and High Vulnerabilities in Oracle Database Server 2005-10-18 NGSSoftware Insight Security Research (nisr nextgenss com) (1 replies) David Litchfield of NGSSoftware has discovered discovered multiple critical and high risk vulnerabilities in the Oracle Database Server. These vulnerabilities can be exploited by an attacker to gain complete control of the database server. Versions affected include Oracle Database 10g - All Rele [ more ] [ reply ] Revision: Multiple Critical and High Vulnerabilities in Oracle Database Server 2005-10-19 David Litchfield (davidl ngssoftware com) Re: Require many large corporate emails for contact regarding vulnerability. 2005-10-17 dcrab hackerscenter com I just read an article, somewhere that refered to this post and claimed me to be talking useless about the "sky falling" Just to clarify the reason for this post, was to get the attention of these companies. Within 3 hours of making the post, I recieved contact details for security expect of 4 of t [ more ] [ reply ] Windows host based firewall tester 2005-10-18 Tim (pand0ra usa gmail com) (1 replies) http://www.firewallleaktester.com/tests.htm So, after hearing about Kerio being discontinued I started poking around and someone posted a like to this site. Has anyone used this site? Some of this seems kinda sketchy to me, especially the testing methods. I am probably going to go setup some VM mac [ more ] [ reply ] NetFlow Analyzer 4 XSS Vulnerability 2005-10-18 why nsfocus com NetFlow Analyzer 4 http://manageengine.adventnet.com/products/netflow/ I encountered Cross Site Scripting Vulnerabilities in some files of the NetFlow Analyzer 4, with this files, sending a specially crafted url you can execute commands in the client side. ____Proof of Concept______ http://192.16 [ more ] [ reply ] e107 remote commands execution 2005-10-18 retrogod aliceposta it e107 0.617 stable/ 0.6171 / 0.6172 resetcore.php utility SQL Injection / Login bypass / remote code execution / cross site scripting software: site: http://e107.org/news.php description: "e107 is a content management system written in php and using the popular open source mySQL database system fo [ more ] [ reply ] MDKSA-2005:186 - Updated lynx packages fix remote buffer overflow 2005-10-18 Mandriva Security Team (security mandriva com) Secunia Research: MySource Cross-Site Scripting and File InclusionVulnerabilities 2005-10-18 Secunia Research (vuln secunia com) [USN-210-1] netpbm vulnerability 2005-10-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-210-1 October 18, 2005 netpbm-free vulnerability CAN-2005-2978 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) U [ more ] [ reply ] winrar 3.50 Exploit 2005-10-15 edward11 postmaster co uk /* local exploit for winrar <= 3.50 ENG version bug is 0day :) i'm used ret-2-func technique. */ #include <stdio.h> #include <string.h> #include <windows.h> int main ( int argc, char *argv[] ) { long sys_addr = 0x77C18044; // winxp sp0 targets... long exit_addr = 0x77C27ADC; long cm [ more ] [ reply ] Re: Aenovo Multiple Vulnerabilities (Patch) 2005-10-16 ali202 fastermail com Patch : [1] In "user/control.asp" Find this : --------------------------------- pword = Trim(request("password")) --------------------------------- Replace with this: --------------------------------- pword = replace(Trim(request("password")),"'","''") --------------------------------- [2] In " [ more ] [ reply ] [ GLSA 200510-16 ] phpMyAdmin: Local file inclusion vulnerability 2005-10-17 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200510-15 ] Lynx: Buffer overflow in NNTP processing 2005-10-17 Sune Kloppenborg Jeppesen (jaervosz gentoo org) PHP local safedir restriction bypass 2005-10-17 slythers gmail com There is a vulnerability (local safedir restriction bypass) identified within the GD extension affecting the following functions: - imagegif() - imagepng() - imagejpeg() in /ext/gd/gd.c line 1647 Which is now fixed in the cvs http://cvs.php.net/co.php/php-src/ext/gd/gd.c?r=1.312.2.1#1786 POC: wi [ more ] [ reply ] Yahoo RSS XSS Vulnerability 2005-10-17 alljer gmail com I recently began running some testing and discovered that when Yahoo's RSS Aggregator allows a person to add an RSS feed to It?s website, it doesn't properly check the XML file to make sure it doesn't contain possibly malicious code. Full Document: http://www.alljer.com/yahoorssxss.htm A malicious [ more ] [ reply ] Lynx Remote Buffer Overflow 2005-10-17 Ulf Harnhammar (metaur telia com) Lynx Remote Buffer Overflow BACKGROUND "Lynx is a fully-featured World Wide Web (WWW) client for users running cursor-addressable, character-cell display devices such as vt100 terminals, vt100 emulators running on Windows 95/NT or Macintoshes, or any other character-cell display. It will display [ more ] [ reply ] [OpenPKG-SA-2005.022] OpenPKG Security Advisory (openssl) 2005-10-17 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] |
|
Privacy Statement |
FYI...
CA has confirmed that the cacam_logsecurity_win32.pm
exploit released on 20051018 by Metasploit targets an
issue that CA had previously discovered during an
internal audit. We posted patches and public
advisories on August 19, 2005.
References:
(URLs may wrap)
CA SupportConnect advis
[ more ] [ reply ]