|
|
Colapse all |
Post message
flexbackup default config insecure temporary file creation 2005-10-17 ZATAZ Audits (exploits zataz net) ie7 will have more mechanisms 2005-10-17 liudieyu umbrella name for all those who are still concerned about ie security ... check this presentation titled: * Internet Explorer Security: Past, Present and Future available at: * http://www.packetstormsecurity.org/hitb05/Keynote-Tony-Chor-IE-Security- Past-Present-and-Future.ppt this clear presentation is from ton [ more ] [ reply ] SUSE Security Announcement: OpenWBEM (SUSE-SA:2005:060) 2005-10-17 krahmer suse de (Sebastian Krahmer) Yahoo RSS XSS Vulnerability (Correction) 2005-10-17 alljer gmail com URL in previous post is brings up improper results, see http://www.alljer.com/yahoorssxss.htm for most correct version, or use version below. Sorry for any confusion. Exploit example URL should be ( http://add.my.yahoo.com/rss?url=http://www.alljer.com/yahoo.xml ) I recently began running some test [ more ] [ reply ] Ciscos VPN-Client-Passwords can be decrypted 2005-10-16 Thierry Zoller (Thierry sniff-em com) Dear List, [1] heise published a news article today. [2] EvilScientists reverse engineered the algorithm Cisco uses to _obscufate_ the passwords. [3] PoC Summary : Cisco uses 3des to encrypt the passwords, however it does so using a deterministic encryption sheme (no user input) and thus must [ more ] [ reply ] Exploiting Windows Device Drivers Whitepaper 2005-10-16 Piotr Bania (bania piotr gmail com) Hi, For those who are interrested, the paper can be downloaded from: http://pb.specialised.info/all/articles/ewdd.pdf Enjoy. best regards, Piotr Bania -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr (at) gmail (dot) com [email concealed]> - 0xCD, 0x19 Fingerprint: 413E [ more ] [ reply ] [USN-208-1] graphviz vulnerability 2005-10-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-208-1 October 17, 2005 graphviz vulnerability CAN-2005-2965 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Th [ more ] [ reply ] [USN-207-1] PHP vulnerability 2005-10-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-207-1 October 17, 2005 php4 vulnerability CAN-2005-3054 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] [USN-208-1] SSH server vulnerability 2005-10-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-208-1 October 17, 2005 openssh vulnerability CAN-2005-2798 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [USN-206-1] Lynx vulnerability 2005-10-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-206-1 October 17, 2005 lynx vulnerability CAN-2005-3120 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] [ GLSA 200510-14 ] Perl, Qt-UnixODBC, CMake: RUNPATH issues 2005-10-17 Thierry Carrez (koon gentoo org) MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability 2005-10-14 Mandriva Security Team (security mandriva com) Security Contacr for Mycall 2005-10-14 Fixer (fixer gci net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does anyone know of a security contact for Mycall? They provide kiosks and terminals for hotels and such. I tried their website and Google, but with no luck. Thanks! - -cdh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) Comment: Using [ more ] [ reply ] [KAPDA::#6] Punbb SQL Injection Vulnerability 2005-10-14 advisory kapda ir [KAPDA::#6] Punbb SQL Injection Vulnerability Punbb search.php SQL Injection Vulnerability KAPDA New advisory Vulnerable products : Punbb ( V 1.2.8 and 1.2.7 are tested,Hopefully all other versions) Vendor: http://www.punbb.org/ Vulnerability: Sql injection About Punbb -------------------- [ more ] [ reply ] MDKSA-2005:184 - Updated cfengine packages fix temporary file vulnerabilities 2005-10-14 Mandriva Security Team (security mandriva com) [ GLSA 200510-12 ] KOffice, KWord: RTF import buffer overflow 2005-10-14 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability 2005-10-14 none securityfocus com Trusted Digital, Trusted MObility Suite Authorization Bypass Vulnerability Affected applications Trusted Mobility Agent PC Policy Versions: All Backgroud: Trusted Mobility Suite detects, controls and centrally manages mobile devices. It also pushes security policy and disables lost or stolen [ more ] [ reply ] CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability 2005-10-14 Williams, James K (James Williams ca com) Title: Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability CA Vulnerability ID: 33485 Discovery Date: 2005-10-06 CA Advisory Date: 2005-10-14 Discovered By: EMendoza Impact: Remote attacker can execute arbitrary code with SYSTEM privileges. Summary: The [ more ] [ reply ] MDKSA-2005:183 - Updated wget packages fix NTLM authentication vulnerability 2005-10-14 Mandriva Security Team (security mandriva com) Gallery 2.x Remote File Access Vulnerability 2005-10-14 Bharat Mediratta (bharat menalto com) Vendor information: Gallery is an open source web based photo album organizer. The 2.x is a newly released complete rewrite of the application. Url: http://gallery.menalto.com Contact: gallery (at) menalto (dot) com [email concealed] Vulnerability class: Input sanitization Details: Michael Dipper [ more ] [ reply ] MDKSA-2005:182 - Updated curl packages fix NTLM authentication vulnerability 2005-10-14 Mandriva Security Team (security mandriva com) Google Talk cleartext proxy credentials vulnerability 2005-10-14 m123303 richmond ac uk (1 replies) Title: Google Talk cleartext proxy credentials vulnerability Risk: Low/Medium Versions affected: <= 1.0.0.72 Credits: pagvac (Adrian Pastor) Date found: 12th Oct, 2005 Homepage: www.ikwt.com (In Knowledge We Trust) www.adrianpv.com E-mail: m123303 [ - a t - ] richmond.ac.uk [Backgro [ more ] [ reply ] Re: Google Talk cleartext proxy credentials vulnerability 2005-10-15 3APA3A (3APA3A SECURITY NNOV RU) RTasarim WebAdmin modul SQL injection 2005-10-14 khc bsdmail org, and securityfocus com,www clankurd tk securityfocus com Site : www.rtasarim.com/en/yazilim.asp Description : WEBADMIN (Site Administrating Program) By courtesy of the Program it can be possible to intervene to the parts of the site instantly. All parts those have interactivity option can be updated. username : admin password : 'or' or username : 'o [ more ] [ reply ] Re: Antivirus detection bypass by special crafted archive. 2005-10-14 Williams, James K (James Williams ca com) fRoGGz, SecuBox Labs: thanks for posting the advisory. We are wrapping up our investigation and development of solutions to address this issue. We will post an appropriate notification when those solutions are available. In the meantime, CA eAV users can protect themselves by enabling Realtime S [ more ] [ reply ] Airscanner Mobile Security Advisory #05101001: iTunes Shared Music Denial of Service/Spoofing/Flooding/Abuse 2005-10-14 Seth Fogie (seth airscanner com) *Airscanner Mobile Security Advisory #05101001: iTunes 6.0 Shared Music Denial of Service/Spoofing/Flooding/Abuse* *Demo:* The following is a link to a Flash demo in which we demonstrate the vulnerability. (link to flash demo <http://www.airscanner.com/security/itwns2.html>) *URL: *http://www.ai [ more ] [ reply ] [USN-205-1] Curl and wget vulnerabilities 2005-10-14 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-205-1 October 14, 2005 curl, wget vulnerabilities CAN-2005-3185 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) [ more ] [ reply ] [USN-204-1] SSL library vulnerability 2005-10-14 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-204-1 October 14, 2005 openssl vulnerability CAN-2005-2969 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability 2005-10-13 iDEFENSE Labs (labs-no-reply idefense com) Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability iDEFENSE Security Advisory 10.13.05 www.idefense.com/application/poi/display?id=322&type=vulnerabilities October 13, 2005 I. BACKGROUND GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the mos [ more ] [ reply ] |
|
Privacy Statement |
flexbackup default config insecure temporary file creation
Vendor: http://flexbackup.sourceforge.net/
Advisory: http://www.zataz.net/adviso/flexbackup-09192005.txt
Vendor informed: yes
Exploit available: yes
Impact : low
Exploitation : low
[ more ] [ reply ]