|
|
Colapse all |
Post message
[SECURITY] [DSA 822-1] New gtkdiskfree packages fix insecure temporary file 2005-09-29 joey infodrom org (Martin Schulze) [SECURITY] [DSA 797-2] Updated zsync i386 packages fix build error 2005-09-29 Michael Stone (mstone klecker debian org) [SECURITY] [DSA 823-1] New util-linux packages fix privilege escalation 2005-09-29 joey infodrom org (Martin Schulze) [SECURITY] [DSA 824-1] New ClamAV packages fix denial of service 2005-09-29 joey infodrom org (Martin Schulze) Re: PocketPC exploitation 2005-09-28 Jose Morales (mrjoemango2 hotmail com) Ratter, thank you for your comments, everything you say is true. Now I think that real life experience has taught us that it is better to protect from possible future attacks similar to those seen in the past and avoid an outbreak then to wait for a major vx outbreak to react and protect from [ more ] [ reply ] OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability 2005-09-28 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability Advisory number: SCOSA-2005.39 Issue date: 2005 Sept [ more ] [ reply ] PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure 2005-09-28 retrogod aliceposta it PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure site: http://www.php-fusion.co.uk - if magic_quotes off -> SQL Injection, poc: http://[target]/[path_to_Php_Fusion]/messages.php?msg_send=' UNION SELECT user_password FROM fusion_users WHERE user_name='[admin_username]'/* [ more ] [ reply ] Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC 2005-09-28 Debasis Mohanty (mail hackingspirits com) Hi All !! While I was testing desktop based firewalls (here it is Zone Alarm Pro) with the firewall evasion kit developed by me, I found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by [ more ] [ reply ] Is the Bottom Line Impacted by Security Breaches? 2005-09-28 Kenneth F. Belva (ken ftusecurity com) White and Case, a top NYC law firm, posted a survey on Data Security Breach Notifications on September 26, 2005. From the press release: "Victims of personal data security breaches are showing their displeasure by terminating relationships with the companies that maintained their data, according to [ more ] [ reply ] Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein 2005-09-28 Amit Klein (AKsecurity) (aksecurity hotpop com) On 27 Sep 2005 at 21:34, Yutaka OIWA wrote: > Hello Amit, > > "Amit Klein (AKsecurity)" <aksecurity (at) hotpop (dot) com [email concealed]> writes: > > > x.open("GET\thttp://www.target.site/page.cgi?parameters\tHTTP > > /1.0\r\nHost:\twww.target.site\r\nReferer:\thttp://www.target > > .site/somepath?somequery\r\n\r\nG [ more ] [ reply ] [SECURITY] [DSA 821-1] New python2.3 packages fix arbitrary code execution 2005-09-28 joey infodrom org (Martin Schulze) [ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries 2005-09-27 Thierry Carrez (koon gentoo org) Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities 2005-09-26 Joxean Guay del Paraguay (joxeankoret yahoo es) ------------------------------------------------------------------------ --- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities ------------------------------------------------------------------------ --- Author: Jose Antonio Coret (Joxean Koret) Date: 2005 Location: Basque Count [ more ] [ reply ] PacSec 05 2005-09-26 Dragos Ruiu (dr kyx net) Myamoto Musashi famous swordsman and author of "Go Rin No Sho" (the Book of Five Rings) wrote "Study the Way of all professions." In the way of computer networks, one must understand attacks before one can forestall them. I would like to announce the selection of the PacSec applied technical secur [ more ] [ reply ] MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities 2005-09-27 Mandriva Security Team (security mandriva com) CMS Made Simple 0.10 is susceptible to a cross site scripting attack. 2005-09-26 X1ngBox securityfocus com, Gmail securityfocus com,COM securityfocus com FreeBSD GNU Mailutils 0.6 imap4d exploit 2005-09-26 angelo rosiello org FreeBSD GNU Mailutils 0.6 imap4d exploit. Advisory:http://www.idefense.com/application/poi/display?id=303&type=vul nerabilities http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c Rosiello Security http://www.rosiello.org ----------------------------------------------------------------------- [ more ] [ reply ] SEO borad: SQL injection 2005-09-27 ghc ghc ru Product: SEO-Board Version: 1.02 Author: Hristo Hristov URL: http://seo-board.com VULNERABILITY CLASS: SQL injection through cookie [PRODUCT DESCRIPTION] SEO-Board is a forum software that's fast, free, and search engine friendly. It is written in PHP and use MySQL database. [VULNERABILITY] Vuln [ more ] [ reply ] Nokia 7610, 3210 denial of service in OBEX. 2005-09-26 A. Ramos (aramosf unsec net) Title: Nokia 7610, 3210 Denial of Service in OBEX. Severity: Low Affected: tested in nokia 7610 and nokia 3210 (maybe others symbian phones). Problem type: remote Details: ------------------------------------------------------------------------ ---------------------------------- They are some flaw [ more ] [ reply ] Announce: RSBAC v1.2.5 released 2005-09-27 Amon Ott (ao rsbac org) Rule Set Based Access Control (RSBAC) v1.2.5 has been released! Full information and downloads are available at http://www.rsbac.org RSBAC Key Features: * Free Open Source (GPL) Linux kernel security extension * Independent of governments and big companies * Several well-known and new [ more ] [ reply ] ElseNot project 2005-09-26 layne elsenot com With Microsoft not pushing out any patches this month what is a security researcher to do? How about try to find a exploit for every MS Security Bulletin ever released. Microsoft has published 449 bulletins I have found 114 exploit so far and now turn it over the community. The project can be fo [ more ] [ reply ] lucidCMS 1.0.11 is susceptible to a cross site scripting attack 2005-09-27 x1ngbox securityfocus com, gmail securityfocus com,com securityfocus com [Description]: lucidCMS is a simple and flexible content management system for the individual or organization that wishes to manage a collection of webpages without the overhead and complexity of other available "community" CMS options. [version]:lucidCMS 1.0.11 [vendor]:www.lucidcms.net [Vulnera [ more ] [ reply ] [ISR] - Novell GroupWise Client Integer Overflow 2005-09-27 Francisco Amato (famato infobyte com ar) (1 replies) || || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 09.27.2005 || .:: SUMMARY Novell GroupWise Client Integer Overflow Version: GroupWise 6.5.3, It is suspected that all previous versions of Groupwise Client are vulnerable. .:: BACKGROUND GroupWise Client is Novell's pre [ more ] [ reply ] Re: [ISR] - Novell GroupWise Client Integer Overflow 2005-09-27 Crist J. Clark (cristjc comcast net) MDKSA-2005:170 - Updated mozilla packages fix multiple vulnerabilities 2005-09-27 Mandriva Security Team (security mandriva com) Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein 2005-09-27 anonymous anonymous com RealPlayer && HelixPlayer Remote Format String Exploit 2005-09-26 c0ntexb gmail com /* ************************************************************************ ***************************************** $ An open security advisory #13 - RealPlayer and Helix Player Remote Format String Exploit ************************************************************************ ************* [ more ] [ reply ] [USN-187-1] Linux kernel vulnerabilities 2005-09-25 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-187-1 September 25, 2005 linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities CAN-2005-1767, CAN-2005-3044 =========================================================== A security issue affects the following [ more ] [ reply ] |
|
Privacy Statement |
Serendipity: Account Hijacking / CSRF Vulnerability
===========================================================
Technical University of Vienna Security Advisory
TUVSA-0509-001, September 29, 2005
============================================
[ more ] [ reply ]