|
|
Colapse all |
Post message
RE: FileZilla weakly-encrypted password vulnerability: advisory + PoC 2005-09-07 MacIntyre, Lawrence Paul (macintyrelp ornl gov) How hard would it be to use a passphrase to encrypt the passwords? -----Original Message----- From: Nick Boyce [mailto:nick.boyce (at) gmail (dot) com [email concealed]] Sent: Monday, September 05, 2005 12:57 PM To: bugtraq (at) securityfocus (dot) com [email concealed] Subject: Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC On 2 [ more ] [ reply ] MDKSA-2005:156 - Updated ntp packages fix small security-related issue. 2005-09-07 Mandriva Security Team (security mandriva com) Rule bypassing in CheckPoint NGX R60 2005-09-07 fitz (fitzimailing yahoo de) Hi folks, as playing a little bit with CheckPoint NGX new release R60, I noticed a serious problem with the predefined service group "CIFS". This group includes the services called "microsoft-ds" (TCP Port 445) and the predefined service group "NBT", which includes some old smb-stuff. If I use th [ more ] [ reply ] [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities 2005-09-07 r verton gmail com [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 ======================================================================== ===== Software: WEB//NEWS 1.4 Type: SQL Injections, Path Disclosure Risk: High Date: Sep. 1 2005 Vendor: Stylemotion Credit: ======= Robin 'onkel_fisch' Verton http://www.it- [ more ] [ reply ] [ Suresec Advisories ] - Kcheckpass file creation vulnerability 2005-09-07 Suresec Advisories (advisories suresec org) Suresec Security Advisory - #00006 05/09/05 Kcheckpass file creation vulnerability Advisory: http://www.suresec.org/advisories/adv6.pdf Description: A lockfile handling error was found in kcheckpass which can, in certain configurations be used to create world writable files. Exploitation of thi [ more ] [ reply ] MDKSA-2005:157 - Updated smb4k packages fix vulnerabilities 2005-09-07 Mandriva Security Team (security mandriva com) MDKSA-2005:158 - Updated mplayer packages fix vulnerabilities 2005-09-07 Mandriva Security Team (security mandriva com) Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow 2005-09-07 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: ======================== Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow ======================================================================== =========== Revision 1.0 For Public Release [ more ] [ reply ] WebArchiveX - Unsafe Methods Vulnerability 2005-09-07 Brett Moore (brett moore security-assessment com) ======================================================================== = WebArchiveX - Unsafe Methods Vulnerability = = Vendor Website: = http://http://www.csystems.co.il/webarchivex/index.aspx = = Affected Version: = WebArchiveX.dll 5.5.0.76 Installed Prior To Sep 6th, 2005 = = Public disclos [ more ] [ reply ] PBLang 4.65 (possibly prior versions) remote code execution 2005-09-07 retrogod aliceposta it PBLang 4.65 (possibly prior versions) remote code execution / administrative credentials disclosure / system information disclosure / cross site scripting / path disclosure software: description: PBLang is a powerful flatfile Bulletin Board System. It combines many features of a professional board [ more ] [ reply ] MDKSA-2005:159 - Updated kdeedu packages fix tempfile vulnerability 2005-09-07 Mandriva Security Team (security mandriva com) MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerability 2005-09-07 Mandriva Security Team (security mandriva com) [SECURITY] [DSA 802-1] New cvs packages fix insecure temporary files 2005-09-07 joey infodrom org (Martin Schulze) SQL Injection[2] In MyBB PR2 2005-09-07 stranger-killer hotmail com Hello .. The Injected File : misc.php , newreply.php Discovered by: Devil-00 Injected Versions :- MyBB Preview Release 2 misc.php :- [CODE] http://site/misc.php?action=rules&fid=-1' [SQL] [/CODE] newreply.php :- [CODE] Do Preview By FireFox And Edit Header ;) Content-Disposition: form-data; nam [ more ] [ reply ] Vulnerability In SecureOL VE2 v1.05.1008 2005-09-07 maxim secureol com Introduction: VE2 provides two separate virtual environments (Secured and Public( To ensure corporate security and to provide secured and free access to the WEB while protecting the enterprise. Summary: Windows 16-bit execution support allows direct access to physical memory through \\PhysicalMe [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug 2005-09-07 FreeBSD Security Advisories (security-advisories freebsd org) Re: [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities 2005-09-07 exoduks securityfocus com, "[at]" securityfocus com,"gmail|dot]com" securityfocus com [ GLSA 200509-06 ] Squid: Denial of Service vulnerabilities 2005-09-07 Sune Kloppenborg Jeppesen (jaervosz gentoo org) (Annex A) ADSL Road Runner Exploit Description & Theory 2005-09-02 gp32boy hotmail com This back door was found by testing the ports with telnet. By running through each open port individually I managed to find a hole that obviously the creators have made. This allows you to remotely access the router and manipulate the features and find information. Typically the router would ha [ more ] [ reply ] Secunia Research: SqWebMail Conditional Comments Script InsertionVulnerability 2005-09-06 Secunia Research (vuln secunia com) [security bulletin] SSRT051023 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access 2005-09-05 security-alert hp com [SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability 2005-09-03 Michael Stone (mstone klecker debian org) [OpenPKG-SA-2005.018] OpenPKG Security Advisory (pcre) 2005-09-05 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Revised paper on "ICMP attacks against TCP" 2005-09-05 Fernando Gont (fernando frh utn edu ar) Folks, I have submitted to the IETF a revised version of my internet-draft on "ICMP attacks against TCP". This version addresses the feedback I have received during the last eight months, and includes, among other things, pointers to existing implementations of the proposed fixes. It will soon [ more ] [ reply ] [OpenPKG-SA-2005.019] OpenPKG Security Advisory (openssh) 2005-09-06 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting 2005-09-05 retrogod aliceposta it phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1) sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin" co [ more ] [ reply ] |
|
Privacy Statement |
This "exploit" is a "by design".
The writers suggest that if you are logged in to a privileged account,
[ more ] [ reply ]