|
|
Colapse all |
Post message
Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC 2005-09-04 medhead flagmandesign com [NewAngels Advisory] aMember Pro 2.3.X - Remote File Include Vulnerability 2005-09-05 4Degrees 46and2 com [NewAngels Advisory #2] aMember Pro 2.3.X - Remote File Include Vulnerability ======================================================================== ===== Software: aMember Pro 2.3.4 Type: Remote PHP File Include Vulnerability Risk: High Date: Aug. 16 2005 Vendor: CGI Central Credit: ======= N [ more ] [ reply ] [SECURITY] [DSA 801-1] New ntp packages fix group id confusion 2005-09-05 joey infodrom org (Martin Schulze) Re: FileZilla weakly-encrypted password vulnerability 2005-09-04 Luigi Auriemma (aluigi autistici org) > Title: FileZilla weakly-encrypted password vulnerability Lately I have seen a lot of posts about these so called "weak password schemes" but I really don't understand them and moreover I don't understand where is the problem... The program needs to store some "optional" data (nobody forces the u [ more ] [ reply ] UNB 1.5.3 cross site scripting 2005-09-05 retrogod aliceposta it UNB 1.5.3 cross site scripting software: http://newsboard.unclassified.de/ when you post a message try this in description field: </div><script>alert(document.cookie)</script> googledork: "Unclassified NewsBoard" inurl:forum.php rgod site: http://rgod.altervista.org mail: retrogod (at) aliceposta (dot) i [email concealed] [ more ] [ reply ] PHP-Nuke 2005-09-05 bhfh walla com PHP-Nuke Search Cross-Site Scripting Vulnerability Vulnerable: i think all ver. data:2005-09-5 exploit : #openme.htm :: <html> <form name=searchform method=post action=http://[target]/modules.php?op=modload&name=Search_Enhanced&file= index> <input type="text" name="query" size="15" value='<scrip [ more ] [ reply ] Multiple vulnerabilities in FreeBSD 'urban' 2005-09-04 Shaun Colley (shaun rsc cx) Multiple vulnerabilities in FreeBSD 'urban' September 4th, 2005 I. BACKGROUND URBAN is a bloody, violent sidescrolling shoot-em-up in which you're a renegade military cyborg fighting your way out of the military base where you were created. 'urban' is maintained and distributed as a FreeBSD port [ more ] [ reply ] Land Down Under 'events.php' Cross Site Scripting Vulnerability 2005-09-05 conor e buckley gmail com In Land Down Under (LDU http://www.neocrome.net/), the target script "events.php?m=add" is vulnerable to XSS. When submitting an event, the "Description" field is vulnerable to HTML injection. Any user logged in can submit an event but an admin must approve of the event before being publicly viewe [ more ] [ reply ] [ GLSA 200509-03 ] OpenTTD: Format string vulnerabilities 2005-09-05 Stefan Cornelius (dercorny gentoo org) USB Lock Auto-Protect v1.5 - Local Password Encryption Weakness 2005-09-05 unsecure writeme com Software: USB Lock Auto-Protect Vendor: www.advansysperu.com Corporation: Advansysperu Software Version: 1.5 Vulnerability: Local Password Encryption Weakness Background: ******************** Prevent or allow the use of removable USB storage devices, CD-ROMs and floppy disks with USB Lock AP (Auto [ more ] [ reply ] [USN-145-2] wget bug fix 2005-09-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-145-2 September 06, 2005 wget bug fix http://bugzilla.ubuntu.com/show_bug.cgi?id=12604 =========================================================== A security issue affects the following Ubuntu releases: [ more ] [ reply ] [OpenPKG-SA-2005.017] OpenPKG Security Advisory (modssl) 2005-09-02 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] SUSE Security Announcement: php4, php5 remote code execution (SUSE-SA:2005:051) 2005-09-05 Marcus Meissner (meissner suse de) [ GLSA 200509-02 ] Gnumeric: Heap overflow in the included PCRE library 2005-09-03 Thierry Carrez (koon gentoo org) Microsoft Windows keybd_event validation vulnerability 2005-09-06 Frederic Charpentier (fcharpen xmcopartners com) (1 replies) Hi list, I haven't seen any information about this new local exploit for Microsoft Windows : http://www.haxorcitos.com/MSRC-6005bgs-EN.txt Description from Haxorcitos : As is Known, with the current Microsoft Security Model, applications that share the destkop are able to send messages between th [ more ] [ reply ] Re: [Full-disclosure] Microsoft Windows keybd_event validationvulnerability 2005-09-06 Jerome Athias (jerome athias free fr) [KDE Security Advisory] kcheckpass local root vulnerability 2005-09-05 Dirk Mueller (mueller kde org) I have discovered small xss error in open webmail 2.41 2005-09-03 s3cure poczta fm Discovered by s3cure Risk: small When we are logged on account we see: http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourl ogin*-session-0.274744641575129&action=listmessages_afterlogin Now we can do small xss: http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?session [ more ] [ reply ] IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV 2005-09-04 inge henriksen booleansoft com ** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ ** It is possible to remotely view the source code of web script files though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be vulnerable. The web script file must be on a [ more ] [ reply ] [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities 2005-09-03 John Cobb (johnc nobytes com) Hello All, I have discovered a number of remote vulnerabilities in: MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro Authors Site: http://www.midicart.com/ +-[Examples:]--------------------------------------------------+ [1]----------------------------------------------------- [ more ] [ reply ] MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure 2005-09-06 retrogod aliceposta it MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure software: site: http://www.maxdev.com/ description: http://www.maxdev.com/AboutMD.phtml 1) remote code/commands execution: after registration goto "Downloads" page and click on "Add a down [ more ] [ reply ] [OpenPKG-SA-2005.020] OpenPKG Security Advisory (proftpd) 2005-09-06 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] FileZilla weakly-encrypted password vulnerability: advisory + PoC 2005-09-02 m123303 securityfocus com, "[#*at*#]" securityfocus com,richmond ac uk securityfocus com (2 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: FileZilla weakly-encrypted password vulnerability Risk: HIGH Credits: pagvac (Adrian Pastor) Date found: 6th August, 2005 Homepage: www.ikwt.com www.adrianpv.com E-mail: m123303[ - at - ]richmond.ac.uk Background - ----------- FileZilla [ more ] [ reply ] Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC 2005-09-04 Nicholas Knight (nknight runawaynet com) Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC 2005-09-05 Nick Boyce (nick boyce gmail com) Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x] 2005-09-02 Steven M. Christey (coley mitre org) secure (at) symantec (dot) com [email concealed] said: >Symantec is aware of and is currently investigating this issue. It is very nice to see some major vendors starting to publicly state that they are aware of non-coordinated public disclosures, before investigation is complete and a fix is available. This helps consumers [ more ] [ reply ] |
|
Privacy Statement |
http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328
Preface: There is no know security vulnerab
[ more ] [ reply ]