|
|
Colapse all |
Post message
RE: secure client-side platform 2005-08-31 Beauford, Jason (jbeauford EightInOnePet com) Tinfoil Hat linux ..silly. http://tinfoilhat.shmoo.com/ JMB =| -----Original Message----- =| From: liudieyu (at) umbrella (dot) name [email concealed] [mailto:liudieyu (at) umbrella (dot) name [email concealed]] =| Sent: Wednesday, August 31, 2005 8:54 AM =| To: bugtraq (at) securityfocus (dot) com [email concealed] =| Subject: secure client-sid [ more ] [ reply ] Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure 2005-08-31 retrogod aliceposta it Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure software: site: http://www.simplemachines.org/ information disclosure: a user can choose an sumbit an avatar url like this: http://[evil_site]/image.php where image.php is a file like this: <?php $l [ more ] [ reply ] Obsidis #1 Call for Papers 2005-08-31 angelo rosiello org Obsidis #1 Call for Papers -------------------------------------------------DEADLINE: 12th December, 2005. http://www.obsidis.org ------------------------------------------------- Obsidis is a new scientific/underground magazine that focuses on research in ITC security. Papers about a [ more ] [ reply ] XSS in GreyMatter blog 2005-08-31 poizon securityinfo ru Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code (like <script></script>), administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look [ more ] [ reply ] Re: ICMP attacks against TCP: Conclusions 2005-08-30 Damien Miller (djm mindrot org) On Tue, 30 Aug 2005, Dan Yefimov wrote: > All we've heard from you are attack descriptions and claims for vendors > to fix their OSes. It's easy to sit back and claim for others to do > something. But what we haven't ever heard from you are YOUR personal > opinions and proposals on fixing the pr [ more ] [ reply ] Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure 2005-08-30 retrogod aliceposta it Flatnuke 2.5.6 Underlying system information disclosure / Administrative & users credentials disclosure / cross site scripting / path disclosure / resource consumption poc (tested on Windows) software: site: http://flatnuke.sourceforge.net/flatnuke/ 1) cross site scripting: http://[target]/[pat [ more ] [ reply ] [SECURITY] [DSA 792-1] New pstotext packages fix arbitrary command execution 2005-08-31 joey infodrom org (Martin Schulze) [ GLSA 200508-21 ] phpWebSite: Arbitrary command execution through XML-RPC and SQL injection 2005-08-31 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Indiatimes Messenger 6.0 Buffer Overflow (Remote) 2005-08-31 ViPeR (viper31337 yahoo co in) Indiatimes Messenger 6.0 Buffer Overflow (Remote) Vulnerable Program : Indiatimes Messenger v6.0 (Latest) Vendor URL : http://messenger.indiatimes.com/ (Attempt to contact thru http://messenger.indiatimes.com/feedback.htm failed!) Exploit Type : Remote DoS (Remote Compromise may also be possible) [ more ] [ reply ] [ GLSA 200508-22 ] pam_ldap: Authentication bypass vulnerability 2005-08-31 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [security bulletin] SSRT051004 rev.0 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege 2005-08-30 security-alert hp com secure client-side platform 2005-08-31 liudieyu umbrella name how to have a secure client-side platform for secret communication? ... transferring and storing secret messages, online banking, etc i got some fresh ideas in mind, and would like to share it here: 0. watch network with sniffer, so be sure no byte is sent to weird destinations 1. read-only o [ more ] [ reply ] Call for new mailing lists @ SecurityFocus 2005-08-31 Alfred Huger (ah securityfocus com) All, As most of you know, some of the strongest value the SecurityFocus community has to offer is that of our mailing lists. These lists contribute a vast amount of information and dialogue to the community at large but they are generally held within a finite amount of lists, which changes li [ more ] [ reply ] [security bulletin] SSRT051003 rev.0 - HP-UX Java Web Start remote unauthorized privileged access 2005-08-30 security-alert hp com [SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution 2005-08-30 joey infodrom org (Martin Schulze) MS05-042 Security Update Problems 2005-08-30 Andrew McCullough (amccullough ingeus co uk) Hello All, Has anyone else experienced problems after applying the Kerberos Security Update? We're running 2k3 server (Enterprise) as a DC with standard application set. Following the application of this patch we started seeing Kerberos and KDC issues. Once the patch had been applied we started see [ more ] [ reply ] Fetchmail 6.2.5 exploit for Bugtraq ID: 14349 2005-08-30 bannedit frontiernet net The following exploit is brought to you by The Mantis Project which is a project geared towards learning the process of discovering and exploiting bugs in the wild. Exploits are based on published advisories which do not contain proof of concept code or unpublished findings. The project's purpose is [ more ] [ reply ] [UNTRUE] Gadu-Gadu supposedly fixed the invisible detection vulnerability? 2005-08-30 Maciej Soltysiak (maciej soltysiak com) Hello, === Introduction === Today some services announced that Gadu-Gadu company fixed the vulnerability in their servers that was used by software plugins like "Inwigilator" from the Power Project, et. al. to detect whether a user of the IM program is Unavailable or Invisible. === What is untrue [ more ] [ reply ] e107 0.6 forum_post.php create new topics in non-existing forums 2005-08-30 Marc Ruef (marc ruef computec ch) Hello, The e107 is an open-source, PHP and SQL based portal and content management system[1]. The user Tron[2] of my website[3] has detected an issue in forum_post.php. If you want to create a new topic you will get to forum_post.php?nt.13 where an integer the id of the forum represents. Because [ more ] [ reply ] [SECURITY] [DSA 790-1] New phpldapadmin packages fix unauthorised access 2005-08-30 joey infodrom org (Martin Schulze) [ GLSA 200508-20 ] phpGroupWare: Multiple vulnerabilities 2005-08-30 Thierry Carrez (koon gentoo org) [ GLSA 200508-19 ] lm_sensors: Insecure temporary file creation 2005-08-30 Thierry Carrez (koon gentoo org) [USN-173-3] Fixed apache2 packages for USN-173-2 2005-08-30 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-173-3 August 30, 2005 apache2 bug fix https://bugzilla.ubuntu.com/show_bug.cgi?id=14209 =========================================================== A security issue affects the following Ubuntu releases: Ubu [ more ] [ reply ] phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure, 2005-08-29 retrogod aliceposta it phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure, remote code execution, cross site scripting software: author site: http://phpldapadmin.sourceforge.net/ description: phpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administ [ more ] [ reply ] iDEFENSE Security Advisory 08.29.05: Symantec AntiVirus 9 Corporate Edition Local Privilege Escalation Vulnerability 2005-08-29 iDEFENSE Labs (labs-no-reply idefense com) Symantec AntiVirus 9 Corporate Edition Local Privilege Escalation Vulnerability iDEFENSE Security Advisory 08.29.05 www.idefense.com/application/poi/display?id=298&type=vulnerabilities August 29, 2005 I. BACKGROUND Symantec AntiVirus 9 Corporate Edition is an enterprise quality Anti-Virus solut [ more ] [ reply ] |
|
Privacy Statement |
Name: CMS Made Simple - PHP injection
Version <= 0.10
Homepage: http://www.cmsmadesimple.org/
Author: Filip Groszynski (VXSfx)
Date: 31 August 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Background:
[ more ] [ reply ]