|
|
Colapse all |
Post message
Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product 2005-08-19 Zow Terry Brugger (zow llnl gov) > Especially considering that the IP address is within a Wells Fargo > Bank class B netblock. It just gets curiouser and curiouser. No, that actually explains a lot -- you know how you swipe your credit card at the kiosk so that it can retrieve your flight information? Well, it needs to map y [ more ] [ reply ] Fwd: Tor security advisory: DH handshake flaw 2005-08-19 Chris Palmer (chris eff org) ----- Forwarded message from Roger Dingledine <arma (at) mit (dot) edu [email concealed]> ----- From: Roger Dingledine <arma (at) mit (dot) edu [email concealed]> To: or-announce (at) freehaven (dot) net [email concealed] Date: Thu, 11 Aug 2005 21:31:32 -0400 Subject: Tor security advisory: DH handshake flaw Versions affected: stable versions up through 0.1.0.13 and experimental ve [ more ] [ reply ] w-agora 4.2.0 and prior Remote Directory Travel Vulnerability 2005-08-18 h4cky0u gmail com w-agora 4.2.0 and prior Remote Directory Travel Vulnerability SEVERITY: ========= High SOFTWARE: ========= w-agora 4.2.0 http://w-agora.net INFO: ===== w-agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussi [ more ] [ reply ] UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed. 2005-08-18 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed. Advisory number: SCOSA-2005.32 Issue date: [ more ] [ reply ] MDKSA-2005:144 - Updated wxPythonGTK packages several vulnerabilities 2005-08-18 Mandriva Security Team (security mandriva com) DevC++ V.4.9.9.2 NULL BYTE INSERTION / OBFUSCATION FLAW (by rgod) 2005-08-18 retrogod aliceposta it DevC++ V.4.9.9.2 NULL BYTE INSERTION / OBFUSCATION FLAW UPDATE TO HTTP://RGOD.ALTERVISTA.ORG/SYN.HTML explaining Synedit component obfuscation flaw exploit: a user can craft a malicious file using null byte (%00) to obfuscate code and hide malicious instrunctions to the victim user poc: this is [ more ] [ reply ] PHPFreeNews V1.40 and prior Multiple Vulnerabilities 2005-08-17 h4cky0u gmail com PHPFreeNews V1.40 and prior Multiple Vulnerabilities SEVERITY: ========= High SOFTWARE: ========= PHPFreeNews http://www.phpfreenews.co.uk/ INFO: ===== PHPFreeNews is a free PHP Script which allows you to display news headlines and articles on your website. DESCRIPTION: ============ PHPFreeNews [ more ] [ reply ] runcms highlight.php hole 2005-08-18 Security Lists (secure kkeonline com) This is a stupid BUG report. They found the bug without checking the script or they know but dont said about it to promote their group. The truth is the script is allow only user that have the right to access the "systems" module to use it, this mean only admin and some moderators/users that have [ more ] [ reply ] MDKSA-2005:141 - Updated evolution packages fixes format string vulnerabilities 2005-08-18 Mandriva Security Team (security mandriva com) MDKSA-2005:142 - Updated libtiff packages fixes vulnerability 2005-08-18 Mandriva Security Team (security mandriva com) MDKSA-2005:143 - Updated kdegraphics packages fix kfax vulnerability 2005-08-18 Mandriva Security Team (security mandriva com) BBCaffe 2.0 cross site scripting poc 2005-08-18 retrogod liceposta it BBCaffe 2.0 cross site scripting poc description: BBcaffe 2.0 is a fast, simple, easy and efficient bulletin board or message board program built in PHP/mySQL. Features include: posting, replying, deleting, editing, searching messages, sending notification email(s) , full templating. author sit [ more ] [ reply ] Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product 2005-08-18 Jason Coombs (jasonc science org) (1 replies) The following script error message was noted being displayed this morning on an airline check-in kiosk manufactured by Kinetics USA. Vendor: Kinetics USA www.kineticsUSA.com Line: 107 Char: 2 Error: object expected Code: 0 URL: http://151.151.10.46:64080/attract ?time=1124376480&TransactionID=HNL [ more ] [ reply ] Re: Sensitive Information Disclosure Vulnerability in Kinetics KioskProduct 2005-08-18 Jay D. Dyson (jdyson treachery net) Password Disclosure in Whisper32 2005-08-18 Alexey Agapov (agapov25 rambler ru) Vendor: Shaun Ivory http://www.ivory.org Download Location: http://www.ivory.org/whisper.html Versions affected: Whisper32 1.16 (and may be prior) Date: 13th August 2005 Type of Vulnerability: Information Disclosure in Memory of Process Severity: Medium Solution Status: Unpatched Discovered by: Aga [ more ] [ reply ] Zorum 3.5 remote code execution poc exploit 2005-08-18 retrogod aliceposta it Zorum 3.5 remote code execution poc exploit software: description: Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. author site: http://zorum.phpoutsourcing.com/ 1) [ more ] [ reply ] mutt buffer overflow 2005-08-18 Peter Valchev (pvalchev sightly net) (1 replies) Summary/Impact: There is a buffer overflow in mutt found thanks to ProPolice, which may allow an attacker to execute code by sending a maliciously crafted email. All latest versions appear affected. Mutt is an e-mail client that sucks less according to the headline on http://www.mutt.org/ Details: [ more ] [ reply ] Re: [Full-disclosure] mutt buffer overflow 2005-08-18 Frank Denis (Jedi/Sector One) (j pureftpd org) Juniper Netscreen VPN Username Enumeration Vulnerability 2005-08-18 Roy Hills (Roy Hills nta-monitor com) Juniper Netscreen VPN Username Enumeration Vulnerability 1. Overview NTA Monitor has discovered a VPN username enumeration vulnerability in the Juniper Netscreen integrated Firewall/VPN products while performing a VPN security test for a customer. The vulnerability affects remote access VPNs (k [ more ] [ reply ] Internet Explorer 6 Meta Refresh Parsing Weakness 2005-08-17 Moritz Naumann (info moritz-naumann com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0001 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Internet Explorer 6 Meta Refresh Parsing Weakness +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Aug 17, 2005 PUBLISHED AT http://mor [ more ] [ reply ] MSN Messenger Password Decrypter for WinXP/2003 2005-08-17 ViPeR (viper31337 yahoo co in) MSN Messenger uses Windows Credential UI [credui.dll] on WinXP/2003. Password-Storage mechanism differs in these OSes so, the code posted by tombkeeper [http://xfocus.net/articles/200408/726.html] doesn't seem to work anymore on my OS atleast. Also, a 'entropy' value has been thrown, which is based [ more ] [ reply ] [ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability 2005-08-17 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities 2005-08-17 Matteo Beccati (matteo beccati com) Unicode Buffer Overflow in WinFtp Server 1.6.8 2005-08-17 Donato Ferrante (fdonato autistici org) (1 replies) |
|
Privacy Statement |
===
Application: WinAce
http://www.winace.com/
Versions: 2.6.0.5
Platforms: Windows
Bug: buffer-overflow
Exploitation: local
Date: Jul 22 2004
Author: ATmaCA
e-mail: atmaca (at) icqmail (dot) com [email concealed]
web: http://www.atmacasoft.com
[ more ] [ reply ]