|
|
Colapse all |
Post message
[USN-149-3] Ubuntu 4.10 update for Firefox vulnerabilities 2005-07-28 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-149-3 July 28, 2005 mozilla-firefox vulnerabilities CAN-2004-1156, CAN-2004-1381, CAN-2005-0141, CAN-2005-0142, CAN-2005-0143, CAN-2005-0144, CAN-2005-0145, CAN-2005-0146, CAN-2005-0147, CAN-2005-0150, CAN-2 [ more ] [ reply ] RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices 2005-07-23 Bojan Zdrnja (Bojan Zdrnja LSS hr) > -----Original Message----- > From: full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed] > [mailto:full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]] On Behalf > Of Morning Wood > Sent: Wednesday, 20 July 2005 5:02 a.m. > To: Petko Petkov; bugtraq (at) securityfocus (dot) com [email concealed] > Cc: full-disclosure (at) lists.grok.org (dot) uk [email concealed] > Subje [ more ] [ reply ] uguestbook exploit 2005-07-28 l--s hotmail com hello , By ...... MeSa7eB Data ...... 28/7/2005 pro ...... http://www.uapplication.com/ My web site : http://3asfh.net/vb My Email : l--s (at) hotmail (dot) com [email concealed] =============================================== exploit : http://xxx.com/guestbook/mdb-database/guestbook.mdb ======================== [ more ] [ reply ] Re: RE: Peter Gutmann data deletion theaory? 2005-07-28 Simple Nomad (thegnome nmrc org) On Sat, 23 Jul 2005, Ron van Daal wrote: >> We were not allowed to do a seven pass government wipe to dispose of the >> drives as our security people deemed it inadequate, we turned them over to >> our classified waste people who stored them until there were enough to >> justify having the platt [ more ] [ reply ] Cross Site Scripting vulnerabilities in GForge 2005-07-27 Joxean Koret (joxeankoret yahoo es) ------------------------------------------------------------------------ --- Various Vulnerabilities in GForge ------------------------------------------------------------------------ --- Author: Jose Antonio Coret (Joxean Koret) Date: 2005 Location: Basque Country ----------------------- [ more ] [ reply ] Re: several vulnerabilities present in Belkin wireless routers 2005-07-24 E. Kellinis (me cipher org uk) hmm.. and another interesting thingy .. which I am not sure if is the same as what the the original author of the advisory meant >The second interesting thing that an attacker could do is to browse >the filesystem and dump the config file on the screen. The default >name of the config file of [ more ] [ reply ] HAURI live update. Arbitrary remote file download and execute vulnerability 2005-07-27 saintlinu null2root org Dear Mailling lists -----------[Cut Cut]-------------------------------- Title: HAURI live update. Arbitrary remote file download and execute vulnerability Discoverer: Original discoverer Neo Original exploit improver PARK, GYU TAE (saintlinu (at) null2root (dot) org [email concealed]) [ more ] [ reply ] [OpenPKG-SA-2005.016] OpenPKG Security Advisory (fetchmail) 2005-07-28 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] GNU Mailutils imap4d v0.6 remote format string exploit 2005-07-28 coki nosystem com ar /* mu-imap4d_fsexp.c * * GNU Mailutils imap4d v0.6 remote format string exploit * by CoKi <coki (at) nosystem.com (dot) ar [email concealed]> * * Original Reference: * http://www.idefense.com/application/poi/display?id=246&type=vulnerabilit ies * * coki@nosystem:/home/coki/audit$ ./mu-imap4d_fsexp * * GNU Mailutils im [ more ] [ reply ] SUSE Security Announcement: zlib denial of service (SUSE-SA:2005:043) 2005-07-28 Ludwig Nussel (ludwig nussel suse de) HP OpenView Radia Management Agent remote command execution via directory traversal 2005-07-28 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: HP OpenView Radia Management Agent remote command execution via directory traversal Systems Affected: HP OpenView Radia Management Portal versions 2.x and 1.x running Radia Management Agent Severity: High Vendor URL: http://www.hp.com/ Authors: D [ more ] [ reply ] [OpenPKG-SA-2005.014] OpenPKG Security Advisory (zlib) 2005-07-28 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : RPCBind updated to prevent remote Denial of Service attack 2005-07-28 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : RPCBind updated to prevent remote Denial of Service attack Advisory number: SCOSA-2005 [ more ] [ reply ] [ GLSA 200507-27 ] Ethereal: Multiple vulnerabilities 2005-07-28 Sune Kloppenborg Jeppesen (jaervosz gentoo org) MDKSA-2005:125 - Updated clamav packages fix more vulnerabilities 2005-07-28 Mandriva Security Team (security mandriva com) Re: [BugTraq] Peter Gutmann data deletion theaory? 2005-07-24 Volker Kuhlmann (list0570 paradise net nz) > Unlike DRAM and SRAM, Flash etc. has no continual or repetitive > amplification function. Traces of previous charges may remain, but I > doubt they would be recoverable, except perhaps by the most drastic > forensic techniques I would expect flash memory content to be easily recoverable when ope [ more ] [ reply ] Getting round website authentication with Firefox 2005-07-24 account throw gmail com (2 replies) Using firefox's "save target as" feature, you can get round web authentication. Make a password protected directory (with a video file inside) (using .htaccess and htpasswd), check that it actully requires a login when you click the link to the video normally, then create a hyperlink to the file, r [ more ] [ reply ] Re: Getting round website authentication with Firefox 2005-07-27 Christopher Kunz (christopher kunz hardened-php net) [SECURITY] [DSA 766-1] New webcalendar package fixes information disclosure 2005-07-27 joey infodrom org (Martin Schulze) Spyware database lists 2005-07-25 Paul Laudanski (zx castlecops com) As an FYI to everyone who uses the lists BHO/Toolbar/CLSID List, StartupList, LSPs at CastleCops, we have added on some more: http://castlecops.com/ActiveX.html - ActiveX / O16 http://castlecops.com/O18.html - O18 http://castlecops.com/O20.html - O20 http://castlecops.com/O21.html - O21 http://cas [ more ] [ reply ] Re: On classifying attacks 2005-07-24 Crispin Cowan (crispin novell com) Technica Forensis wrote: > This really depends on the situation. Say I write an exploit that > when run as a user spawns a listening ssh service with root priv. I > get on the system however I do, download this file and exec it. I > think everyone would agree that is a local exploit. > I send tha [ more ] [ reply ] [USN-155-1] Mozilla vulnerabilities 2005-07-26 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-155-1 July 26, 2005 mozilla vulnerabilities CAN-2005-1531, CAN-2005-1532, CAN-2005-1937, CAN-2005-2260, CAN-2005-2261, CAN-2005-2263, CAN-2005-2265, CAN-2005-2266, CAN-2005-2268, CAN-2005-2269, CAN-2005-2270 [ more ] [ reply ] |
|
Privacy Statement |
PhpList Sql Injection and Path Disclosure
-----------------------------------------
Vulnerabilities
---------------
1) There is an sql injection in the id parameter of public_html/lists/admin/?page=admin&id=INJECT HERE
2) Because of the heavy use of class
[ more ] [ reply ]