|
|
Colapse all |
Post message
[ GLSA 200506-24 ] Heimdal: Buffer overflow vulnerabilities 2005-06-29 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: [Full-disclosure] Solaris 9/10 ld.so fun 2005-06-29 Przemyslaw Frasunek (venglin freebsd lublin pl) Vulnerability was confirmed by Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1 There are still no patches available, but workaround was proposed. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE * * JID: venglin (at) jabber.atman (dot) pl [email concealed] ** PGP ID: 2578FCAD [ more ] [ reply ] Original imTRBBS(ver1.02) and prior remote command execution 2005-06-29 blahplok yahoo com Original imTRBBS(ver1.02) and prior remote command execution Developed by: cgi-club http://http://www.cgi-club.com Script Name:imTRSET ver1.02 and prior An attacker may exploit this vulnerability to execute commands on the remote host by adding special parameters to im_trbbs.cgi script. Proof Of [ more ] [ reply ] [badroot security] Community link pro web editor: Remote command Execution 2005-06-29 mozako (mozako mybox it) Auditing Privilged Oracle Passwords - hashattack 2005-06-29 Joshua Wright (jwright hasborg com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've put together a tool that can be used to build a table of Oracle password hashes from a dictionary file for a designated username. Hashes are calculated by creating a user account similar to the target account to be audited and repeatedly changing t [ more ] [ reply ] WordPress 1.5.1.2 && Earlier Multiple Vulnerabilities 2005-06-29 GulfTech Security Research (security gulftech org) Re: Weboot Window Washer Version 6.02.410 Will erase files from your PC 2005-06-29 info secureit-tech com I upgraded to the latest build as indicated below and the issue occurred once more. Specifically upon a wash it nukes your Desktop folder contents for the currently logged in user. This happens unpredictably. > >This version will erase files from your PC. >FYI: If you are running version 6.02 [ more ] [ reply ] iDEFENSE Security Advisory 06.29.05: Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability 2005-06-29 iDEFENSE Labs (labs-no-reply idefense com) Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability iDEFENSE Security Advisory 06.29.05 www.idefense.com/application/poi/display?id=275&type=vulnerabilities June 29, 2005 I. BACKGROUND Clam AntiVirus is a GPL anti-virus toolkit for Unix. II. DESCRIPTION Remote exploitation of an input [ more ] [ reply ] iDEFENSE Security Advisory 06.29.05: Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability 2005-06-29 iDEFENSE Labs (labs-no-reply idefense com) Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability iDEFENSE Security Advisory 06.29.05 www.idefense.com/application/poi/display?id=276&type=vulnerabilities June 29, 2005 I. BACKGROUND Clam AntiVirus is a GPL anti-virus toolkit for Unix. II. DESCRIPTION Remote exploitation of an in [ more ] [ reply ] XOOPS 2.0.11 && Earlier Multiple Vulnerabilities 2005-06-29 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research June 28th, 2005 ########################################################## # Vendor : XOOPS # URL : http://www.xoops.org/ # Version : XOOPS 2.0.11 And Earlier # Risk : Multiple Vulnerabilities ## [ more ] [ reply ] Cisco Security Advisory: RADIUS Authentication Bypass 2005-06-29 Cisco Systems Product Security Incident Response Team (psirt cisco com) Security Advisory - phpBB 2.0.15 PHP-code injection bug 2005-06-28 ronvdaal (ronvdaal zarathustra linux666 com) Security Advisory -//- phpBB 2.0.15 PHP-code injection bug Program: phpBB 2.0.15 and older versions Homepage: http://www.phpbb.com Risk: Very High Date: June 28 2005 Title: PHP-code injection bug Type: partial disclosure Author: Ron van Daal :. Vendor notified: June 23 2005 Background: phpBB is [ more ] [ reply ] RE: [Fwd: phpBB 2.0.16 released] 2005-06-28 ronvdaal (ronvdaal zarathustra linux666 com) >> The changelog (contained within this release) is as follows: >> - Fixed critical issue with highlighting - Discovered and fix provided by >> Ron van Daal > > Does anyone know what the scope of this vulnerability actually is? "Critical > issue" isn't really enough to go on here. Are we talking arb [ more ] [ reply ] MDKSA-2005:107 - Updated ImageMagick packages fix vulnerabilities 2005-06-28 Mandriva Security Team (security mandriva com) MDKSA-2005:106 - Updated spamassassin packages fix DoS vulnerabilities 2005-06-28 Mandriva Security Team (security mandriva com) SQL Injection Exploit for ASPNuke <= 0.80 2005-06-27 Alberto Trivero (trivero jumpy it) #!/usr/bin/perl -w # # SQL Injection Exploit for ASPNuke <= 0.80 # This exploit retrieve the username of the administrator of the board and his password crypted in SHA256 # Related advisory: http://www.securityfocus.com/archive/1/403479/30/0/threaded # Discovered and Coded by Alberto Trivero use LW [ more ] [ reply ] Re: Weboot Window Washer Version 6.02.410 Will erase files from your PC 2005-06-28 simon TCPTowers co uk Re: [Full-disclosure] Solaris 9/10 ld.so fun 2005-06-28 Piotr KUCHARSKI (chopin sgh waw pl) (1 replies) On Tue, Jun 28, 2005 at 06:17:02PM +0200, Przemyslaw Frasunek wrote: > This vulnerability was introduced by one of the recent patches for Solaris 9, > possibly 112963. Ld.so patched with 112963-08 is not vulnerable -- it does > not allow LD_AUDIT for set[ug]id binaries, but upgrading to 112963-16 > [ more ] [ reply ] RE: [Full-disclosure] Solaris 9/10 ld.so fun 2005-06-29 Charles Heselton (charles heselton gmail com) Access right escalation / severe permission problems on Raritan Console Servers 2005-06-28 spam drwetter org Hi, during my research on console servers I've encountered a severe problem on one appliance. Summary: Access right escalation / severe permission problems on Raritan Console Servers Confirmed on DSX32, Software version: 2.4.6 www.raritan.com, more see below Details: DSX Raritan Console Servers [ more ] [ reply ] Weboot Window Washer Version 6.02.410 Will erase files from your PC 2005-06-28 tmolamusa optonline net Hello All This version will erase files from your PC. FYI: If you are running version 6.02.410 of Webroot's Window Washer, it will erase files and icons from your PC. Webroot's support team will not do anything to help you recover these files. Update to their latest build (411) immediately and hop [ more ] [ reply ] XSS IN Community forum 2005-06-27 abducter_minds yahoo com there is aproplem in Community forum community forum make by asp i found a xss in search when we typed http://www.victim.com/forum/search/SearchResults.aspx?q=><script>alert(' CSS%20Vulnerable')</script><b%20a=a%20&f=&u= EXAMPLE http://forums.asp.net/search/SearchResults.aspx?q=><script>alert('CS [ more ] [ reply ] Multiple buffer overflows exist in Infradig Systems Inframail Advantage Server Edition 6.0 2005-06-28 Reed Arvin (reedarvin gmail com) Summary: Multiple buffer overflows exist in Infradig Systems Inframail Advantage Server Edition 6.0 (http://www.infradig.com/) Details: Input to the SMTP MAIL FROM: command and the FTP NLST command is not properly checked and/or filtered. Issuing the character 'A' roughly 40960 times as an argument [ more ] [ reply ] Whitepaper release: Risks of Passive Network Discovery Systems 2005-06-27 bugtraq sys-security com I am pleased to announce the release of a new white paper titled: "Risks of Passive Network Discovery Systems" From the abstract: This paper sheds light on the weaknesses of passive network discovery and monitoring systems. It starts by defining passive network discovery, and goes over the a [ more ] [ reply ] |
|
Privacy Statement |
site, including posting to their "Technology Network", and have yet to
find a best practices document for securing Oracle databases. Am I
missing something? ... Or should something this obvious be available on
Oracle's site? Can a
[ more ] [ reply ]