-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 731-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
June 2nd, 2005

[ more ]  [ reply ]

ZH2005-13SA (security advisory): NEXTWEB (i)Site? multiple vulnerabilities
Published: 1 June 2005 - GOOD MONTH EVERYBODY ;-)

Released: 1 June 2005

Name: (i)Site?

Affected Versions: ALL

Issue: SQL injections, exception handling, unsafe directories

Author: Trash-80 - dpangalos (at) zone-h (dot) org [email concealed]

Vend

[ more ]  [ reply ]

Many browser crashes can be directly triggered by an attacker from a
malicious web page, which makes a reasonable argument for calling such
problems a "vulnerability" or some other term that implies some impact
on confidentiality, integrity, or availability.

However, as described, this particular

[ more ]  [ reply ]

Some application authors assume that the XGrabKeyboard function can be
used to obtain exclusive access to the keyboard, to prevent other X11
clients on the same display from eavesdropping key presses (such as
passwords). It's been known for some time that this is not the case
(for example, Casper H

[ more ]  [ reply ]

The xterm manual page contains a strongly worded warning about the
allowSendEvents configuration option:

| allowSendEvents (class AllowSendEvents)
| Specifies whether or not synthetic key and button events
| (generated using the X protocol SendEvent request) should be
| interpreted or disc

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Dear ZARAZA,

the problem pointed out by Francesco Orro is completely different by the
one i had.
Yes, the file is the same, but if you continue reading, you can see what
i just said:
the two bugs are completely different.
The one i've described can be used even if is not the first access to
the

[ more ]  [ reply ]

**********************************************************************
* CODEBUG Labs
* Advisory #7
* Title: Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4
* Author: Alberto Trivero
* English Version: Alberto Trivero
* Product: MyBulletinBoard 1.00 RC4
* Type: Multiple Vulnerabilities
*

[ more ]  [ reply ]

/***********************************************
* Advisorie : 01-0005-15
* title: multiple vulnerability
* Software: Calendarix Advanced
* Date: 28. April 2005
* Web: http://www.calendarix.com/
************************************************/

- Affected software description:

Webcalendar is a w

[ more ]  [ reply ]

Available for download is POC exploit for MS05-012,
this exploit was demostrated at Bellua Asia, Black Hat
Amsterdam and CanSecWest as part of Hacking Windows
Internals presentation.

http://www.argeniss.com/research/SSExploit.c

More exploitsat :
http://www.argeniss.com/products.html

Enjoy.

Ces

[ more ]  [ reply ]

The Symposium on Security for Asia Network (SyScAN'05) will be held on
1st and 2nd of September 2005 in Bangkok, Thailand.

SyScAN'05 boasts a list of expert speakers in their various fields,
coming from US, Europe and Asia and the topics would be scintillating
and mesmerising.

SyScAN'05 will be

[ more ]  [ reply ]

===========================================================

============================================================
Title: PowerDownload Remote File Inclusion.
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 31/05/2005
Severity: High. Remote Users Can Exe

[ more ]  [ reply ]

Today, 31 May 2005, I found error with root privilige escalation in
Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
my machine, sudo appear not check is true when I press CTRL + C with
blank password and giving status SID as root privilige to SID user. I
got successful as root

[ more ]  [ reply ]

Apparently, a Trojan horse was developed for three major private
investigators companies in Israel, and later used for industrial
espionage with some of the biggest corporations in Israel.

Aside to the technical side of this attack and the extreme wide-scale of
it, another interesting aspect is the

[ more ]  [ reply ]

Nortel VPN Router Malformed Packet DoS Vulnerability

Summary:

NTA Monitor have discovered a denial of service (DoS) vulnerability in the
Nortel VPN Router products (which were previously known as Nortel
Contivity) while performing a VPN security test for a customer.

We believe that this is a se

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2005-0025

Package name: binutils
Summary: integer overflow
Date: 2005-05-31
Affected versions: Trustix Secu

[ more ]  [ reply ]

Yesterday at least two of my spam-traps received the following message
(I've elided the MIME boundary values just in case...):

Subject: We make a business offer to you
MIME-Version: 1.0
Content-type: multipart/mixed;
boundary="[...]"

[...]
Content-Type: text/plain;

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Bugfix Advisory #2005-0026

Package name: anaconda bittorrent iptables lilo mod_perl openldap
php php4 pptpd samba squid
Summary:

[ more ]  [ reply ]

It works with IE 5.5 too (JSCRIPT.DLL version 5.5.0.5207)

Andres
----- Original Message -----
From: "Benjamin Tobias Franz" <0-1-2-3 (at) gmx (dot) de [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Saturday, May 28, 2005 11:24 AM
Subject: Microsoft Internet Explorer - Crash on JavaScript
"window()"-calling (05/28/

[ more ]  [ reply ]

not true with IEX 5.50.4807.2300CO

---
j_h

> -----Original Message-----
> From: Benjamin Tobias Franz [mailto:0-1-2-3 (at) gmx (dot) de [email concealed]]
> Sent: Saturday, May 28, 2005 4:24 PM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Microsoft Internet Explorer - Crash on adding sites to
> restricted zone (05/28/2005)
>

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gdb
Advisory ID:

[ more ]  [ reply ]

SVadvisory#7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Title: Multiple vulnerabilities in x-cart Gold
The program: x-cart Gold
The vulnerable version: 4.0.8
Homepage: www.x-cart.com
Vulnerability is found: 29.05.05

[ more ]  [ reply ]

Description: MyBB is a powerful, efficient and free forum package
developed in PHP and MySQL. MyBB has been designed with the end users
in mind, you and your subscribers. Full control over your discussion
system is presented right at the tip of your fingers, from multiple
styles and themes to the ul

[ more ]  [ reply ]

CYBSEC S.A.
www.cybsec.com

Advisory Name: PHPMailer Infinite Loop Denial of Service
==============

Vulnerability Class: Denial of Service
====================

Release Date: 05.27.2005
=============

Affected Applications:
======================
* PHPMailer <= 1.72

Affected Platforms:
===========

[ more ]  [ reply ]