|
|
Colapse all |
Post message
[CLA-2005:950] Conectiva Security Announcement - evolution 2005-04-27 Conectiva Updates (secure conectiva com br) SQL-injections in koobi-cms 2005-04-27 CENSORED (censored mail ru) SQL-injections in koobi-cms 4.2.3 _____________________________________________________________ The program: koobi-cms Homepage: http://www.dream4.de/ Vulnerable Versions: 4.2.3 Has found: CENSORED [SVT] 28.04.05 _____________________________________________________________ The descripti [ more ] [ reply ] [SECURITY] [DSA 717-1] New lsh packages fix several vulnerabilities 2005-04-27 joey infodrom org (Martin Schulze) [SECURITY] [DSA 716-1] New gaim packages fix denial of service 2005-04-27 joey infodrom org (Martin Schulze) [SECURITY] [DSA 715-1] New cvs packages fix unauthorised repository access 2005-04-27 joey infodrom org (Martin Schulze) myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof' 2005-04-26 Terencentanio Enache (terencentanio enache btopenworld com) ~ PHOX: myPHP v3 (Final) 'Sender/Poster Exploit' ~ ### # Content ### - Credits - 'sploit - Solution ### # Credits ### Exploit discovered by Phox/Terencentanio/Phoxpherus of Root32. Email: terencentanio.enache (at) btopenworld (dot) com [email concealed] / terencentanio (at) root32 (dot) com [email concealed] ### # 'sploit ### There are two expl [ more ] [ reply ] Black Hat USA 2005 Reminder CFP closing soon! 2005-04-27 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Black Hat USA 2005 Call for Papers closes May 1st! Do not hesitate to submit your presentation, as time is running out. This is your chance to present in front of the largest Black Hat to date, and share your knowledge with you peers. For more detai [ more ] [ reply ] Re: SQL-injections in Invision Power Board v2.0.1 2005-04-27 Steven M. Christey (coley mitre org) This issue appears to be a rediscovery of a Bugtraq post by Alexander Anisimov on November 18, 2004: [MaxPatrol] SQL-injection in Invision Power Board 2.x http://www.securityfocus.com/archive/1/381503 1) Both inject the SQL into the "qpid" parameter 2) Both deal with the "post" action ("act= [ more ] [ reply ] SUSE Security Announcement: Mozilla Firefox, Mozilla various security problems (SUSE-SA:2005:028) 2005-04-27 Marcus Meissner (meissner suse de) [ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities 2005-04-26 Thierry Carrez (koon gentoo org) New Whitepaper: Stopping Automated Attack Tools 2005-04-26 Gunter Ollmann (NGS) (gunter ngssoftware com) Hi List, There were a number of queries about my previous paper "Anti Brute Force Reource Metering". It appears that way too many people havn't yet gotten to grips with some of the more standard/basic methods of preventing automated tools from attacking a web-based application. So, to help the co [ more ] [ reply ] ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit 2005-04-26 shadown (shadown gmail com) See attached files. Cheers, shadown -- Sergio Alvarez Security, Research & Development IT Security Consultant email: shadown (at) gmail (dot) com [email concealed] This message is confidential. It may also contain information that is privileged or otherwise legally exempt from disclosure. If you have received it by mistake [ more ] [ reply ] [ GLSA 200504-26 ] Convert-UUlib: Buffer overflow 2005-04-26 Sune Kloppenborg Jeppesen (jaervosz gentoo org) iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability 2005-04-25 iDEFENSE Labs (labs-no-reply idefense com) MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability iDEFENSE Security Advisory 04.25.05 www.idefense.com/application/poi/display?id=235&type=vulnerabilities April 25, 2005 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. [ more ] [ reply ] iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability 2005-04-25 iDEFENSE Labs (labs-no-reply idefense com) MySQL MaxDB Webtool Remote Stack Overflow Vulnerability iDEFENSE Security Advisory 04.25.05 http://www.idefense.com/application/poi/display?id=234&type=vulnerabilit ies April 25, 2005 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB [ more ] [ reply ] [ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation 2005-04-26 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Discovering and Stopping Phishing/Scam Attacks 2005-04-26 steven lovebug org As we have all noticed, there has increase in the number of phishing/scam attempts via e-mail that appear to be legitimate. Most of these e-mails look identical to e-mails that would be sent by the e-commerce or banking institute. They also frequently link to fraudulent/hacked webservers that also [ more ] [ reply ] [Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability 2005-04-25 Zinho (zinho hackerscenter com) SQL-injections in Invision Power Board v2.0.1 2005-04-25 CENSORED (censored mail ru) ******************************************************** SQL-injections in Invision Power Board v2.0.1 ******************************************************** -------------------------- Program: IPB 2.0.1 Homepage: http://www.invisionboard.com Vulnerable Versions: IPB 2.0.1 Has found: CEN [ more ] [ reply ] IE - cross site click detection? 2005-04-26 ViPeR (viper31337 yahoo co in) hi, i stumbled upon a weird behaviour in IE, it -indirectly- allows you to detect a mouse-click inside another site - by placing an iframe between the anchor-tags.. [snip] <a href="javascript:alert('ALERT : You clicked inside iframe!')"> <iframe src="http://gmail.google.com/gmail/help/privacy.ht [ more ] [ reply ] [PLSN-0005] new cvs package available 2005-04-26 Peachtree Linux Security Team (security peachtree burdell org) ------------------------------------------------------------------------ --- Peachtree Linux Security Notice PLSN-0005 April 22, 2005 Buffer overflow, memory leaks, and NULL pointer dereference in CVS CAN-2005-0753, http://www.cvshome.org/ ------------------------------------------------------------ [ more ] [ reply ] [PLSN-0006] new libexif package available 2005-04-26 Peachtree Linux Security Team (security peachtree burdell org) ------------------------------------------------------------------------ --- Peachtree Linux Security Notice PLSN-0006 April 22, 2005 Remote DoS vulnerability in libexif CAN-2005-0664 ------------------------------------------------------------------------ --- The following Peachtree Linux releases [ more ] [ reply ] [PLSN-0007] new libcdaudio package available 2005-04-26 Peachtree Linux Security Team (security peachtree burdell org) ------------------------------------------------------------------------ --- Peachtree Linux Security Notice PLSN-0007 April 22, 2005 Remote DoS and possible code execution in libcdaudio CAN-2005-0706 ------------------------------------------------------------------------ --- The following Peachtre [ more ] [ reply ] tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits. 2005-04-26 Vade 79 (v9 fakehalo us) (everything is now patched in CVS-current, including the ISIS bug) infinite loop DOS bugs in tcpdump: (ISIS) isis_print() infinite loop DOS. (BGP) RT_ROUTING_INFO infinite loop DOS. (LDP) ldp_print() infinite loop DOS. the ISIS bug is in 3.8.x/3.9.1/CVS. (did not check below 3.8.x) the BGP an [ more ] [ reply ] tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS. 2005-04-26 Vade 79 (v9 fakehalo us) (i made a second message for this because it also effects ethereal, both tcpdump and ethereal are patched in the current cvs/svn versions) (tcpdump) workaround: # tcpdump ip proto not rsvp original DOS exploit reference: http://fakehalo.us/xtcpdump+ethr-rsvp-dos.c ---------------- exploit: x [ more ] [ reply ] GrayCMS php code injection 2005-04-26 Kold (maggik gala net) Version: 1.1 Severity: High Vendor: http://gcms.graymur.net/ Vulnerable code is in "code/error.php": <----begin----> ... if (!isset($page)) $page = ''; if (!isset($path_prefix)) $path_prefix = '../'; if (empty($main)) { require $path_prefix.'code/main.dat'; } if (isset($e404) or isset($_GET [ more ] [ reply ] [exploits] phpMyVisites 1.3 local file retrieval 2005-04-26 Max Cerny (max czerny cz) ================================================================== File: phpMyVisites 1.3 local file retrieval From: remote Date: 26/04/2005 Credits: Max Cerny (max[at]czerny[dot]cz) Vendor: http://www.phpmyvisites.net Affected version: 1.3, > not tested =========================================== [ more ] [ reply ] E-Cart E-Commerce Software EXPLOIT 2005-04-26 Emanuele \z\\\ Gentili (emanuele orvietolug org) Hi, this is a simple PERL exploit for E-CART bug #!/usr/bin/perl # # info: zeta (at) mojodo (dot) it [email concealed] # # # # # #z@badroot:~$ perl 7330ecart.pl # # # ~~ www.badroot.org ~~ # # E-Cart E-Commerce Software index.cgi # Remote Command Execution Vulnerability # Affected version: <= E-Cart 2004 v1.1 # http://www.se [ more ] [ reply ] Multiple SQL Injections in MetaBid Auctions 2005-04-26 dcrab (dcrab hackerscenter com) Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : evolution
SUMMARY : Fix for Evolution vulnera
[ more ] [ reply ]