|
|
Colapse all |
Post message
Re: Vulnerability in Coppermine Photo Gallery 1.3.* 2005-04-21 nibbler999 users sf net In-Reply-To: <20050418122434.10438.qmail (at) www.securityfocus (dot) com [email concealed]> This issue has been addressed in Coppermine 1.3.3. The release announcement can be found here - http://coppermine.sourceforge.net/board/index.php?topic=17134.0 Thankyou for bringing this to our attention. Nibbler Coppermine Dev Team. [ more ] [ reply ] gzip directory traversal vulnerability 2005-04-20 Imran Ghory (imranghory gmail com) ================================ gzip directory traversal vulnerability ================================ Software: gzip Version: 1.2.4, 1.3.3 Software URL: <http://www.gzip.org> Platform: Unix, Linux. Vulnerability type: Input validation Severity: Medium, local vuln, requires user using gunzip -N [ more ] [ reply ] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords 2005-04-20 Stephen Frost (sfrost snowman net) (1 replies) Greetings, There appears to be some deficiencies in both the documentation of the 'md5' authentication methology (in pg_hba.conf) and in the md5 hash generation which is stored in pg_shadow. The md5 hash which is generated for and stored in pg_shadow does not use a random salt but instea [ more ] [ reply ] Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords 2005-04-20 David F. Skoll (dfs roaringpenguin com) (1 replies) Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords 2005-04-20 Stephen Frost (sfrost snowman net) Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval [x0n3-h4ck] 2005-04-19 CorryL (corryl sitoverde com) Ecommerce-Carts SQL injection vulnerability ( IHSTeam ) 2005-04-19 c0d3r ihsteam com ******************************************** IHS Iran Hackers Sabotage Public advisory by : c0d3r "Kaveh Razavi" c0d3r (at) ihsteam (dot) com [email concealed] ******************************************** ---------------------------------------------------------- advisory url : http://www.ihssecurity.com/cms/modules/mydownlo [ more ] [ reply ] Secure Science Corporation Application Software Advisory 055 2005-04-20 SSC Advisory Notice (bugtraq securescience net) Annuaire Netref v4.2 [ fwrite php ] vulnerability 2005-04-19 jaguar (webmaster wulab com) Software: annuaire netref version : 4.2 url : http://www.netref.net Risk factor : critical Vendor has been contacted Description: ----------- Netref is a PHP/MySQL-based directory script that supports an unlimited number of categories and links. Many fonctions to manage the links : Fast search e [ more ] [ reply ] Re: Capital One's website inadvertently assists phishing 2005-04-19 Joseph Barillari (bugtraq barillari org) On Tue, Apr 19, 2005 at 05:30:28PM -0500, dramatools wrote: > However, I clicked your "proof of concept" link and found that the > redirector did not send me to Wikipedia as expected, but Capital One's > home page. Perhaps one of their security people is lurking on bugtraq > and attempted to fix th [ more ] [ reply ] Multiple Security Issues Found In AZBB 2005-04-20 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research April 19th, 2005 ########################################################## # Vendor : AZBB # URL : http://azbb.cyaccess.com/ # Version : AZBB 1.0.07d && Earlier # Risk : Multiple Vulnerabilities #### [ more ] [ reply ] RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability 2005-04-20 Boyce, Nick (nick boyce eds com) ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412) 2005-04-20 houseofdabus HOD (houseofdabus inbox ru) [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2 2005-04-20 Janek Vind (come2waraxe yahoo com) Neslo Desktop Rover Remote DoS Vulnerability 2005-04-20 Adam Baldwin (evilpacket gmail com) * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Title: Neslo Desktop Rover Remote DoS Vulnerability Vendor Homepage: http://www.nelsosoftware.com Discovered by: Adam Baldwin (evilpacket (at) ngenuity-is (dot) com [email concealed]) www.evilpacket.net\advisories\EP-000-0003.html April 19, 2005 [ more ] [ reply ] RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow 2005-04-20 Piotr Bania (bania piotr gmail com) RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]> http://pb.specialised.info Original location: http://pb.specialised.info/all/adv/real-ram-adv.txt Severity: Critical - Remote code execution. Software affected: (WI [ more ] [ reply ] [ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities 2005-04-20 Matthias Geerdsen (vorlon gentoo org) [HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection 2005-04-20 Zinho (zinho hackerscenter com) [OpenPKG-SA-2005.006] OpenPKG Security Advisory (mysql) 2005-04-20 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] SUSE Security Announcement: RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026) 2005-04-20 Marcus Meissner (meissner suse de) SUSE Security Announcement: PostgreSQL buffer overflow problems (SUSE-SA-2005:027) 2005-04-20 Marcus Meissner (meissner suse de) [SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files 2005-04-20 joey infodrom org (Martin Schulze) DUportal Pro 3.4 has MANY Sql injection and Sql Errors. 2005-04-20 dcrab (dcrab hackerscenter com) Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: Very High Title: DUportal Pro 3.4 has M [ more ] [ reply ] [CLA-2005:947] Conectiva Security Announcement - MySQL 2005-04-20 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : MySQL SUMMARY : Fixes for two mysql vulnerabi [ more ] [ reply ] Capital One's website inadvertently assists phishing 2005-04-19 Joseph Barillari (bugtraq barillari org) (1 replies) Capital One's website has an unchecked redirect. I'm used to seeing these exploited by slashdot trolls (e.g., sending people to the goatse picture when they think they're going to microsoft.com), but this is the first case in which I've seen one at a bank's website. I emailed the Capital One people [ more ] [ reply ] Re: Capital One's website inadvertently assists phishing 2005-04-19 Allen Parker (infowolfe gmail com) |
|
Privacy Statement |
PMsoftware mini http server remote stack overflow exploit
author : c0d3r "kaveh razavi" c0d3rz_team (at) yahoo (dot) com [email concealed] c0d3r (at) ihsteam (dot) com [email concealed]
package : PMsoftware Web Server version 1.0
advisory :http://www.securiteam.com/windowsntfocus/5TP0B2KFGA.html
..........
see the attachment
[ more ] [ reply ]