|
|
Colapse all |
Post message
MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC 2005-04-19 Evgeny Pinchuk (EvgenyP Radware com) Vulnerability Details ===================== The vulnerability is a heap overflow in SvrAppendReceivedChunk function which is located in xlsasink.dll. When transmitting large chunks with X-LINK2STATE verb it is possible to overflow the heap and perform arbitrary memory write in RtlAllocateHeap functi [ more ] [ reply ] [ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities 2005-04-19 Thierry Carrez (koon gentoo org) [SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations 2005-04-19 joey infodrom org (Martin Schulze) File Selection May Lead to Command Execution (GM#015-IE) 2005-04-19 GreyMagic Security (security greymagic com) GreyMagic Security Advisory GM#015-IE ===================================== By GreyMagic Software. 19 Apr 2005. Available in HTML format at http://www.greymagic.com/security/advisories/gm015-ie/. Topic: File Selection May Lead to Command Execution. Discovery date: 18 Jan 2005. Affected applicat [ more ] [ reply ] UBB Thread printthread.php SQL Injection 2005-04-19 Hillel Himovich (hll netvision net il) UBB Thread /ubbthreads/printthread.php SQL Injection Yes\No vulnerability Full Disclosure Bug discovered By: Axl Exploit By: HLL (hllhll at gmail.com) 1. Introduction There Is a flaw in printthread.php due to insufficient bound checking of the 'main' query parameter wich allows a malicues SQ [ more ] [ reply ] Re: cpio TOCTOU file-permissions vulnerability 2005-04-19 Steve G (linux_4ever yahoo com) Hello, Since no fix has been posted, I've taken a stab at patching this. I think this patch solves all issues with chmod & chown. I would recommend people review this patch and apply since cpio can create suid files, devices, and directories with special permissions. I have a patch for coreutils mo [ more ] [ reply ] [SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability 2005-04-19 joey infodrom org (Martin Schulze) Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability 2005-04-19 Paul J Docherty (PJD portcullis-security com) Portcullis Security Advisory Original Bugtraq posting 08 April 2005, Resend 19 April 2005. Vulnerable System: This vulnerability affects EBay the auction websites. Vulnerability Title: Session Riding/Cross Site Request Forgery Attack. Vulnerability discovery and development: This issue w [ more ] [ reply ] [ GLSA 200504-17 ] XV: Multiple vulnerabilities 2005-04-19 Sune Kloppenborg Jeppesen (jaervosz gentoo org) MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities 2005-04-19 Mandriva Security Team (security mandriva com) - Argeniss - Oracle exploits and workarounds 2005-04-18 Cesar (cesarc56 yahoo com) http://www.argeniss.com/research.html Some exploits and workarounds for vulnerabilities fixed on Oracle Critical Patch Update April 2005. http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf (->Don't read if don't care about Oracle security...) You think you are secure because you [ more ] [ reply ] iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability 2005-04-18 iDEFENSE Labs (labs-no-reply idefense com) McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability iDEFENSE Security Advisory 04.18.05 http://www.idefense.com/application/poi/display?type=vulnerabilities April 18, 2005 I. BACKGROUND McAfee Internet Security Suite 2005 is a product used to protect a personal computer fro [ more ] [ reply ] The first open source spyware 2005-04-18 gilbert nzeka (dark_khaalel yahoo fr) Hi, Since a few years, the number of spywares is growing up but it's impossible to find a spyware's code source to analyse it and better understand their work. After kruegerware's (and its child) diffusion, I'm introducing you the first open source spyware. My goal is not to help people writin [ more ] [ reply ] [ GLSA 200504-16 ] CVS: Multiple vulnerabilities 2005-04-18 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure 2005-04-18 Team SHATTER (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-04.html April 18, 2005 Affected versions: Oracle Database Server version 10g Risk level: High Cre [ more ] [ reply ] [AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure 2005-04-18 Team SHATTER (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SQL Injection in CREATE_SCN_CHANGE_SET procedure AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-05.html April 18, 2005 Affected versions: Oracle Database Server version 10g Risk level: High Credits: Th [ more ] [ reply ] [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_METADATA package 2005-04-18 Team SHATTER (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple SQL Injection vulnerabilities in DBMS_METADATA package AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-03.html April 18, 2005 Affected Versions: Oracle Database Server versions 9i and 10g Risk L [ more ] [ reply ] [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages 2005-04-18 Team SHATTER (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-02.html April 18, 2005 Affected Versions: Oracle Database Serv [ more ] [ reply ] [AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia 2005-04-18 Team SHATTER (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denial of Service in Oracle interMedia AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-01.html April 18, 2005 Affected versions: Oracle Database Server versions 9i and 10g Risk level: Medium Credits: Th [ more ] [ reply ] ERNW Security Advisory 01/2005 2005-04-18 Mailinglists (mozilla ids-guide de) ERNW Security Advisory 01-2005 Buffer Overflow in PMSoftware's Simple Web Server Author: Michael Thumann <mthumann[at]ernw.de> 1. Summary: Simple Web Server doesn't do proper bounds checking handling normal GET requests. Sending an overlong page or script name, it causes an buffer overflow and an [ more ] [ reply ] [SECURITY] [DSA 710-1] New gtkhtml packages fix denial of service 2005-04-18 joey infodrom org (Martin Schulze) phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure 2005-04-18 deluxe security-project org Firesearching 1 + 2 [Firefox 1.0.2] 2005-04-18 mikx (mikx mikx de) __Notice I really wonder why the Mozilla Foundation decided to release a serious security update on a friday night and to disclose the link to my proof-of-concept code so quickly. It wasn't intendet from my side to release this as a 0day exploit. Please complain to security (at) mozilla (dot) org [email concealed] if you d [ more ] [ reply ] Firelinking [Firefox 1.0.2] 2005-04-18 mikx (mikx mikx de) __Notice I really wonder why the Mozilla Foundation decided to release a serious security update on a friday night and to disclose the link to my proof-of-concept code so quickly. It wasn't intendet from my side to release this as a 0day exploit. Please complain to security (at) mozilla (dot) org [email concealed] if you d [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
A-N-N-O-U-N-C-I-N-G P-A-K-C-O-N -- II
Pakistan's Underground Hacking Convention
<http://www.pakcon.org>
[ +-THEME-+ ]
We are proud to present PAKCON II, an underground hacking convention
held ann
[ more ] [ reply ]