|
|
Colapse all |
Post message
IRM 011: Sygate,Security Agent (Sygate Secure Enterprise) Fail Open DoS 2005-04-12 IRM Advisories (advisories irmplc com) Centra 7 XSS Exploit 2005-04-12 Clorox (elac2k hotmail com) Centra is a program used by businesses and colleges, it allows users to stream microsoft office and other applications over the web in a nice enviroment with voip options. However on root directory when you go in to enroll for a session if you create or modify your username, first name, or last n [ more ] [ reply ] QuickTime for Windows malformed GIF DoS 2005-04-13 liquid cyberspace org QuickTime for Windows has problems with malformed GIF images. Open test.gif with PictureViewer and it will crash. DrWatson is reporting access violation. Main reason for crash is malformed value of "depth start", in test.gif this value is set to 255 (0xff hexadecimal). I've tested about twenty dif [ more ] [ reply ] iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability 2005-04-12 iDEFENSE Labs (labs-no-reply idefense com) Microsoft MSHTA Script Execution Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=231&type=vulnerabilities April 12, 2005 I. BACKGROUND Microsoft HTML Application Host (MSHTA) is part of the Microsoft Windows operating system and is needed to execute . [ more ] [ reply ] iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability 2005-04-12 iDEFENSE Labs (labs-no-reply idefense com) Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=228&type=vulnerabilities April 12, 2005 I. BACKGROUND Internet Explorer is a set of core technologies in Microsoft Windows operating systems that p [ more ] [ reply ] iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability 2005-04-12 iDEFENSE Labs (labs-no-reply idefense com) Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=230&type=vulnerabilities April 12, 2005 I. BACKGROUND The Win32 application-programming interface (API) offers a console windows feature that provides a means t [ more ] [ reply ] iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability 2005-04-12 iDEFENSE Labs (labs-no-reply idefense com) Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=229&type=vulnerabilities April 12, 2005 I. BACKGROUND Internet Explorer is a set of core technologies in Microsoft Windows operating syst [ more ] [ reply ] WebCT 4.1 vulnerable to XSS attacks 2005-04-11 lacertosum yahoo com The discussion board feature of WebCT is vulnerable to XSS. Here is the proof of concept: When you are composing a new message, in the message field of the form, type this: </pre><table background=java script:alert("XSS Warning")> </table> Then submit the message. You should see a JavaScri [ more ] [ reply ] Sql injection in jPortal version 2.3.1 (module banner) 2005-04-12 Marcin \CiNU5\ Krupowicz (marcin krupowicz gmail com) Hello BugTraq, I've found possibility to inject sql code in jPortal version 2.3.1, in module "banner" (module/banner.inc.php). Bug is in these lines of code: $query = "SELECT * FROM $bann_a_tbl WHERE title='$haslo' ORDER BY id DESC"; (line 192) There is unfiltered variable $haslo. In order to pat [ more ] [ reply ] rpdump TOCTOU file-permissions vulnerability 2005-04-10 Imran Ghory (imranghory gmail com) ================================ rpdump TOCTOU file-permissions vulnerability ================================ Software: rpdump (part of the Pine mail package) Version: Pine 4.62 Software URL: <http://www.washington.edu/pine/> Platform: Unix, Linux. Vulnerability type: Time-of-Check-Time-Of-Use Se [ more ] [ reply ] AzDGDatingPlatinum multiple vulnerabilities 2005-04-09 kre0n mail ru ADZ Security Team =================== Info Program: AzDGDatingPlatinum Version: tested 1.1.0 Modules: view.php, members/index.php Bug type: SQL Injection, XSS Vendor site: http://www.azdg.com/ Vendor Informed: Yes =================== Bug Info SQL Injection: At module view.php I've found a logic [ more ] [ reply ] XV multiple buffer overflows (update) 2005-04-11 Greg Roelofs (newt pobox com) XV is a Unix/X11-based image viewer/converter with some editing capabilities. It has been distributed by John H. Bradley and the University of Pennsylvania as (shared-source) shareware for the last 15 years or so. Primary development appears to have ceased as of early 1995, and all forms of mainte [ more ] [ reply ] Microsoft Jet (msjet40.dll) Exploit 2005-04-11 Stuart Pearson (spearson computerterrorism com) /* * -------------------------------------- * * Microsoft Jet (msjet40.dll) Exploit * * -------------------------------------- * * Author: * ---------- * S.Pearson * Computer Terrorism (UK) * www.computerterrorism.com * 11/04/2005 * * * Credits: * ---------- * Hexview (original advisory) * * * T [ more ] [ reply ] Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2 2005-04-09 dcrab (dcrab hackerscenter com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Se [ more ] [ reply ] Sql injection in jPortal version 2.3.1 (module banner) 2005-04-11 Marcin \CiNU5\ Krupowicz (marcin krupowicz gmail com) Hello BugTraq, I've found possibility to inject sql code in jPortal version 2.3.1, in module "banner" (module/banner.inc.php). Bug is in these lines of code: [code] $query = "SELECT * FROM $bann_a_tbl WHERE title='$haslo' ORDER BY id DESC"; [/code] - line 192. There is unfiltered variable $haslo. [ more ] [ reply ] [WHITEPAPER] Bugger The Debugger 2005-04-11 Brett Moore (brett moore security-assessment com) Bugger The Debugger - Pre Interaction Debugger Code Execution The use of debuggers to analyse malicious or otherwise unknown binaries has become a requirement for reverse engineering executables to help determine their purpose. While researchers in places such as anti-virus laboratories have alwa [ more ] [ reply ] Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED] 2005-04-11 dcrab (dcrab hackerscenter com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory (http://www.digitalparadox.org/services.ah) [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Severity: Medium Title: Invision board 1.3.1 and below are vulnerable to a sql injectio [ more ] [ reply ] Zone-H 2004 statistics are ready to be downloaded 2005-04-12 Gerardo Astharot Di Giacomo (astharot zone-h org) The graphical statistics for the year 2004 are finally ready! They also contains excerpts of the year 2002 amd 2003 when needed. There are two files a nice PDF document which can be downloaded here http://www.zone-h.org/download/file=5396/ while the full set of data in txt format, ready to be [ more ] [ reply ] [ GLSA 200504-08 ] phpMyAdmin: Cross-site scripting vulnerability 2005-04-11 Luke Macken (lewk gentoo org) iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow 2005-04-11 iDEFENSE Labs (labs-no-reply idefense com) Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow iDEFENSE Security Advisory 04.11.05 www.idefense.com/application/poi/display?id=232&type=vulnerabilities April 11, 2005 I. BACKGROUND BrightStor ARCserve Backup provides backup and restore protection for all classes o [ more ] [ reply ] Re: Microsoft Explorer Denial of Service 2005-04-07 Luca Ercoli (io lucaercoli it) Are you sure that the same GIF vulnerability has already been discussed? Those are the disclosures already posted: - Windows XP explorer.exe heap overflow [http://www.securityfocus.com/archive/1/354783]: (A malformed .emf file can cause an exploitable heap overflow) - Microsoft Internet Explor [ more ] [ reply ] Multiple ModernBill 4.3.0 And Earlier Vulnerabilities 2005-04-10 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research April 10th, 2005 ########################################################## # Vendor : ModernGigabyte, LLC # URL : http://www.modernbill.com/ # Version : ModernBill 4.3.0 && Earlier # Risk : Multiple Vu [ more ] [ reply ] ================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.2.1 Software URL: <http://www.gnu.org/software/cor 2005-04-06 Imran Ghory (imranghory gmail com) ================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.2.1 Software URL: <http://www.gnu.org/software/coreutils/> Platform: Unix, Linux. Vulnerability t [ more ] [ reply ] |
|
Privacy Statement |
Sygate Security Agent (Sygate Secure Enterprise) Denial of Service
Problem Discovered: January 24th 2005
Vendor contacted: March 8th 2005
Advisory published: April 11th 2005
Abstract
--------
Sygate Secure Enterprise includes a Security Agent (SSA) that runs on a
c
[ more ] [ reply ]