|
|
Colapse all |
Post message
[SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution 2005-03-31 joey infodrom org (Martin Schulze) [CLA-2005:945] Conectiva Security Announcement - kernel 2005-03-31 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kernel SUMMARY : Kernel fixes DATE : 200 [ more ] [ reply ] Multiple sql injection, and xss vulnerabilities in Pay pal Storefront 2005-03-30 Diabolic Crab (dcrab hackerscenter com) Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple sql injection, and xss vulnerabilities in Pay pal Storefront Date: March 25, 2005 Summary: There are multiple sql injection, xss vulnerabilities in the Pay pal [ more ] [ reply ] Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. 2005-03-30 dcrab hackerscenter com In-Reply-To: <1112047432_32079 (at) S1.cableone (dot) net [email concealed]> I ran audit's on da latest version available for download on the Photopost website, and was unaware of your release so i apologise for the confusion. Dcrab >Received: (qmail 32267 invoked from network); 29 Mar 2005 22:1 [ more ] [ reply ] PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability 2005-03-30 dcrab hackerscenter com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: Medium Title: PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability Date: 31/03/2005 Vendor: PhpArena Vendo [ more ] [ reply ] [SECURITY] [DSA 700-1] New mailreader packages fix cross-site scripting vulnerability 2005-03-30 joey infodrom org (Martin Schulze) RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS 2005-03-30 Paul J Docherty (PJD portcullis-security com) Hi Kurt, Fdisk /MBR only replaces the boot code within the sector, it does not change in any way the Partition Information Block (PIB). Where the error lies is in the placement of the active bootable partition within the PIB, if it is not the first entry the bug appears. This is why standard diag t [ more ] [ reply ] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack 2005-03-30 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ================================================================= Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL attack ================================================================= Revision 1.0 For Public Release 2 [ more ] [ reply ] MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability 2005-03-30 Mandrakelinux Security Team (security linux-mandrake com) [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities 2005-03-29 PersianHacker Team (pi3ch yahoo com) [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities Date: 2005 03 Bug Number: 11 Ublog Ublog reload is a complete ASP weblog system. More info @: http://www.uapplication.com Discussion: -------------------- What are the bugs ? 1) Cross-Site Scripting that lets atta [ more ] [ reply ] Portcullis Security Advisory 05-011 ACPI 1.6 BIOS 2005-03-29 Paul J Docherty (PJD portcullis-security com) (1 replies) Portcullis Security Advisory Vulnerable System: This vulnerability affects any workstation running the ACPI 1.6 BIOS implementation. Vulnerability Title: BIOS code logic error Vulnerability discovery and development: The Portcullis R&D team discovered this vulnerability. Whilst assessing [ more ] [ reply ] Multiple phpCoin Vulnerabilities 2005-03-29 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research March 28th, 2005 ########################################################## # Vendor : COINSoft Technologies Inc. # URL : http://www.phpcoin.com/ # Version : phpCoin v1.2.1b && Earlier # Risk : Multiple [ more ] [ reply ] Multiple XSS vulnerabilities in ACS Blog 2005-03-28 Dan Crowley (dan crowley gmail com) These vulnerabilities have been tested on the latest version of ACS Blog. (v1.1.1) In the comments section of ACS Blog, it is possible to execute an XSS attack through the [link], [mail], and [img] tags, due to lack of filtering of single quotes and spaces inside the tags. Examples/PoCs: [link=ht [ more ] [ reply ] Code insertion in Blogger comments 2005-03-28 Antone Roundy (antone geckotribe com) Having notified Blogger of this twice over the course of a number of months, and not seeing them take any action (beyond saying that they'll look at it) or warn their users, I think it's time to warn people. Under the following conditions, Blogger weblogs are vulnerable to executable code inser [ more ] [ reply ] abuse & security issues > Israel 2005-03-29 Gadi Evron (gadi tehila gov il) Hello. Back in the mid 90th, it has become a fact that Israel was one of the main focal points of Internet abuse in the world, and reaching abuse contacts was very difficult. Today, we no longer hold that title. Also, some of the ISP's in Israel are now very responsive to abuse, it is not true [ more ] [ reply ] Re: Security Flaw with Digital signatures in Microsoft Outlook 2005-03-29 dori we-can co il In-Reply-To: <20050325202052.15663.qmail (at) www.securityfocus (dot) com [email concealed]> Mr Roberto managed to change email headers ? ?from address?. Security Professionals know the email headers can't be trusted and can be easily forged. Most Outlook users *do not*. The ?signed by? and the certificate signer remain vali [ more ] [ reply ] [PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities 2005-03-29 PersianHacker Team (pi3ch yahoo com) [PersianHacker.NET 200503-12]Chatness 2.5.1 and prior Html Injection Vulnerability Date: 2005 March Bug Number: 12 Chatness Chatness is a PHP based chat script.It has enough flexibility to fit any users needs, and enough modification options to customly fit into any site http://www.chatness.us D [ more ] [ reply ] Code insertion in Blogger comments 2005-03-29 Antone Roundy (antone geckotribe com) Having notified Blogger of this twice--once early last October and again mid-January of this year--and not seeing them take any action (beyond saying that they'll look at it) or warn their users, I think it's time to warn people. Under the following conditions, Blogger weblogs are vulnerable to [ more ] [ reply ] [SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution 2005-03-29 joey infodrom org (Martin Schulze) Invision Power Board v2.0.3 XSS vulnerabilities 2005-03-29 hoang yen (vnwebmasters yahoo com) Invision Power Board v2.0.3 XSS vulnerabilities found more at user signature. when Admin read attacker topics, admin will lost his pass_hash example [session_id=f2600ff71ea895e6b9dedb5fd9480d16;%20member_id=48;%20pass_has h=8ee00894ca583f64a85fd41a47048d14;%20topicsread=a%3A7%3A%7Bi%3A498%3Bi% 3A11 [ more ] [ reply ] Multiple sql injection, and xss vulnerabilities in PortalApp 2005-03-29 dcrab hackerscenter com Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: Medium Title: Multiple sql injection, and xss vulnerabilities in PortalApp. Date: March 30, 2005 Vendor: AspApp Vendor site: http://www.aspapp.com Summary: There are multiple sql injection [ more ] [ reply ] |
|
Privacy Statement |
bzip2 TOCTOU file-permissions vulnerability
================================
Software: bzip2
Version: 1.0.2
Software URL: <http://sources.redhat.com/bzip2/>
Platform: Unix, Linux.
Vulnerability type: Time-of-Check-Time-Of-Use
Severity: Low, requires local attacker
[ more ] [ reply ]