|
|
Colapse all |
Post message
RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit 2005-03-25 rexolab (research rexotec com) Security Flaw with Digital signatures in Microsoft Outlook 2005-03-25 Roberto Franceschetti (roberto logsat com) On 10/21/2004 the following vulnerability was reported to Microsoft: Security Flaw with Digital signatures in Microsoft Outlook - Emails in Microsoft Outlook digitally signed with S/MIME using either a commercial personal certificate like Verisign or using a certificate issued by MS Certificate S [ more ] [ reply ] Which anti-spyware cleaner is the best? 2005-03-24 Paul Laudanski (zx castlecops com) Our new survey is now up and ready for polling: click here to vote http://castlecops.com/modules.php?name=Surveys&pollID=30 19 of the most popular and known anti-spyware cleaners can be selected. Like all our previous surveys, this one too takes in unique votes, so choose wisely! This survey looks [ more ] [ reply ] LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1 2005-03-24 Matt Hargett (matt hargett logiclibrary com) LogicLibrary BugScan Vulnerability Summary Report (VSR) Trillian 2.0, 3.0 and 3.1 3/23/2005 I. Background This report is based on the example in Guidelines for Security Vulnerability Reporting and Response, provided by the Organization for Internet Safety (OIS). The template for this document can [ more ] [ reply ] Secure Science issues preview of their upcoming block cipher 2005-03-24 BugTraq (bugtraq securescience net) (1 replies) Secure Science is offering a preview of one of the 3 ciphers they will be publishing througout the year. The CS2-128 cipher is a 128-bit block cipher with a 128 bit key. This cipher is proposed as an alternative hardware-based cipher to AES, being that it is more efficient in hardware, simpler t [ more ] [ reply ] Re: Secure Science issues preview of their upcoming block cipher 2005-03-25 Adam Shostack (adam homeport org) [ GLSA 200503-28 ] Sun Java: Web Start argument injection vulnerability 2005-03-24 Thierry Carrez (koon gentoo org) [USN-99-2] Fixed php4 packages for USN-99-1 2005-03-24 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-99-2 March 24, 2005 php4 vulnerabilities CAN-2004-1064 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The f [ more ] [ reply ] Re: New Whitepaper: Anti Brute Force Resource Metering 2005-03-24 Jason W (bugtraq oremhighalumni com) (1 replies) In-Reply-To: <20050321182737.81B6B15F507 (at) mail.ngssoftware (dot) com [email concealed]> >Resource metering through client-side computationally intensive "electronic >payments" can provide an alternative strategy in defending against brute >force guessing attacks. The first question I had was, Why not just use a turing [ more ] [ reply ] Re: New Whitepaper: Anti Brute Force Resource Metering 2005-03-24 Joachim Schipper (j schipper math uu nl) [USN-100-1] cdrecord vulnerability 2005-03-24 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-100-1 March 24, 2005 cdrtools vulnerability http://bugs.debian.org/291376 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (War [ more ] [ reply ] SUSE Security Announcement: MySQL vulnerabilities (SUSE-SA:2005:019) 2005-03-24 Marcus Meissner (meissner suse de) Firescrolling 2 [Firefox 1.0.1] 2005-03-24 mikx (mikx mikx de) (1 replies) __Summary Even though Firefox 1.0.1 patched one of the key bugs behind my firescrolling exploit (the ability of plugins to load chrome files in a hidden frame) the ability to hijack a drag and drop operation and open a privileged xul file is still available. The demo opens "chrome://global/cont [ more ] [ reply ] Hashcash in mail (was: New Whitepaper: Anti Brute Force Resource Metering) 2005-03-24 Peter J. Holzer (hjp wsr ac at) On 2005-03-23 21:25:03 -0000, Gunter Ollmann (NGS) wrote: > > You claim that hashcash "has already proven to positively reduce the > > success" of spammers. Is there any example of hashcash being > > deployed in e-mail systems? I don't know any and I can't even > > offhand think of any feasible meth [ more ] [ reply ] SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:018) 2005-03-24 Marcus Meissner (meissner suse de) Black Hat Briefings & Trainings: Registration now open! 2005-03-24 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello BugTraq readers, I would like to make some brief announcements regarding upcoming Black Hat events. Our European show is coming to Amsterdam, March 31-April 1. Our on-line registration will be closing this Thursday, March 24. If you wish to regi [ more ] [ reply ] Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB 2005-03-24 Alberto Trivero (trivero jumpy it) ********************************************************************* * CODEBUG Labs * Advisory #8 * Title: Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB * Author: Alberto Trivero * English Version: Alberto Trivero * Product: Topic Calendar 1.0.1 * Type: Multiple Vulnerabilities * Web: [ more ] [ reply ] RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off 2005-03-23 Scrimsher, John P (john scrimsher hp com) Eitan What you have described is an ongoing issue at least since Version 7 of the Symantec Corporate Edition antivirus product. I have personally talked with Symantec about it as well. However it does not pose the security risk that you appear to believe it does. In my personal opinion, it poses [ more ] [ reply ] RE: Details of Sybase ASE bugs withheld 2005-03-23 Evans, Arian (Arian Evans fishnetsecurity com) >-----Original Message----- >From: Jay Libove [mailto:libove (at) felines (dot) org [email concealed]] >I think Simple Nomad wrote an excellent analysis of the problem of a COTS >vendor (in this case, Sybase) "requesting" (make legal threats) against a >security research firm to not disclose the details of a discovered vuln [ more ] [ reply ] RE: [ISN] How To Save The Internet 2005-03-23 Arndt WA forces gc ca (1 replies) Jason Coombs wrote: > > David Gillett wrote: > > are the various rights of the owner > > of the CPU, the *operator* of the > > CPU, and the owner of the *data*, > > each of whom may have a more or > > less legitimate say in what code > > actually gets executed. > > Nonsense. Absurd, ridiculous non [ more ] [ reply ] [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 2005-03-23 Maksymilian Arciemowicz (max jestsuper pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11] Author: Maksymilian Arciemowicz (cXIb8O3) Date: 22.3.2005 from SECURITYREASON.COM TEAM - --- 0.Description --- PHPSysInfo 2.3 is a customizable PHP Script that parses /proc, and formats informati [ more ] [ reply ] Vortex Portal 2005-03-23 Francisco Alisson (dominusvis click21 com br) Vortex Portal Multiples Bugs Vendor: http://www.VortexPortal.net Contact: Brian Price Email: VGChatter (at) shaw (dot) ca [email concealed] I. Remote File Inclusion: content.php --> ... if (!isset($act)) { require_once("main.php"); } else { require_once("$act.php"); ... ?> index.php --> ... require_once($root_di [ more ] [ reply ] |
|
Privacy Statement |
Talte Security Advisory #3
Product: phpMyDirectory 10.1.3-rel
Homepage: http://www.phpmydirectory.com/
Risk: low
Type: Cross Site Scripting
Bug Found by: "Talte Security - mircia"
phpMyDirectory is a multi-purpose script,
this script can be successfully implemented
for Proffesional Yellow pages,
[ more ] [ reply ]