|
|
Colapse all |
Post message
[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability 2005-03-22 Alexander Anisimov (anisimov ptsecurity com) Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off 2005-03-22 BoneMachine (bonemach sdf lonestar org) Hi, I am not sure if I understand your point. I thought that the Symantec antivirus (and the norton/symantec corporate edition antivirus) products had (at least) two parts. One part is the scanner that runs as a service with system privileges and is meant to perform the (realtime)scans. The other p [ more ] [ reply ] RUXCON 2005 Call for Papers 2005-03-22 cfp ruxcon org au (RUXCON Call for Papers) Call For Papers RUXCON would like to announce the call for papers for the third annual RUXCON conference. Breaking from the RUXCON tradition of having the conference in winter months, this year the conference will be ran during the 1st and 2nd of October. As with previous years, RUXCON will be [ more ] [ reply ] Mac OSX[CF_CHARSET_PATH]: local root exploit. 2005-03-22 Vade 79 (v9 fakehalo deadpig org) This is simply an exploit for the iDefense adv posted today/yesterday, exploits via /usr/bin/su. original adv: www.idefense.com/application/poi/display?id=219&type=vulnerabilities original exploit: http://fakehalo.us/xosx-cf.c --- example usage --- server:/tmp v9$ id uid=502(v9) gid=502(v9) g [ more ] [ reply ] Kayako eSupport Cross Site Scripting 2005-03-22 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research March 22, 2005 ########################################################## # Vendor : Kayako Web Solutions # URL : http://www.kayako.com/ # Version : Kayako eSupport v2.3 # Risk : Cross Site Scripting [ more ] [ reply ] Nortel VPN Client Issue: Clear-text password stored in memory 2005-03-22 Roy Hills (Roy Hills nta-monitor com) Nortel VPN Client Issue: Clear-text password stored in memory Summary: NTA Monitor have discovered a password disclosure issue in the Nortel Windows VPN client: The Nortel client stores the password in an obfuscated form in the Windows registry, but it also stores the unencrypted password in p [ more ] [ reply ] MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities 2005-03-22 Mandrakelinux Security Team (security linux-mandrake com) [SECURITY] [DSA 696-1] New perl packages fix privilege escalation 2005-03-22 joey infodrom org (Martin Schulze) SecurityForest Exploitation Framework Beta has been released! 2005-03-21 Alon Swartz (loni securityforest com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Guys, The Security Forest Exploitation Framework Beta has been released and is available for download: http://www.securityforest.com/wiki/index.php/Exploitation_Framework SecurityForest's Exploitation Framework is similar in concept to the open-sou [ more ] [ reply ] Re: [ISN] How To Save The Internet 2005-03-21 Jason Coombs (jasonc science org) InfoSec News wrote: > Forwarded from: security curmudgeon <jericho (at) attrition (dot) org [email concealed]> > Cc: sberinato (at) cio (dot) com [email concealed] > ... Big load of crap ... > : http://www.cio.com/archive/031505/security.html > : BY SCOTT BERINATO > : serial numbers and control their distribution. James Whittaker says > : programmable PCs [ more ] [ reply ] iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability 2005-03-21 iDefense Customer Service (customerservice idefense com) Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability iDEFENSE Security Advisory 03.21.05 www.idefense.com/application/poi/display?id=219&type=vulnerabilities March 21, 2005 I. BACKGROUND Mac OS X is an operating system for the Apple family of microcomputers. More information is available at th [ more ] [ reply ] New Whitepaper: Anti Brute Force Resource Metering 2005-03-21 Gunter Ollmann (NGS) (gunter ngssoftware com) Hi List, It's been a couple of months since my last whitepaper, so time for a new one. This new whitepaper focuses upon a method known as "resource metering" to actively restrict (and possibly prevent) many brute force guessing attack vectors that target custom web authentication processes. The p [ more ] [ reply ] phpMyFamily 1.4.0 SQL vulnerabilities 2005-03-21 kre0n mail ru ADZ Security Team =================== Info Program: phpMyFamily Version: 1.4.0 Modules: people.php, track.php, edit.php, document.php, census.php, passthru.php and other.. Bug type: SQL Injection Vendor site: http://www.phpmyfamily.net/ Vendor Informed: Yes =================== Bug Info Basic SQL [ more ] [ reply ] Details of Sybase ASE bugs withheld 2005-03-21 NGSSoftware Insight Security Research (nisr nextgenss com) (1 replies) In 2004, NGSS reported a number of serious security issues in Sybase ASE to Sybase, which Sybase has released patches for: http://www.sybase.com/detail?id=1034520 NGSS advise all Sybase ASE customers to review the advice that Sybase provided in the alert above, and apply the relevant patches as so [ more ] [ reply ] Re: [VulnWatch] Details of Sybase ASE bugs withheld 2005-03-21 Halvar Flake (HalVar gmx de) (1 replies) Re: [VulnWatch] Details of Sybase ASE bugs withheld 2005-03-21 David Litchfield (davidl ngssoftware com) (1 replies) [ GLSA 200503-27 ] Xzabite dyndnsupdate: Multiple vulnerabilities 2005-03-21 Thierry Carrez (koon gentoo org) Re: Thoughts and a possible solution on homograph attacks 2005-03-20 Duncan Simpson (dps simpson demon co uk) (1 replies) Homograph attacks might be a closed subject but nobody has mentioned this, so maybe I should. Surely it is possible for a web browser to apply some similar character mapping rules and react only if it finds something. Thus if the IDN looks like www.ebay.com on the screen the web browser will notice [ more ] [ reply ] Re: Thoughts and a possible solution on homograph attacks 2005-03-21 Nick FitzGerald (nick virus-l demon co uk) phpMyFamily 1.4.0 SQL vulnerabilities 2005-03-20 kreon (kre0n mail ru) ADZ Security Team =================== Info Program: phpMyFamily Version: 1.4.0 Modules: people.php, track.php, edit.php, document.php, census.php, passthru.php and other.. Bug type: SQL Injection Vendor site: http://www.phpmyfamily.net/ Vendor Informed: Yes =================== Bug Info Basic SQL-I [ more ] [ reply ] Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability 2005-03-19 Sheldon King (sheldon fileblitz com) In-Reply-To: <20050319082025.28662.qmail (at) www.securityfocus (dot) com [email concealed]> The main developer Digitanium was notified, a patch has been developed and released on the main website. Quote from Main Developer Digitanium at http://www.php-fusion.co.uk Pi3cH has reported a cross-site-scripting vulnerability. PHP [ more ] [ reply ] Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability 2005-03-19 Sheldon King (sheldon fileblitz com) A patch has now been made available at php-fusion.co.uk -Sheldon King PHP Fusion Beta Team ----- Original Message ----- From: "PersianHacker Team" <pi3ch (at) yahoo (dot) com [email concealed]> To: <bugtraq (at) securityfocus (dot) com [email concealed]> Sent: Saturday, March 19, 2005 3:20 AM Subject: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html I [ more ] [ reply ] Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability 2005-03-19 Sheldon King (sheldon fileblitz com) This is not part of PHP Fusion v5.01 This is an available mod addon supplied by the main developer Digitanium for an IIS Compatibility. This setuser.php will not implemented into PHP Fusion until v5.02 and is not mainstream accross the fusion community. I have notified the main developer Digitaniu [ more ] [ reply ] [SECURITY] [DSA 695-1] New xli packages fix several vulnerabilities 2005-03-21 joey infodrom org (Martin Schulze) -==PVDasm Long Name Debug Vulnerability==- 2005-03-20 HaCkZaTaN (hck_zatan hotmail com) /* -------------------------------------------------------- [N]eo [S]ecurity [T]eam [NST]® - Advisory #10 - 19/03/05 -------------------------------------------------------- Program: PVDasm Homepage: http://pvdasm.reverse-engineering.net/ Vulnerable Versions: v1.6b & lowers Risk: Medium!! Impact [ more ] [ reply ] [CLA-2005:940] Conectiva Security Announcement - curl 2005-03-21 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : curl SUMMARY : Fix for cURL vulnerability DAT [ more ] [ reply ] -==CoolForum Path Disclosure & Possible SQL Injection==- 2005-03-20 HaCkZaTaN (hck_zatan hotmail com) /* -------------------------------------------------------- [N]eo [S]ecurity [T]eam [NST]® - Advisory #11 - 20/03/05 -------------------------------------------------------- Program: CoolForum Homepage: http://coolforum.net/ Vulnerable Versions: CoolForum v.0.8.1 beta & Lowers Risk: Low!! Impact [ more ] [ reply ] |
|
Privacy Statement |
[ Positive Technologies SA-20050322 ]
Phorum "location" HTTP Response Splitting Vulnerability.
Release Date: 03/22/2005
Date Reported: 03/10/2005
Severity: Medium
Application: Phorum
Platform: PHP
Vendor: http://www.phorum.org
[ more ] [ reply ]