|
|
Colapse all |
Post message
OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP 2005-03-01 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP Advisory number: SCOSA-2005.3 Issue date: 2005 February 28 Cross refere [ more ] [ reply ] phpBB <= 2.0.12 UID Exploit 2005-03-01 federico gonzales (elrengo94 hotmail com) I made this exploit for get admin permissions in forums phpbb2 2.0.12. It requires mozilla or firefox installed. The instructions are in the exploit. Byes /* Author: Paisterist Date: 28-02-05 [N]eo [S]ecurity [T]eam © Description: this exploit modify the user id that is in your cookies.txt (Fir [ more ] [ reply ] Kernelpanik Labs Digest 2005-2 2005-03-01 Kernelpanik Labs - Security Lists (seclists kernelpanik org) Hi, This is a email digest with security fails recently published by Kernelpanik Labs (http://www.kernelpanik.org). paNews 2.0.4b ------------- Remote SQL injection and command execution. Spanish: http://www.kernelpanik.org/docs/kernelpanik/panews.txt cuteNews 1.3.6 -------------- Remote XSS and [ more ] [ reply ] IObjectSafety and Internet Explorer 2005-03-01 Shane Hird (shanehird yahoo com) --------------------Summary Problems with ActiveX in Internet Explorer are nothing new. However, I believe there is a design flaw in the way they are implemented in IE which could be easily corrected, but has never been addressed. The following issues with the use of IObjectSafety in Internet Expl [ more ] [ reply ] [SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities 2005-03-01 chewkeong security org sg SIG^2 Vulnerability Research Advisory RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities by Tan Chew Keong Release Date: 01 Mar 2005 ADVISORY URL http://www.security.org.sg/vuln/raidenhttpd1132.html SUMMARY RaidenHTTPD Server (http://www.raidenhttpd.com/en/index.ht [ more ] [ reply ] Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error 2005-03-01 dveditz cruzio com > Quoting iDEFENSE Labs <labs-no-reply (at) idefense (dot) com [email concealed]>: > > > iDEFENSE Labs have confirmed The Mozilla Organization's Mozilla 1.7.1 > > and 1.7.3, as well as Firefox 0.10.1 are vulnerable to this > > issue. A check on the source code for Firefox 1.0 suggests it is also > > vulnerable. It is suspecte [ more ] [ reply ] [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] 2005-03-01 JoCaNoR SeCuRiTy TeaM (jocanor gmail com) [Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor] Author: Jocanor Date: 01-03-2k5 1. -----------introduction--------. Postnuke is an open source CMS (content management system), originally based in php-nuke. (www.postnuke.com) pnphpbb is a module for postnuke based in popular f [ more ] [ reply ] Firefox Software Update 2005-02-27 Kai Howells (kai rocketcat info) (2 replies) It appears that there is a problem with the Firefox Software Update, at least in Firefox 1.0 on Windows and Mac OS X. In Preferences -> Advanced -> Software Update there are checkboxes to Periodically check for updates to Firefox and My Extensions. It doesn't appear that this feature works at al [ more ] [ reply ] [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 2005-02-28 Maksymilian Arciemowicz (max jestsuper pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1] Author: cXIb8O3(Maksymilian Arciemowicz) Date: 15.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release (0.760-RC2=>x) PostNuke is an open source, open de [ more ] [ reply ] [SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2 2005-02-28 Maksymilian Arciemowicz (max jestsuper pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2] Author: cXIb8O3(Maksymilian Arciemowicz) Date: 19.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release (0.750) and (0.760-RC2) PostNuke is an open source, open dev [ more ] [ reply ] [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 2005-02-28 Maksymilian Arciemowicz (max jestsuper pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3] Author: cXIb8O3(Maksymilian Arciemowicz) Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release (0.750) and (0.760-RC2) PostNuke is an open source, open de [ more ] [ reply ] [Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage 2005-02-28 Hat-Squad Security Team (bugtraq hat-squad com) February 28, 2005 Hat-Squad Advisory: GFI L.N.S.S 5.0- Insecure Credential Storage Product: GFI Languard Network Security Scanner Vendor Url: http://gfi.com/ Version: 5.0 Vulnerability: Insecure Credential Storage Release Date: February 28, 2005 Vendor Status: Informed on 22 February 2005 Re [ more ] [ reply ] iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error 2005-02-28 iDEFENSE Labs (labs-no-reply idefense com) (1 replies) Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=200&type=vulnerabilities February 28, 2005 I. BACKGROUND Mozilla is an open-source web browser, designed for standards compliance, perfo [ more ] [ reply ] Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error 2005-02-28 Miles Beck (mbeck fastq com) 7a69Adv#22 - UNIX unzip keep setuid and setgid files 2005-02-28 Albert Puigsech Galicia (ripe 7a69ezine org) (1 replies) - ------------------------------------------------------------------ 7a69ezine Advisories 7a69Adv#22 - ------------------------------------------------------------------ http://www.7a69ezine.org [26/01/2005] - --------------------------------- [ more ] [ reply ] Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files 2005-02-28 John Simpson (jms1 jms1 net) (1 replies) Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files 2005-03-01 Han Boetes (hanOUTOFOFFICETRAP mijncomputer nl) iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability 2005-02-28 iDEFENSE Labs (labs-no-reply idefense com) KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=208&type=vulnerabilities February 28, 2005 I. BACKGROUND KPPP is a dialer and front end for pppd. It allows for interactive script generation and network setup. More [ more ] [ reply ] WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein 2005-02-28 robert webappsec org The Web Application Security Consortium is proud to present 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' written by Amit Klein. In this article Amit discusses the risks associated with using a local search engine that indexes its content locally. This document can [ more ] [ reply ] |
|
Privacy Statement |
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG006
[] Monday 03/01/05
[] 427BB
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use th
[ more ] [ reply ]