|
|
Colapse all |
Post message
Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software 2005-02-14 Maximillian Dornseif (dornseif informatik rwth-aachen de) Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software A group of students at our lab called RedTeam found a cross site scripting vulnerability in openconf which results in possible session takeover. Details ======= Product: openconf Affected Version: 1.04, pr [ more ] [ reply ] [ GLSA 200502-18 ] VMware Workstation: Untrusted library search path 2005-02-14 Thierry Carrez (koon gentoo org) UPDATE: [ GLSA 200501-36 ] AWStats: Remote code execution 2005-02-14 Thierry Carrez (koon gentoo org) [ GLSA 200502-23 ] KStars: Buffer overflow in fliccd 2005-02-16 Sune Kloppenborg Jeppesen (jaervosz gentoo org) xprobe2 v0.2.2 released 2005-02-16 Ofir Arkin (ofir sys-security com) The xprobe2 development team is pleased to announce the immediate availability of Xprobe2 v0.2.2. Xprobe2 is a remote active operating system fingerprinting tool which uses advanced techniques, some which where first to be introduced with Xprobe2, such as the usage of statistical analysis ('fuzz [ more ] [ reply ] Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. 2005-02-16 Janusz A. Urbanowicz (alex bofh net pl) On Mon, Feb 14, 2005 at 10:28:22AM -0500, Christopher Jastram wrote: > >X.509/TLS is not for assuring if the server you are connected to is lawful. > Could a CA be held liable for certifying a domain that was clearly > intended to deceive for unlawful purposes? Perhaps as an accessory to the > cr [ more ] [ reply ] [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi 2005-02-16 Dirk Mueller (dirk kde org) [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi 2005-02-16 Dirk Mueller (mueller kde org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: Buffer overflow in fliccd of kdeedu/kstars/indi Original Release Date: 2005-02-15 URL: http://www.kde.org/info/security/advisory-20050215-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011 [ more ] [ reply ] MDKSA-2005:038 - Updated emacs/xemacs packages fix vulnerability 2005-02-16 Mandrakelinux Security Team (security linux-mandrake com) Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? 2005-02-16 K-OTiK Security (Special-Alerts k-otik com) In-Reply-To: <42126DAD.7090704 (at) norwich (dot) edu [email concealed]> 6.4 was released on 2005-02-14 13:13 Fixes: - Fix security hole that allowed a user to read log file content even when plugin rawlog was not enabled. - Fix a possible use of AWStats for a DoS attack. - configdir option was broken on windows servers. - [ more ] [ reply ] [ GLSA 200502-22 ] wpa_supplicant: Buffer overflow vulnerability 2005-02-16 Matthias Geerdsen (vorlon gentoo org) Re: BrightStor ARCserve Backup buffer overflow PoC 2005-02-15 Williams, James K (James Williams ca com) > Subject: BrightStor ARCserve Backup buffer overflow PoC > From: <cybertronic () gmx ! net> > Date: 2005-02-11 18:19:23 > Message-ID: <20050211181923.27031.qmail () www ! securityfocus ! com> > > //cybertronic (at) gmx (dot) net [email concealed] > > #include <stdio.h> > [...snip...] > To: BugTraq > Subject: [ more ] [ reply ] Re: vbulletin 3.0.x PHP code execution 2005-02-15 AL3NDALEEB. (al3ndaleeb uk2 net) In-Reply-To: <opsl7ypolvsmddlu@sampah> with nested variable you can't run PHP CODE but you can evaluate value of variables . ex: forumdisplay.php?GLOBALS[]=1&f=2&comma=$admincpdir forumdisplay.php?GLOBALS[]=1&f=2&comma=$dbname >On 13 Feb 2005 17:16:35 -0000, AL3NDALEEB <al3ndaleeb (at) uk2 (dot) net [email concealed]> wrot [ more ] [ reply ] [CLA-2005:925] Conectiva Security Announcement - evolution 2005-02-16 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : evolution SUMMARY : Fix for Evolution vulnera [ more ] [ reply ] [Full Disclosure] Using DHTML XSS to launch HHCTRL exploit 2005-02-16 Valentin Avram (vavram gecadnet ro) [Full Disclosure] Using DHTML XSS to launch HHCTRL exploit GeCAD NET Security Advisory 2005.02.16 Original notice (requires authentication): http://www.gecadnet.ro/windows/?AID=1414 February 16th 2005 1. Past Events On January 20th 2005, GeCAD NET released a security advisory warning that the exp [ more ] [ reply ] RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185 2005-02-15 Randal, Phil (prandal herefordshire gov uk) KB887742: "A computer that is running Microsoft Windows XP Service Pack 2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft Windows Server 2003 unexpectedly stops. Additionally, the following Stop error message appears on a blue screen: Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)". Th [ more ] [ reply ] XSS in MySpace.com RuWeb.net and Primus.com 2005-02-15 Chris (cdp2906 gamma2 uta edu) I keep seeing more people submitting XSS vulns on particular sites so I decided to submit the ones I'd found. MySpace.com: XSS exists in MySpace search fields. Some fields are protected but the profiles search field is not. query: ">;<script>alert(document.cookie);</script> RuWeb.n [ more ] [ reply ] RE: eBay Account Phishing with eBay Redirect 2005-02-15 Israel Torres (ITorres litronic com) Actually Steven's example is supposed to be: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&D omainUrl=http://www.website.com note the http:// prefix following the RedirectToDomain&DomainUrl= As of Tuesday Feb 15 7am PST it still works (both examples). PS Steven, For the " [ more ] [ reply ] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185 2005-02-15 Threlkeld, Richard (richardt qualcomm com) These are not security updates. KB887742 is for a stop error (http://support.microsoft.com/kb/887742) and KB886185 is an update for network scope on the Windows Firewall (http://support.microsoft.com/default.aspx?scid=kb;en-us;886185) . The MBSA scans for Security Updates only, not every hotfix e [ more ] [ reply ] Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? 2005-02-15 Jeffrey Wilkinson (jwilkins bedrox com) Nonetheless, each of these causes AWstats to disclose the full path to the AWstats installation, regardless if *nix or Windows. That alone is enough for concern. At 08:52 PM 2/15/2005 +0100, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >It seems this bug works only on my server, [ more ] [ reply ] |
|
Privacy Statement |
in MySQL databases. Zk
[ more ] [ reply ]