|
|
Colapse all |
Post message
[AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation 2005-01-10 Team SHATTER (Application Security, Inc.) (vrathod appsecinc com) Microsoft Windows Improper Token Validation AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/general/06-0001.html January 10, 2005 Credit: This vulnerability was discovered and researched by Cesar Cerrudo of Application Security, Inc. Risk Level: High Summary: [ more ] [ reply ] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflow 2005-01-10 Team SHATTER (Application Security, Inc.) (vrathod appsecinc com) Microsoft Windows LPC heap overflow AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/general/07-0001.html January 10, 2005 Credit: This vulnerability was discovered and researched by Cesar Cerrudo of Application Security, Inc. Risk Level: High Summary: A local [ more ] [ reply ] [SECURITY] [DSA 633-1] New bmv package fixes insecure temporary file creation 2005-01-11 joey infodrom org (Martin Schulze) EEYE: Windows ANI File Parsing Buffer Overflow 2005-01-11 Derek Soeder (dsoeder eeye com) Windows ANI File Parsing Buffer Overflow Systems Affected: Windows Me Windows 2000 Windows XP (SP1 and earlier) Windows 2003 Overview: eEye Digital Security has discovered a vulnerability in USER32.DLL's handling of Windows animated cursor (.ani) files that will allow a remote attacker to reliably [ more ] [ reply ] The Misuse of RC4 in Microsoft Word and Excel 2005-01-11 Hongjun Wu (hongjun i2r a-star edu sg) There is a serious security flaw in Microsoft Word and Excel. (To the best of my knowledge, this flaw has not been reported in public before.) The stream cipher RC4 with key length up to 128 bits is used in Microsoft Word and Excel to encrypt the documents. But when an encrypted document gets [ more ] [ reply ] applicable exploit for winxp-sp2-uptodate Internet Explorer 2005-01-11 Liu Die Yu (liudieyu umbrella name) patch will come in hours(at least i believe so). many people(paul of greyhats and mike, sandblad of secunia and shreddersub7) already provided proof-of-concept remote-code-execution exploit for winxp-sp2-uptodate Internet Explorer. the problem is: their code is simply not applicable in real [ more ] [ reply ] UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG) 2005-01-11 Liu Die Yu (liudieyu umbrella name) the insider exploit( = the latest ie 0day involving SHOWMODALDIALOG) was verified to work on winxp-en-pro-sp1-ms04004(MS04-004 = Q832894 = KB832894), but it does not work on winxp-en-pro-sp1-noextrapatch. jelmer's exploit is not perfect: URLs are hardcoded, and JSP is not popular. so i made thi [ more ] [ reply ] Multi-vendor AV gateway image inspection bypass vulnerability 2005-01-11 Darren Bounds (lists intrusense com) Multi-vendor AV gateway image inspection bypass vulnerability January 10, 2005 A vulnerability has been discovered which allows a remote attacker to bypass anti-virus (as well other security technologies such as IDS and IPS) inspection of HTTP image content. By leveraging techniques described [ more ] [ reply ] HylaFAX hfaxd unauthorized login vulnerability 2005-01-11 Lee Howard (faxguy howardsilvan com) HylaFAX security advisory 11 Jan 2005 Subject: HylaFAX hfaxd unauthorized login vulnerability Introduction: HylaFAX is a mature (est. 1991) enterprise-class open-source software package for sending and receiving facsimiles as well as for sending alpha-numeric pages. It runs on a wide variety of [ more ] [ reply ] [SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access 2005-01-11 joey infodrom org (Martin Schulze) [ GLSA 200501-18 ] KDE FTP KIOslave: Command injection 2005-01-11 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included Xpdf 2005-01-11 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200501-16 ] Konqueror: Java sandbox vulnerabilities 2005-01-11 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution 2005-01-10 joey infodrom org (Martin Schulze) [SECURITY] [DSA 632-1] New linpopup packages fix arbitrary code execution 2005-01-10 joey infodrom org (Martin Schulze) SUSE Security Announcement: libtiff/tiff (SUSE-SA:2005:001) 2005-01-10 Thomas Biege (thomas suse de) [SECURITY] [DSA 630-1] New lintian packages fix insecure temporary directory 2005-01-10 joey infodrom org (Martin Schulze) SQL Injection Vulnerability in Invision Community Blog 2005-01-09 darkhawk matrix (darkhawk matrix gmail com) Invision Community Blog <http://www.invisionblog.com/>, is a powerful blogging system that will plug straight into your Invision Power Board. Allow your members to create their own individual blogs. Invision Community Blog is a comprehensive system with a very easy to use interface. Due to im [ more ] [ reply ] [ GLSA 200501-12 ] TikiWiki: Arbitrary command execution 2005-01-10 Matthias Geerdsen (vorlon gentoo org) Security Advisory: Woltlab Burning Board Lite formmail.php XSS 2005-01-08 Martin Heistermann (martin heistermann web de) iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server() Buffer Overflow Vulnerability 2005-01-07 customer service mailbox (customerservice idefense com) Exim auth_spa_server() Buffer Overflow Vulnerability iDEFENSE Security Advisory [IDEF0731] www.idefense.com/application/poi/display?id=178&type=vulnerabilities January 07, 2004 I. BACKGROUND Exim is a message transfer agent developed for use on Unix systems. More information is available at: [ more ] [ reply ] iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability 2005-01-07 customer service mailbox (customerservice idefense com) Exim host_aton() Buffer Overflow Vulnerability iDEFENSE Security Advisory [IDEF0725] http://www.idefense.com/application/poi/display?type=vulnerabilities January 07, 2005 I. BACKGROUND Exim is a message transfer agent developed for use on Unix systems. More information is available at: http:/ [ more ] [ reply ] Troj/Winser-A malware analysis 2005-01-07 Steve Friedl (steve unixwiz net) Hello again, all, Several days ago, Lawrence Baldwin of myNetWatchman.com captured the WINS exploit Trojan that's running around the internet right now, and I've been digging in with some gusto. It's not really a worm, but it does have an "autohack" mode and a botnet capability, so it's something [ more ] [ reply ] Linux kernel uselib() privilege elevation, corrected 2005-01-07 Paul Starzetz (ihaquer isec pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, first of all I must comply about the handling of this vulnerability that I reported to vendorsec. Obviously my code posted there has been stolen and plagiarized in order to put the blame on Stefan Esser from Ematters and disturb the security [ more ] [ reply ] [SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code execution 2005-01-07 joey infodrom org (Martin Schulze) Simple PHP Blog directory traversal vulnerability 2005-01-07 Madelman (madelman iname com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Simple PHP Blog directory traversal vulnerability Vulnerability discovery: Madelman <madelman AT iname.com> Date: 02/01/2005 Severity: Moderate Summary: - -------- I started this project because I wanted a dead-simple blog. Something that didn [ more ] [ reply ] |
|
Privacy Statement |
Using javascript it is possible to spoof the content of security and
download dialogs by partly covering them with a popup window. This can fool
a user to download and automaticly execute a file (if a file extension
association exists) or to grant a script local data access (if codebas
[ more ] [ reply ]