|
|
Colapse all |
Post message
STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard 2005-01-03 advisory stgsecurity com STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard. Revision 1.0 Date Published: 2004-12-24 (KST) Last Update: 2005-01-03 Disclosed by SSR Team (advisory (at) stgsecurity (dot) com [email concealed]) Summary ======== GNUBoard is one of widely used web BBS applic [ more ] [ reply ] Multiple Vulnerabilities in FlatNuke 2005-01-02 Pierquinto Manco (pierquinto gmail com) ************************************************************* * CODEBUG Labs * Advisory #6 * Title: Multiple Vulnerabilities in Flat-nuke * Author: Pierquinto 'Mantra' Manco * English Version: David 'hanska' Paleino * Product: Flat-Nuke 2.5.1 * Type: Multiple Vulnerabilities * Web: http:// [ more ] [ reply ] Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser 2005-01-03 Peter Kruse (kruse krusesecurity dk) CSIS Security Advisory: [CSIS2005-1) Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser Date Published: 3rd of January 2005 Product description: GFI MailEssentials for Exchange/SMTP offers spam protection and email management at server level. GFI MailEssentials offers a fast s [ more ] [ reply ] [SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files 2005-01-03 joey infodrom org (Martin Schulze) Two Vulnerabilities in ViewCVS 2005-01-01 Joxean Koret (joxeankoret yahoo es) ------------------------------------------------------------------------ --- Two Vulnerabilities in ViewCVS ------------------------------------------------------------------------ --- Author: Jose Antonio Coret (Joxean Koret) Date: 2004 Location: Basque Country ---------------------- [ more ] [ reply ] Cross Site Scripting Vulnerabilities and Possible Code Executionin SugarCRM 2005-01-01 Joxean Koret (joxeankoret yahoo es) ------------------------------------------------------------------------ ---- Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM ------------------------------------------------------------------------ ---- Author: Jose Antonio Coret (Joxean Koret) Date: 2004 Location: Basq [ more ] [ reply ] Various Vulnerabilities in OWL Intranet Engine 2005-01-01 Joxean Koret (joxeankoret yahoo es) ------------------------------------------------------------------------ ---- Various Vulnerabilities in OWL Intranet Engine ------------------------------------------------------------------------ ---- Author: Jose Antonio Coret (Joxean Koret) Date: 2004 Location: Basque Country --- [ more ] [ reply ] 7a69Adv#17 - Internet Explorer FTP download path disclosure 2004-12-30 Albert Puigsech Galicia (ripe 7a69ezine org) <NOTE FOR BUGTRAQ MODERATOR> Excuseme if you have recibed this mail reapeated, but I had some problems on my mail server some days ago, and I have sent this mail 3 or 4 times. Sorry :) Delete this note to post to the list. Thank's you. </NOTE FOR BUGTRAQ MODERATOR> - ------------------------- [ more ] [ reply ] Windows LoadImage API Heapoverflow exploit 2005-01-01 Berend-Jan Wever (skylined edup tudelft nl) Has anybody else tested flashsky's exploit ? I've tried to exploit this vuln on win2ksp4 MSIE 6.0sp1 but in my findings it is very unreliable: The different threads running in IE make it allmost impossible to determine what Heap API call will first run into an overwritting heap header block (HeapAll [ more ] [ reply ] Windows Media files allow opening any url in Internet Explorer 2005-01-01 Berend-Jan Wever (skylined edup tudelft nl) PC World has published an interesting article: http://www.pcworld.com/news/article/0,aid,119016,00.asp Short version: The Digital Rights Management for Windows Media files allows opening arbitrary urls in Internet Explorer. Impact: MSIE browser vulnerabilities can now be exploited through wma file [ more ] [ reply ] WHM AutoPilot Security Release [ Plus Upgrade Instructions ] 2004-12-31 GulfTech Security (security gulftech org) The owner and lead developer of the software Mr Brandee Diggs would like me to inform the masses that a new version of WHM AutoPilot is out and resolves the critical WHM AutoPilot security issues. Below are specific details given by Mr Diggs on how to upgrade your installation. Great job by the deve [ more ] [ reply ] Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge) 2004-12-31 beniwiedmer tiscali ch Wird einer B-420 Ethernet Bridge folgende URL übergeben startet sie neu. http://<IP>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>top.location.p athname = ""</script> Wird das ganze noch einmal wiederholt startet sie nicht mehr neu, sondern hängt einfach bzw. nimmt keine Anforderungen mehr entgege [ more ] [ reply ] [SECURITY] [DSA 621-1] New CUPS packages fix arbitrary code execution 2004-12-31 joey infodrom org (Martin Schulze) ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks 2004-12-31 steven lovebug org Vendor: ArGoSoft Date: December 31, 2004 Issue: ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks URL: http://www.argosoft.com/ftpserver/ Advisory: http://www.lovebug.org/argosoft_advisory.txt Program Overview: ArGoSoft FTP Server is a lightweight FTP Ser [ more ] [ reply ] SQL Injection Vulnerability In IBProArcade 2004-12-31 mike bailey (mike ub3r net) A flaw exists in the high scores module of IbProArcade which allows malicious SQL Code to be executed on the database the board & arcade use. Demo: http://www.ibproarcade.com/index.php?act=Arcade&do=stats&gameid=104FOO Fix this vuln by following the following directions... open your sourc [ more ] [ reply ] Bluetooth: BlueSnarf and BlueBug Full Disclusore 2004-12-31 Adam Laurie (adam laurie thebunker net) BlueSnarf, BlueBug & HeloMoto Full Disclosure, December 2004 ------------------------------------------------------------ In November 2003, various vulnerabilities on Bluetooth enabled mobile phones emerged, as published here: http://www.thebunker.net/security/bluetooth.htm Details of the att [ more ] [ reply ] [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC 2004-12-30 houseofdabus HOD (houseofdabus inbox ru) (1 replies) ---snip--- /* HOD-ms04031-netdde-expl.c: 2004-12-30: PUBLIC v.0.2 * * Copyright (c) 2004 houseofdabus. * * (MS04-031) NetDDE buffer overflow vulnerability PoC * * * * * .::[ houseofdabus ]::. * * * * (special unstable versio [ more ] [ reply ] Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC 2004-12-31 Alberto Garcia Hierro (tcpdevil linuxlover org) (1 replies) Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC 2004-12-31 Steve Friedl (steve unixwiz net) MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities 2004-12-30 Mandrake Linux Security Team (security linux-mandrake com) Re: Multiple Vulnerabilities in Moodle 2004-12-30 Martin Dougiamas (martin moodle com) In-Reply-To: <20041227194544.6255.qmail (at) www.securityfocus (dot) com [email concealed]> >Session File Disclosure vulnerability is patched in version 1.4.3. >Cross Site Scripting vulnerability will be patched probably in >version 1.5. In fact both of these were fixed in 1.4.3 (the currently available release). [ more ] [ reply ] MDKSA-2004:162 - Updated gpdf packages fix buffer overflow vulnerability 2004-12-30 Mandrake Linux Security Team (security linux-mandrake com) Re: Strange Java Loader (not so strange - Trojan.ByteVerify) 2004-12-31 K-OTiK Security (Special-Alerts k-otik com) In-Reply-To: <116798078.20041230073423 (at) gmx (dot) net [email concealed]> >so far, anyone knows how to protect from this crap? Update your Windows and your antivirus software ! this attack is known as "Trojan.ByteVerify". It exploits the "Internet Explorer/Outlook CHM File Processing Arbitrary Code Execution Vulnerabi [ more ] [ reply ] MDKSA-2004:165 - Updated koffice packages fix multiple vulnerabilities 2004-12-30 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:163 - Updated kdegraphics packages fix buffer overflow vulnerability 2004-12-30 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerability 2004-12-30 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability 2004-12-30 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 619-1] New xpdf packages fix arbitrary code execution 2004-12-30 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
Multiple Firewall Products Bypass Vulnerability
-------------------------------------------------------------------
Online URL : http://ferruh.mavituna.com/article/?769
Download POC : http://ferruh.mavituna.com/opensource/firewall
[ more ] [ reply ]