|
|
Colapse all |
Post message
[SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities 2004-12-17 chewkeong security org sg [ GLSA 200412-11 ] Cscope: Insecure creation of temporary files 2004-12-16 Luke Macken (lewk gentoo org) [OpenPKG-SA-2004.053] OpenPKG Security Advisory (php) 2004-12-16 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Discussion: Microsoft(R) PowerPoint ?Action Settings? feature allows invocation of default browser pointed at arbitrary URL. 2004-12-16 Monte Ratzlaff (advisories rinfosystems com) Discussion: Microsoft(R) PowerPoint ?Action Settings? feature allows invocation of default browser pointed at arbitrary URL. PowerPoint version tested: 2002 with SP3. Reason for discussion: For business reasons Microsoft(R) PowerPoint (ppt) files are allowed attachments in most enterprise ema [ more ] [ reply ] Hotmail Cross-Site Scripting Vulnerability #1 2004-12-16 Rafel Ivgi, The-Insider (theinsider 012 net il) Finjan Security Advisory ================= Hotmail Cross-Site Scripting Vulnerability #1 Introduction ------------ Finjan has discovered a script injection vulnerability in Hotmail that allows a remote attacker to execute malicious scripts when the victim is reading his/her mail. Technical Descr [ more ] [ reply ] Hotmail Cross-Site Scripting Vulnerability #2 2004-12-16 Rafel Ivgi, The-Insider (theinsider 012 net il) Finjan Security Advisory ================= Hotmail Cross Site Scripting Vulnerability #2 Introduction ------------ Finjan has discovered a script injection vulnerability in Hotmail that allows a remote attacker to execute malicious scripts when the victim is reading his/her email. Technical Desc [ more ] [ reply ] iDEFENSE Security Advisory 12.16.04: MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability 2004-12-16 iDEFENSE Security Advisory (customerservice idefense com) MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability iDEFENSE Security Advisory 12.16.04 http://www.idefense.com/application/poi/display?id=168 December 16, 2004 I. BACKGROUND MPlayer is a movie player for Linux that also runs on many other Unices, and non- x86 CPUs. It plays most MPEG, VOB [ more ] [ reply ] Yahoo! Mail Cross-Site Scripting Vulnerability 2004-12-16 Rafel Ivgi, The-Insider (theinsider 012 net il) Finjan Security Advisory ================= Yahoo! Mail Cross-Site Scripting Vulnerability Introduction ------------ Finjan has discovered a script injection vulnerability in Yahoo! Mail that allows a remote attacker to execute malicious scripts when the victim is reading his/her mail. Technical [ more ] [ reply ] iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow Vulnerability 2004-12-16 iDEFENSE Security Advisory (customerservice idefense com) MPlayer MMST Streaming Stack Overflow Vulnerability iDEFENSE Security Advisory 12.16.04 http://www.idefense.com/application/poi/display?id=167 December 16, 2004 I. BACKGROUND MPlayer is a movie player for Linux that also runs on many other Unices, and non- x86 CPUs. It plays most MPEG, VOB, AVI, [ more ] [ reply ] [USN-40-1] PHP vulnerabilities 2004-12-16 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-40-1 December 16, 2004 php4 vulnerabilities CAN-2004-1019, CAN-2004-1065 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty [ more ] [ reply ] [USN-39-1] Linux amd64 kernel vulnerability 2004-12-16 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-39-1 December 16, 2004 linux-source-2.6.8.1 vulnerability CAN-2004-1074, USN-30-1 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.1 [ more ] [ reply ] iDEFENSE Security Advisory 12.16.04: MPlayer Remote RTSP HeapOverflow Vulnerability 2004-12-16 iDEFENSE Security Advisory (customerservice idefense com) MPlayer Remote RTSP Heap Overflow Vulnerability iDEFENSE Security Advisory 12.16.04 http://www.idefense.com/application/poi/display?id=166 December 16, 2004 I. BACKGROUND MPlayer is a movie player for Linux that also runs on many other Unices, and non- x86 CPUs. It plays most MPEG, VOB, AVI, Ogg [ more ] [ reply ] iDEFENSE Security Advisory 12.16.04: Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability 2004-12-16 iDEFENSE Security Advisory (customerservice idefense com) Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability iDEFENSE Security Advisory 12.16.04 http://www.idefense.com/application/poi/display?id=169 December 16, 2004 I. BACKGROUND Backup Exec is a next generation backup and restore solution for Microsoft Windows server [ more ] [ reply ] iDEFENSE Security Advisory 12.16.04: Samba smbd Security Descriptor Integer Overflow Vulnerability 2004-12-16 iDEFENSE Security Advisory (customerservice idefense com) Samba smbd Security Descriptor Integer Overflow Vulnerability iDEFENSE Security Advisory 12.16.04 http://www.idefense.com/application/poi/display?id=165 December 16, 2004 I. BACKGROUND Samba is an open source implementation of the SMB/CIFS protocol which allows Windows clients to use resources on [ more ] [ reply ] DJB's students release 44 *nix software vulnerability advisories 2004-12-16 Thor Larholm (thor pivx com) Widely deployed open source software is commonly believed to contain fewer security vulnerabilities than similar closed source software due to the possibility of unrestricted third party source code auditing. Predictably, most users of open source software do not invest a significant amount of time [ more ] [ reply ] Multiple XSS Vulnerabilities in Wordpress 1.2.1 2004-12-16 Thomas Waldegger (bugtraq morph3us org) Vendor : Wordpress URL : http://wordpress.org/ Version: Wordpress 1.2.1 Risk: : XSS * Description WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. [...] Visit http://wordpress.org/ for detailed informati [ more ] [ reply ] STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWiki 2004-12-16 advisory stgsecurity com STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWiki Revision 1.0 Date Published: 2004-12-15 (KST) Last Update: 2004-12-15 (KST) Disclosed by SSR Team (advisory (at) stgsecurity (dot) com [email concealed]) Summary ======== MediaWiki is one of famous wiki [ more ] [ reply ] [MaxPatrol] SQL-injection in Ikonboard 3.1.x 2004-12-16 Alexander Anisimov (anisimov ptsecurity com) [SAMBA] CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9 2004-12-16 Gerald Carter (jerry samba org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Possible remote code execution == CVE ID#: CAN-2004-1154 == == Versions: Samba 2.x & 3.0.x <= 3.0.9 == == Summary: A potential integer overflow when == unmarshalling specific M [ more ] [ reply ] STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files with multiple extensions in phpBB Attachment Mod 2004-12-16 advisory stgsecurity com STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files with multiple extensions in phpBB Attachment Mod Revision 1.1 Date Published: 2004-12-15 (KST) Last Update: 2004-12-15 Disclosed by SSR Team (advisory (at) stgsecurity (dot) com [email concealed]) Summary ======== phpBB Attachment Mod is fil [ more ] [ reply ] iDEFENSE Security Advisory 12.15.04: Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability 2004-12-15 customer service mailbox (customerservice idefense com) Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability iDEFENSE Security Advisory 12.15.04 http://www.idefense.com/application/poi/display?id=164 December 15, 2004 I. BACKGROUND Computer Associates eTrust EZ Antivirus is antivirus protection software for home and business [ more ] [ reply ] STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard 2004-12-16 advisory stgsecurity com (1 replies) STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard Revision 1.0 Date Published: 2004-12-15 (KST) Last Update: 2004-12-15 Disclosed by SSR Team (advisory (at) stgsecurity (dot) com [email concealed]) Summary ======== JSBoard is one of widely used web BBS ap [ more ] [ reply ] RE: STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard 2004-12-16 Richard Stanway (bugtraq secur1ty net) RE: CSS in phpBB 1.4.4 2004-12-15 Paul Owen (paul ettanet com) > phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack. > > [Vulnerable] > > You can put vbscript in [img] bbcode tags. > For example: > > [img]vbscript: alert(document.cookie)[/img] phpBB 1.x hasn't been supported for over two years. All users of phpBB 1.x have been long advised to switch [ more ] [ reply ] MDKSA-2004:150 - Updated kdelibs and kdebase packages fix vulnerability 2004-12-15 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
SIG^2 Vulnerability Research Advisory
singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities
by Tan Chew Keong
Release Date: 16 Dec 2004
ADVISORY URL
http://www.security.org.sg/vuln/singapore0910.html
SUMMARY
singapore (http://singapore.sourceforge.net/) is y
[ more ] [ reply ]