-------------------www.karchack.com--------------------------

-------------------www.karchack.net--------------------------

affected software decribtion :

asp-rider is a full farsi weblog written in asp

www.asp-rider.com

--------------------------------------

Vulnerabilities:

the file

[ more ]  [ reply ]

Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerability

iDEFENSE Security Advisory 12.14.04
www.idefense.com/application/poi/display?id=162&type=vulnerabilities
December 14, 2004

I. BACKGROUND

WordPad is a word processing application that uses the MFC rich edit
control classes. I

[ more ]  [ reply ]

______________________________________________________________________

Secure Computer Group - University of A Coruna
http://research.tic.udc.es/scg/

-- x --

dotpi.com Information Technologies Research Labs

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: postgresql
Advisory ID:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 608-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 14th, 2004

[ more ]  [ reply ]

RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability

AUTHOR:

(Fortinet, inc)

Hongzhen Zhou<felix__zhou _at_ hotmail _dot_ com>

DATE:

14/12/2004

PRODUCTS:

RICOH Aficio 450/455 PCL 5e Printer(SAVIN 9945 DPE/2045 DPE)

Other RICOH Aficio products (or Toshiba printer products?)

[ more ]  [ reply ]

______________________________________________________________________

Secure Computer Group - University of A Coruna
http://research.tic.udc.es/scg/

-- x --

dotpi.com Information Technologies Research Labs

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

<< www.ashiyane.com >>

Release by AcTiOnSpIdEr

AcTiOnSpIdEr (at) gmail (dot) com [email concealed]

Advisory Name: ASP Calendar Vulnerability

Release Date:13 December 2004

Platform:Any website using asp Calendar

Severity:no password protected !

Overview :

----------

[ more ]  [ reply ]

STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability

Revision 1.0

Date Published: 2004-12-09 (KST)

Last Update: 2004-12-09

Disclosed by SSR Team (advisory (at) stgsecurity (dot) com [email concealed])

Summary

========

UseModWiki is one of famous wiki web applications. It has a cross-site

scripti

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 609-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 14th, 2004

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: iproute2
Advisory ID:

[ more ]  [ reply ]

Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability

iDEFENSE Security Advisory 12.14.04
www.idefense.com/application/poi/display?id=161&type=vulnerabilities
December 14, 2004

I. BACKGROUND

Adobe Acrobat Reader is a program for viewing Portable Document Format
(PDF) documents.

[ more ]  [ reply ]

Author: Giovanni Delvecchio

e-mail: badpenguin (at) zone-h (dot) org [email concealed]

Original advisory: http://www.zone-h.org/en/advisories/read/id=6502/

Browsers tested:

- Firefox 1.0

- Mozilla 1.7.x

- Opera 7.54 (*)

- Konqueror 3.3.1

- Epiphany

-Internet Explorer 6 with SP1

-Internet Explorer 6 with SP1

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Synopsis: Linux kernel scm_send local DoS
Product: Linux kernel
Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9
Vendor: http://www.kernel.org/
URL: http://isec.pl/vulnerabilities/isec-0019-scm.txt
CVE: CAN-200

[ more ]  [ reply ]

In-Reply-To: <20041213213212.23F5F4F563 (at) beast.secnetops (dot) com [email concealed]>

<full-disclosure (at) lists.netsys (dot) com [email concealed]>

>Subject: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory

>Date: Mon, 13 Dec 2004 16:28:34 -0500

>Organization: Secure Network Operations, Inc.

---

[ more ]  [ reply ]

Possible local root vulnerability in Roxio Toast on Mac OS X
By fintler <fintler (at) gmail (dot) com [email concealed]>

Summary:

There is a format string bug in the binary (/Library/Application
Support/Roxio/TDIXSupport). It is installed suid root by default and
may be exploited by finding the offset and overwriting the stac

[ more ]  [ reply ]

[//-------------------------------------------------------------------]
[ CastleCops(SM) Security Advisory 14 Dec 2004 ]
[---------------------------------------------------------------------]
[ http://castlecops.com/ ]
[-----------------------------------------------------------------

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Synopsis: Linux kernel IGMP vulnerabilities
Product: Linux kernel
Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9
Vendor: http://www.kernel.org/
URL: http://isec.pl/vulnerabilities/isec-0018-igmp.txt
CVE: CAN-

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Secure Network Operations, Inc.
http://www.secnetops.com/research
Strategic Reconnaissance Team
research[at]secnetops[.]com
Team Lead Contact JxT[at]secnetops[.]com
Spam Contact

[ more ]  [ reply ]

Novacoast Security Advisory
Novell Netware 5/5.1/6.0/6.5 Vulnerability

Synopsis:
Novacoast has discovered a vulnerability in the Novell NetWare Operating
System screen saver software. The vulnerability allows a local attacker
to bypass authentication and access the system console.

Descriptio

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

WARNING: The SMB printer may have exploitable buffer overflows!!!

That's what the ./configure script on tcpdump-current warns me about
(re SMB printer). What exactly does this warning message mean?
If there are overflows, they should be fixed. If they are unfixed the
code should be removed.

If th

[ more ]  [ reply ]

Winamp 5.07 (latest version) Remote Crash.

+ vuln to cause 100% cpu usage.

13/12/04

I. BACKGROUND

Winamp is a very popular windows audio

and video player. It also has alot

of other features and is used by

millions of people across the world.

II. DESCRIPTION

VULN 1.

There

[ more ]  [ reply ]

Author: Giovanni Delvecchio
e-mail: badpenguin (at) zone-h (dot) org [email concealed]

Original Advisory: http://www.zone-h.org/advisories/read/id=6503

Tested version:
Opera 7.54 linux version with Kde 3.2.3

Problem:
=======
Opera for linux uses "kfmclient exec" as "Default Application" to handle
saved files.
This could be

[ more ]  [ reply ]