|
|
Colapse all |
Post message
HTTP Response Splitting Vulnerability in Wordpress 1.2 2004-10-06 Chaotic Evil (chaoticevil spyring com) [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access 2004-10-07 joey infodrom org (Martin Schulze) [HV-HIGH] MS Word multiple exceptions, at least one exploitable 2004-10-06 vuln hexview com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MS Word multiple exceptions, at least one exploitable. Classification: =============== Level: low-MED-[high]-crit ID: HEXVIEW*2004*10*06*1 Overview: ========= MS Word is a highly overrated and widely used text processor, a part of monstrous collection [ more ] [ reply ] New Microsoft Security Response Center PGP Key [pgp] 2004-10-05 Microsoft Security Response Center (secure microsoft com) Hello! The Microsoft Security Response Center has generated a new PGP key. We use this key to sign all security bulletin notifications and encourage others to use this key when sending sensitive information to us. Our new key is available at: - https://www.microsoft.com/technet/security/bullet [ more ] [ reply ] Patch available for high risk flaws in the AtHoc Toolbar 2004-10-06 NGSSoftware Insight Security Research (nisr nextgenss com) Mark Litchfield and John Heasman of NGSSoftware have discovered two high risk vulnerabilities in the AtHoc Toolbar. The AtHoc toolbar is a plugin for Microsoft's Internet Explorer. The toolbar is redistributed to users of eBay Accenture ThomasRegister ThomasRegional Juniper Networks WiredNews CarF [ more ] [ reply ] Re: Multiple vulnerabilities in BlackBoard 2004-10-06 Yves Goergen (contact unclassified de) In-Reply-To: <20041006105643.22566.qmail (at) www.securityfocus (dot) com [email concealed]> Hello Xiaofeng, I'm new to this site so I don't know if it's use to not inform the programme author before publishing security related information. Anyway, there's a patch available for this problem for some minutes now. You can [ more ] [ reply ] [SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service 2004-10-06 joey infodrom org (Martin Schulze) MDKSA-2004:105 - Updated xine-lib packages fix multiple vulnerabilities 2004-10-06 Mandrake Linux Security Team (security linux-mandrake com) CodeCon 2005 Call for Papers 2004-10-06 Len Sassaman (rabbi abditum com) CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All present [ more ] [ reply ] Re: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability 2004-10-06 3APA3A (3APA3A SECURITY NNOV RU) Dear idlabs-advisories (at) idefense (dot) com [email concealed], This vuilnerability for Symantec was reported in February, 2003 by 3APA3A (for Kaspersky Antivirus) http://www.security.nnov.ru/search/document.asp?docid=4061 and by James C Slora Jr for Symantec (with a copy to Bugtraq moderator, his message was publis [ more ] [ reply ] [ GLSA 200410-04 ] PHP: Memory disclosure and arbitrary location file upload 2004-10-06 Dan Margolis (krispykringle gentoo org) SUSE Security Announcement: mozilla (SUSE-SA:2004:036) 2004-10-06 krahmer suse de (Sebastian Krahmer) [SECURITY] [DSA 559-1] New net-acct packages fix insecure temporary file creation 2004-10-06 joey infodrom org (Martin Schulze) Patch available for multiple high risk vulnerabilities in RealPlayer 2004-10-06 NGSSoftware Insight Security Research (nisr nextgenss com) John Heasman of NGSSoftware has discovered multiple high risk vulnerabilities in RealPlayer. Versions affected include RealPlayer 10.5 (6.0.12.1040) RealPlayer 10.5 Beta (6.0.12.1016) RealPlayer 10 RealOne Player v1, v2 RealPlayer 8 RealPlayer Enterprise The flaws, that include remotely exploit [ more ] [ reply ] GDI+ JPEG exploit 2004-10-06 albatross tim it The SANS is warning to a JPEG image with MS04-028 overflow that downloads and executes a jpeg.exe file. The program modifies the registry and installs in autorun. It notifies the compromise to an IRC server and waits for commands. http://isc.sans.org/diary.php?date=2004-10-05 albatross [ more ] [ reply ] [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal 2004-10-06 Alexander Antipov (antipov SecurityLab ru) Title: [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal Date: 28.09.2004 Severity: Low Application: DCP-Portal, dcp-portal Platform: PHP I. DESCRIPTION -------------- Multiple vulnerabilities were found in DCP-Portal. A remote user can conduct cross-site scripting attacks an [ more ] [ reply ] Full path disclosure and sql injection on CubeCart 2.0.1 2004-10-06 Pedro Sanches (pedro_sanches sapo pt) -------------------------------------------------------- Full path disclosure and sql injection on CubeCart 2.0.1 -------------------------------------------------------- [1]Introduction [2]The Problem [3]The Solution [4]Timeline [5]Feddback ############################################ [ more ] [ reply ] Re: Full path disclosure in PHP Links - more 2004-10-05 LSS Security (exposed lss hr) In-Reply-To: <20041003143325.23880.qmail (at) www.securityfocus (dot) com [email concealed]> Hi, This is also a php inclusion bug. You can include any .php script on remote system with "PHP Links". Request like this will include script "execute.php" in "/some/some" directory: www.site.com/phplinks/index.php?show=../ [ more ] [ reply ] ERRATA: Potential Arbitrary File Access (CAN-2004-0815) 2004-10-05 Gerald (Jerry) Carter (jerry samba org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ERRATA - ------ The original announcement for the Samba vulnerability identified by CAN-2004-0815 reported that Samba versions 3.0.0 - 3.0.5 inclusive were subject the remote file access bug. Later research has confirmed that *only* Samba 3.0.x <= 3.0 [ more ] [ reply ] [MAXPATROL Security Advisories] Cross site scripting in Invision Power Board 2004-10-05 Alexander Antipov (Antipov SecurityLab ru) [MAXPATROL Security Advisories] Cross site scripting in Invision Power Board Date: 5.10.2004 Severity: Low Application: Invision Power Board v2.0.0 Platform: PHP I. DESCRIPTION An input validation vulnerability was found in Invision Power Board. A remote user can conduct Cross site scripting [ more ] [ reply ] Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bug 2004-10-05 Bipin Gautam (visitbipin hotmail com) |
|
Privacy Statement |
AUTHOR: Chaotic Evil (chaoticevil $$$at$$$ spyring $$$dot$$$ com)
DATE: October 6th, 2004
PRODUCT: WordPress 1.2 (wordpress.org)
FROM THE VENDOR WEBSITE:
WordPress is a state-of-the-art semantic personal
publishing platform with a focu
[ more ] [ reply ]