|
|
Colapse all |
Post message
[SECURITY] [DSA 228-1] New libmcrypt packages fix buffer overflows and memory leak 2003-01-14 joey infodrom org (Martin Schulze) Cyboards Remote Code Execution 2003-01-13 mindwarper hush com Cyboards PHP Lite Vulnerability ( By Mindwarper :: mindwarper (at) hush (dot) com [email concealed] :: ) <------- -------> ---------------------- Vendor Information: ---------------------- Homepage : http://www.gold-sonata.com Vendor : informed Mailed advisory: 13/01/03 Vender Response : None yet (possibly because they ha [ more ] [ reply ] CERT Advisory CA-2003-01 Buffer Overflows in ISC DHCPD Minires Library (fwd) 2003-01-15 Dave Ahmad (da securityfocus com) Microsoft-ds xploit (UDP/TCP)... 2003-01-13 Daniel Nyström (exce netwinder nu) Hello :) This is an DoS exploit that utilizes the flaw found by KPMG Denmark, to crasch or hang any Win2k box running the LanMan server on port 445 (ms-ds). What it does is just a simple 10k NULL string bombardment of port 445 TCP or UDP. By: Daniel Nystrom <exce (at) netwinder (dot) nu [email concealed]> Download: h [ more ] [ reply ] Multiple Vulnerabilties In PHPLinks 2003-01-16 JeiAr (jeiar kmfms com) phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multilevel site categorization, infinite threaded search capabilities and more. phpLinks is very simple to setup There lies a fault in the include/add.php script [ more ] [ reply ] phpPass (PHP) 2003-01-13 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Version : 2 Website : http://www.agames-net.com Problem : SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° accesscontrol.php : ------------------------------------------------ [...] session_register("uid"); session_register("pwd"); [...] $sql = "SELECT * FROM use [ more ] [ reply ] phpBB SQL Injection vulnerability 2003-01-17 Ulf Harnhammar (ulfh update uu se) phpBB SQL Injection vulnerability PROGRAM: phpBB VENDOR: phpBB Group HOMEPAGE: http://www.phpbb.com/ VULNERABLE VERSIONS: 2.0.3, possibly others IMMUNE VERSIONS: 2.0.4 LOGIN REQUIRED: yes DESCRIPTION: "phpBB is a UBB-style dissussion board written in PHP backended by a MySQL database. It includ [ more ] [ reply ] Re: NIS 2003 crash 2003-01-17 Sym Security (symsecurity symantec com) On January 11, 2003 Pavel P. reported the following regarding Norton Internet Security 2003: ---------------snip-------------------------- Subject: NIS 2003 crash NIS2003 - I have WinXP Pro with SP1 and Norton Internet Security installed on my machine. When I ping my machine with the following pa [ more ] [ reply ] CuteFTP 5.0 XP, Buffer Overflow 2003-01-18 Lance Fitz-Herbert (fitzies hotmail com) Advisory 07: ------------ Buffer Overflow In CuteFTP 5.0 XP Discovered: ----------- By Me, Lance Fitz-Herbert (aka phrizer). September 4th, 2002 Vulnerable Applications: ------------------------ Tested On CuteFTP 5.0 XP, build 50.6.10.2 Others could be vulnerable... Impact: ------- Medium, Thi [ more ] [ reply ] [OpenPKG-SA-2003.002] OpenPKG Security Advisory (dhcpd) 2003-01-16 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [SECURITY] [DSA 231-1] New dhcp3 packages fix arbitrary code execution 2003-01-17 joey infodrom org (Martin Schulze) RE: Opentype font file causes Windows to restart. 2003-01-16 Armstrong, Richard (RICHARD ARMSTRONG ca com) Once you have the font installed on the target machine I have demonstrated on WinXP SP1 with Outlook 2002 you simply have to send an email with some text formatted with the restarter.otf font and the machine will reboot once you scroll down to that part of the message either through opening it or vi [ more ] [ reply ] Security Update: [CSSA-2003.003.0] Linux: wget directory traversal and buffer overrun vulnerabilities 2003-01-16 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists (dot) nets [email concealed]ys ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: wget directory traversal and buffer overrun vulnerabilit [ more ] [ reply ] Outreach Project Tool 2003-01-16 Martin Eiszner (martin websec org) to the list, 2003/01/16 @mei (at) websec (dot) org [email concealed] ===================================== Outreach Project Tool ===================================== Product: O.P.T (Version opt_0.946b / Earlier versions may be vulnerable too) Vendor: Lanifex (http://www.lanifex.com/business/business_en/products/815.html) [ more ] [ reply ] NIS 2003 2003-01-11 Pavel P. (camecek seznam cz) I have encountered serious problem with Norton Internet Security 2003. when I ping my machine with command: "ping MyIP -l 65500" I get blue screen error. This happens every time, even after reinstalling NIS. The problem appears to be in Intrusion Detection. Does anyone have similar problem [ more ] [ reply ] D-Link DWL-900AP+ Security Hole 2003-01-14 Jason Tedesco (jtedesco request com au) Overview --------- The DWL-900AP+ is a wireless access point manufactured by D-Link which is capable of speeds up to 22Mbps. With the realese of a new the new v2.5 firmware for this device comes the latest realese of the D-Link AirPlus Access Point Manager. With this tool you can upgrade the firmw [ more ] [ reply ] MDKSA-2003:006 - Updated OpenLDAP packages fix multiple vulnerabilities 2003-01-15 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 229-2] New IMP packages fix SQL injection and typo 2003-01-15 joey infodrom org (Martin Schulze) Security Update: [CSSA-2003-SCO.2] UnixWare 7.1.1 : multiple vulnerabilities in BIND (CERT CA-2002-31) 2003-01-15 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.1 : multiple vulnerabilities in BIND (CERT CA-2002-31) [ more ] [ reply ] stunnel - exploit 2003-01-15 Darell Esfandia (deltha analog ro) Hi, I attached an exploit for: http://online.securityfocus.com/bid/3748/info/ bugtraq id 3748 object class Input Validation Error cve CVE-2002-0002 remote Yes local No published Dec 22, 2001 updated Jan 17, 2002 vulnerable Stunnel Stunnel 3.20 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft [ more ] [ reply ] [OpenPKG-SA-2003.001] OpenPKG Security Advisory (png) 2003-01-15 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [RHSA-2003:001-16] Updated PostgreSQL packages fix security issues and bugs 2003-01-14 bugzilla redhat com |
|
Privacy Statement |
Informations :
°°°°°°°°°°°°°°
-----------------------
Product : vAuthenticate
Version : 2.8
-----------------------
Product : vSignup
Version : 2.1
-----------------------
Website : http://www.beanbug.net
Problem : SQL Injection
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
chgpwd.php :
---------------
[ more ] [ reply ]