Stefan Esser wrote:
The bug is a binary safety issue in html_entity_decode. A function that
is not usually used on user input, because user input is usually not
expected in HTML format and then decoded. Even if the function is used
on user input it can only leak memory to a potential attacker
http://www.example.com/include.php?path=login/login.phperror=scriptalert(document.Cookie)/script
Discovered by BadNet
In gmane.comp.security.bugtraq, you wrote:
On Tue, Mar 28, 2006 at 01:19:34AM +0200, Moritz Muehlenhoff wrote:
If you use code, which is derived from a vulnerable lex grammar in
an untrusted environment you need to regenerate your scanner with the
fixed version of flex.
Do any Debian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Enova hardware encryption: False sense of security
Classification:
===
Level: Informational
ID: HEXVIEW*2006*03*28*1
URL: http://www.hexview.com/docs/20060328-1.txt
Overview:
=
Enova Technology is a manufacturer of the X-Wall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[xfocus-SD-060329]MPlayer: Multiple integer overflows
MPlayer is a media player capable of handling multiple multimedia file
formats.
XFOCUS team (http://www.xfocus.org/) had discovered
Multiple integer overflows .Those can lead to a
New eVuln Advisory:
Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection
http://evuln.com/vulns/105/summary.html
Summary
eVuln ID: EV0105
CVE: CVE-2006-1328
Software: Skull-Splitter's PHP Downloadcounter for Wallpapers
Sowtware's Web Site:
My phpBB is 2.06, however, when I implement the script to test the
vulnerability of my site, there is no result coming out, is that means that my
website is OK?
Besides, what do we need to change of the value of these serizable string in
order to make it work?
What is the difference between
[+]PhxContacts
[+]website of software:http://www.phoetux.net/
[+]founded by Morocco Security Team
[+]special 10x to:all friends ww.lezr.com www.cim-team.org
[+]xss
[+]http://[target]/login.php?m=[xss]
[+]SQL
[+]http://[target]/carnet.php?view_cat=all_lines=truemotclef=[sql]
Tõnu Samuel wrote:
Nice! I was really nervous already as I got bombed with e-mails and I
really did not knew much more than was discovered. Meanwhile I am bit
disappointed that we had nearly month such a bug in wild and software
distributors like SuSE in my case did not published patches. I
Bugtraq @ SNSecurity wrote:
Quick Summary:
Product : Movilnet's Web SMS.
Version : In-production versions.
Vendor : Movilnet - http://www.movilnet.com.ve/
Class : Remote
Criticality : High
Operating System(s) : N/A.
I very much doubt there are many applications at all containing code
like this. It is illogical to be decoding html entities from user
input. Therefore I would not call this a very serious problem and
certainly not a critical bug.
Somewhat I agree. I suspected this may affect more functions
Full path disclosure in webcalendar
Author : Rusydi Hasan M
a.k.a: cR45H3R
Location : Indonesia, Cilacap
Date : March,28th 2006
Version : 1.1.0-CVS
--- (software description)
WebCalendar is a PHP application used to maintain a
calendar for one or more persons and for a variety of
John Richard Moser [EMAIL PROTECTED] writes:
My conclusion is that the only real way to protect against this is for
bash to look for every binary in your path when you don't specify a
path; and check to see if any of those binaries is SUID. If even one
is, it should FLAT OUT IGNORE any
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
14 matches
Mail list logo