Researcher fads, differences in vendor disclosure practices, and
vulnerability database editorial policies will heavily influence
vulnerability statistics, to the point where comparing them is not
very informative (at least, you're not getting the whole picture).
You also have the challenge of
===
Ubuntu Security Notice USN-313-1 July 11, 2006
openoffice.org-amd64, openoffice.org vulnerabilities
CVE-2006-2198, CVE-2006-2199, CVE-2006-3117
===
A security issue
===
Ubuntu Security Notice USN-316-1 July 12, 2006
Installer vulnerability
https://launchpad.net/bugs/48350
===
A security issue affects the following Ubuntu releases:
===
Ubuntu Security Notice USN-315-1 July 12, 2006
libmms, xine-lib vulnerabilities
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Cisco Unified CallManager
Vulnerabilities
Advisory ID: cisco-sa-20060712-cucm
http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
Revision 1.0
For Public Release 2006 July 12 1600 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory:
Cisco Router Web Setup Ships with Insecure Default IOS Configuration
Document ID: 70650
Advisory ID: cisco-sa-20060712-crws
http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml
Revision 1.0
For Public
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKA-2006:119
http://www.mandriva.com/security/
The XXS issues have been patched and will be available in the coming
maintenance release (1.5.3_pl1)
The mentioned SQL injection vulnerability is not possible. Please remove it.
=
=SQuery = 4.5(libpath) Remote File Inclusion Exploit |
|
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gerald (Jerry) Carter wrote:
==
==
== Subject: Memory exhaustion DoS against smbd
== CVE ID#: CAN-2006-1059
^^
==
== Versions:Samba Samba 3.0.1 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Intrusion Prevention System Malformed
Packet Denial of Service
Advisory ID: cisco-sa-20060712-ips
http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml
Revision 1.0
For Public Release 2006 July 12 1600
rPath Security Advisory: 2006-0128-1
Published: 2006-07-11
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
samba=/[EMAIL PROTECTED]:devel//1/3.0.23-1-0.1
samba-swat=/[EMAIL PROTECTED]:devel//1/3.0.23-1-0.1
Last friday I have posted a POC regarding the microsoft office mso.dll
boundary condition error, i have checked the code flow of mso_203 and
it was producing access violation errors which i have sent to bugtraq
and FD , microsoft's MSRC blog has been updated at
___
McAfee, Inc.
McAfee® Avert® Labs Security Advisory
Public Release Date: 2006-07-11
SMB Information Disclosure Vulnerability
CVE-2006-1315
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:117-1
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1108-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
Jul 11th, 2006
TOPo v.2.2.178 Account Reset
Author: Attila Gerendi (Darkz)
Date: July 12, 2006
Package: TOPo (http://ej3soft.ej3.net/)
Versions Affected: 2.2.178 (Other versions may also be affected.)
Severity: Password Reset
Description:
It is possible to overide an existing entry posting a new entry
##
- S21Sec Advisory -
##
Title: FatWire Content Server
ID: S21SEC-032-en
Severity: High - Administrative Privileges Escalation
On 7/4/06, Thor Larholm [EMAIL PROTECTED] wrote:
However, reading the contentDocument property of the DOM element instead
of the through the frames collection will give you a reference to the
document object inside the thirdparty domain and even allow you to
overwrite native DOM methods without
Older versions of various freely distributable programs can be found at
OldVersion.com (http://www.oldversion.com/).
--
John Rigali
Information Technology Coordinator
Verbum Dei High School
http://www.verbumdeihs.com/
Working in the Jesuit Tradition
-Original Message-
From:
Produce : Lazarus Guestbook
Website : http://carbonize.co.uk/Lazarus/
Version : = 1.6
Problem : Cross Site Scripting
1)
The first probleme is in codes-english.php ,show parameter in
lang/codes-english.php isn't properly sanitised
This can be exploited to execute arbitrary HTML and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:120
http://www.mandriva.com/security/
New CVE document
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3431
published recently confirms the information that Microsoft Excel Style handling
vulnerability aka Nanika.xls issue is a separate vulnerability.
This vulnerability mentioned affects only to Simplified Chinese,
Isn't this actually an SQL Injection rather than information leakage?
Try :
http://localhost/wordpress/index.php?paged=%27
I mean, the error message (this time in English) is:
WordPress database error: [You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server
Hi there,
I would like to point out that the security vulnerability quoted below
(and seen here:
http://archives.neohapsis.com/archives/bugtraq/2006-06/0234.html -
submitted to bugtraq on June 12, 2006) concerning the CodeGrrl.com
script, PHPAskIt, is incorrect. I am the author of this
NSFOCUS Security Advisory (SA2006-05)
Microsoft Excel SELECTION Record Memory Corruption Vulnerability
Release Date: 2006-07-12
CVE ID: CVE-2006-1302
http://www.nsfocus.com/english/homepage/research/0605.htm
Affected systems software
===
Microsoft Excel 2000
Microsoft Excel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:121
http://www.mandriva.com/security/
27 matches
Mail list logo
