I figured it was about time I hopped on the XSS band-wagon.
Captaris (www.captaris.com) Infinite WebMail application is vulnerable to
Cross-Site Scripting (XSS) attacks. The application fails to filter the
following tags that can both be used to redirect a user to an attack script:
Launch on e-ma
PHPSecure made some patchs for security holes in PHP products.
Here is the list :
- ALP - Banner Ad 2.0 :
http://www.phpsecure.org/index.php?id=1&zone=pDl
More details :
http://online.securityfocus.com/search?category=22&query=ALP
- Tight Auction 3.0 :
http://www.phpsecure.org/index.php?id=6&zon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : kernel 2.4
SUMMARY : Local denial of service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : fetchmail
SUMMARY : Remote vulnerability
DAT
Hello,
> Due to the way requests are logged the only way to exploit this
> vulnerability is through setting the DNS name of the fingering host to the
> attacker supplied format string.
I really wonder how you want to exploit this... Last time I checked
all tested resolvers (Linux/BSD/Solaris) di
NGSSoftware Insight Security Research Advisory
Name: PFinger Format String vulnerability
Systems: PFinger version 0.7.8 and earlier
Severity: High Risk
Vendor URL: http://www.xelia.ch/unix/pfinger/
Author: David Litchfield ([EMAIL PROTECTED])
Advisory URL: http://www.ngssoftware.com/advisories/pfi
NGSSoftware Insight Security Research Advisory
Name: zkfingerd Format String vulnerability
Systems: zkfingerd version 0.9.1 and earlier
Severity: High Risk
Vendor URL: http://sourceforge.net/projects/zkfingerd
Author: David Litchfield ([EMAIL PROTECTED])
Advisory URL: http://www.ngssoftware.com/ad
Something to note:
The 'view admin log' feature in CF tends to cause stress on the CF
process, and also blocks the log file during opening.
So, It's generally a better (and safer, with this cross-site scripting
problem that's been around for years) to view the logs file via a text
viewer on the s
Cross-site scripting vulnerability in CF 5.0. This
issue was brought up to macromedia on July 22nd, 2002.
Macromedia issued a fix to me, but I have not seen the
fix available to the public. the coldfusion
administrator allows you to view your application log
via your web browser. Under certain c
Does anyone have information on whether the same issue affects ColdFusion
MX?
__
Patrick K. Correia, Web Designer
Clough, Harbour & Associates LLP
http://www.cha-llp.com
-Original Message-
From: KiLL CoLe [mailto:[EMAIL PROTECTED]]
Sent: Monday, D
Informations :
°°
Product : PHP-Nuke
Version : 6.0
Website : http://www.phpnuke.org
Problems :
- Path Disclosure
- XSS
Developpement :
°°°
The majority of the PHPNuke's files are includes in modules.php or
index.php. To prevent the direct access, PHPNuke made two kinds o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Rapid 7, Inc. Security Advisory
Visit http://www.rapid7.com/ to download NeXpose(tm), our
advanced vulnerability scanner. Linux and Windows 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-5
- -
PACKAGE : exim
SUMMARY : local root vulnerability
DATE : 2
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG 1.0 <= tetex-1.0.7-1.0.0 >= tetex-1.0.7-1.0.1
OpenPKG 1.1 <= tetex-1.0.7-1.1.0 >= tetex-1.0.7-1.1.1
OpenPKG CURRENT <= tetex-1.0.7-20021204 >= tetex-1.0.7-20021216
PHP-Nuke code execution and XSS vulnerabilities
PROGRAM: PHP-Nuke
VENDOR: Fransisco Burzi et al.
HOMEPAGE: http://phpnuke.org/
VULNERABLE VERSIONS: 6.0 (the only supported version)
IMMUNE VERSIONS: 6.0 with my patch applied
LOGIN REQUIRED: no
DESCRIPTION:
"PHP-Nuke is a Web portal and online c
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG 1.0 <= perl-5.6.1-1.0.1 >= perl-5.6.1-1.0.2
OpenPKG 1.1 <= perl-5.6.1-1.1.0 >= perl-5.6.1-1.1.1
OpenPKG CURRENT <= perl-5.8.0-20021129 >= perl-5.8.0-20021216
Description:
///
>> Security Advisory <<
///
Multiple ven
===
Advisory: Password Disclosure in Cryptainer
Vendor: SecureSoft http://www.cypherix.com
Download Location: http://www.cypherix.com/downloads.htm
Versions affected: Cryptainer PE and Cryptainer 2.0
Date: 16th December 2002
Type of Vulnerability: Inf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-2.1
- -
PACKAGE : mysql
SUMMARY : remote DOS and arbitrary code exe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-4
- -
PACKAGE : squirrelmail
SUMMARY : cross site scripting
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-3
- -
PACKAGE : fetchmail
SUMMARY : buffer overflow
DATE : 2002-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-2
- -
PACKAGE : mysql
SUMMARY : remote DOS and arbitrary code execu
23 matches
Mail list logo
