While searching for a CMS for my site I found out the following:
ezPublish 2.2.7
http://target/search/?SectionIDOverride=1SearchText=scriptalert(document.cookie);/script
also when entered an URL like
http://target/scriptalert('test')/script and site admin checks
latest served URLs the script will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 264-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 19th, 2003
==
INetCop Security Advisory #2003-0x82-014.c
==
* Title: ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state
!!!
0x01. Description
Outblaze Web based e-mail is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
Resent for Announcement-ID change from SuSE-SA:2003:015 to SuSE-SA:2003:016
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:samba, samba-client
Product : WF-Chat
Version : 1.0 Beta
WebSite : http://jid.2yd.ru
Problem : Viewing users account.
Description:
For own a admin accsess in this chat u'r needing view files:
Inicks.txt
!pwds.txt
In short, all informations about registered users be at this files
And access for
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: SMB/CIFS Security Vulnerability in Samba
Number : 20030302-01-I
Date : March 19, 2003
Reference: CVE CAN-2003-0085
Product: Kaspersky Anti-Hacker
Version: 1.0
Website: http://www.kaspersky.com/buyonline.html?info=967571
1. Introduction
---
Kaspersky Anti-Hacker is a Kaspersky Lab personal firewall product. As other
products in this category, Kaspersky Anti-Hacker allows creation of packet
and
Hello
There are many discussions (on slashdot for example) on the recent linux
ptrace ( kmod) bug. I'll try to clarify what is this all about.
It's a local root vulnerability. It's exploitable only if:
1. the kernel is built with modules and kernel module loader enabled
and
2.
-
Red Hat Security Advisory
Synopsis: Updated glibc packages fix vulnerabilities in RPC XDR decoder
Advisory ID: RHSA-2003:089-00
Issue date:2003-03-19
Updated on:2003-03-19
Hi Marc,
I'm looking at the xdrmem_putbytes() from solaris 8 foundation source cd,
/cdrom/s8_foundation_src_en/osnet_volume/usr/src/lib/libnsl/rpc/xdr_mem.c line 168
static bool_t
xdrmem_getbytes(XDR *xdrs, caddr_t addr, int len)
{
int tmp;
trace2(TR_xdrmem_getbytes, 0, len);
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: Java Security Fixes
Number : 20030303-01-I
Date : March 19, 2003
Reference: CERT CA-2002-07
Reference: CERT VU#368819
-BEGIN PGP SIGNED MESSAGE-
MIT krb5 Security Advisory 2003-003
2003-03-18
Topic: faulty length checks in xdrmem_getbytes
Severity: serious
SUMMARY
===
The MIT Kerberos 5 implementation includes an RPC library derived from
SUNRPC. We have been notified that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 03.19.03:
http://www.idefense.com/advisory/03.19.03.txt
Heap Overflow in Windows Script Engine
March 19, 2003
I. BACKGROUND
Microsoft Corp.'s Windows Script Engine within the Windows operating
system (OS) interprets and
Core Security Technologies Advisory
http://www.coresecurity.com
Multiple vulnerabilities in Ximian's Evolution Mail User Agent
Date Published: 2003-03-19
Last Update: 2003-03-19
Advisory ID: CORE-20030304-01
Bugtraq IDs: 7117, 7118, 7119
CVE
Mutt versions 1.4.1 and 1.5.4 have just been released and will soon
be available from ftp://ftp.mutt.org/mutt/.
Both versions fix a buffer overflow in mutt's IMAP client code which
was identified by Core Security Technologies, and fixed by Edmund
Grimley Evans. A more detailed advisory will be
OpenSSL Security Advisory [19 March 2003]
Klima-Pokorny-Rosa attack on RSA in SSL/TLS
===
Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa
have come up with an extension of the Bleichenbacher attack on RSA
with PKCS #1 v1.5 padding as
18 matches
Mail list logo