New eVuln Advisory:
SaralBlog XSS & Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/40/summary/bt/
Summary
Software: SaralBlog
Sowtware's Web Site: http://www.saralblog.org/
Versions: 1.0
Critical Level: Moderate
Type: Multiple Vulnerabilities
Cla
New eVuln Advisory:
eggblog Multiple SQL Injection & XSS Vulnerabilities
http://evuln.com/vulns/39/summary/bt/
Summary
Software: eggblog
Sowtware's Web Site: http://www.epicdesigns.co.uk/projects/eggblog
Versions: 2.0
Critical Level: Moderate
Type: Multiple Vul
Summary
Software: mybb
Sowtware's Web Site: http://mybboard.com
Versions: 1.0.2
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: imei
Risk: low
-Description---
mybb has a security bug that allow
New eVuln Advisory:
RCBlog Directory Traversal & Sensitive Information Disclosure
http://evuln.com/vulns/42/summary.html
Summary
Software: RCBlog
Sowtware's Web Site: http://www.fluffington.com/
Versions: 1.0.3
Critical Level: Dangerous
Type: Sensitive Informat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 946-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 20th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 947-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Michael Stone
January 21st, 2006
Hi.
I just upgraded to mysql 5.0.18 and started using all those cool new
features. :)
But concerning VIEWs, I think the information_schema is too verbose to
the user. I started creating a VIEW that searches information from
several tables, mangles the data and gives the user a clean table with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:kdelibs3
Announcement ID:SUSE-SA:2006:003
Date:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 948-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
January 20th, 2005
> III. Detection
>
> This problem has been detected and tested on latest versions:
> snmptrapd from cmu-snmp-linux-3.7 package
> snmptrapd from cmu-snmp-linux-3.6 package
This seems to be the following code:
int snmp_input(op, session, reqid, pdu, magic)
int op;
struct snmp_session *sessi
Summary
Software: BlogPHP
Sowtware's Web Site: http://www.blogphp.net/
Versions: 1(2)
Type: SQL Injection
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: imei
-Description---
Vulnerable script
SELECT level,email,url FROM ".$pre."users WHERE username =
'".$_COOKIE[blogphp_username]."' AND password =
'".$_COOKIE[blogphp_password]."'"
Summary
Software: BlogPHP
Sowtware's Web Site: http://www.blogphp.net/
Versions: 1(2)
Type: SQL Injection
Class: Remot
hi,
this is what we can read in file "/claroline/inc/claro_init_local.inc.php" :
[...]
$ssoCookieValue = md5( mktime() );
$sql = "UPDATE `".$tbl_sso."`
SET cookie= '".$ssoCookieValue."',
rec_time = NOW()
I am not sure why but this post appeared to be rejected.
DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow'
Author: Kevin Finisterre
Vendor: http://www.ambicom.com/products/air2net
Product: 'AmbiCom Blue Neighbors <= V2.50 Build 2500'
References:
http://www.digitalmunition.com/DMA[2006-01
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 949-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 20th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:018
http://www.mandriva.com/security/
KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability
Original Release Date: 2006-01-19
URL: http://www.kde.org/info/security/advisory-20060119-1.txt
0. References
CVE-2006-0019
1. Systems affected:
KDE 3.2.0 up to including KDE 3.5.0
2. Overview:
Cisco Systems IOS 11 Web Service CDP Status Page Code Injection
Vulnerability
iDefense Security Advisory 01.17.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=372
January 17, 2006
I. BACKGROUND
Cisco IOS Software is the world's leading network infrastructure
software, de
EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability
iDefense Security Advisory 01.17.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374
January 17, 2006
I. BACKGROUND
EMC Legato NetWorker is a cross-platform backup and recovery
application.
II. DESCRIPTION
Re
EMC Legato Networker nsrd.exe DoS Vulnerability
iDefense Security Advisory 01.17.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375
January 17, 2006
I. BACKGROUND
EMC Legato NetWorker is a cross-platform backup and recovery
application.
II. DESCRIPTION
Remote exploitat
Throughout all this discussion, we should not forget that it was not
just Microsoft, but other developers who appear to have implemented
and preserved this same WMF functionality over the years, e.g. Wine.
The problem might have originated with Microsoft's design choices way
back when, but few sub
21 matches
Mail list logo