Zbattle client has denial of service by game create and closing real fast. The
maker was told about the denial of service. Not action has been taken.
zbattle commands
login send - "@109" + 0x0A
login name - '2' + name + 0x0A + '7' + 0x0A
make game - '3' + gamename + 0x0A
join game -
close
Nobody has mentioned this yet, so maybe I should. Accpording to the MySQL
documentation the infromation schema is database and there is no suggestion
that the access controls do not work. You should be able to determine who has
what access to the information schema using standard grant and revo
(Why, yes, I came up with the name, and had to find some bugs to be able
to post this.)
Summary
---
There are three fairly interesting flaws in how HTTP cookies were
designed and later implemented in various browsers; these shortcomings
make it possible (and alarmingly easy) for malici
I don't think so, this is a vulneralability since the "scriptProtect" isn't
applied to this variable
$FB_["rawFA"] = $attributes["fuseaction"];
simple example :
I have "scriptProtect" like this :
function validate($char)
{
if(preg_match('/[\'\"%|*()[EMAIL PROTECTED];\\/=+-_^]/',$char))
d
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
I.Vulnerability
UebiMiau Webmail System Cross Site Scripting Vulnerability
II.Vendor
Aldoir Ventura
III.Affected Systems
* UebiMiau 2.7.9 (latest release) and probably previous versions.
IV.About
UebiMiau is a simple, yet efficient mail reader (webmail) supporting both
IMAP and POP3 without
On Tue, 24 Jan 2006, Gadi Evron wrote:
> The CME entry should appear on their site shortly:
> http://cme.mitre.org
it already has, several days ago in fact:
http://cme.mitre.org/data/list.html#24
jose nazario, ph.d. [EMAIL PROTECTED]
http://monkey.org/~jose/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0004
Package names: kernel, openssh
Summary: Multiple vulnerabilities
Date: 2006-01-27
Affected versi
The Norwegian web-publishing system EasyCMS (www.easycms.no) contains multiple
input flaws letting users conduct successful XSS attacks. Both in the admin
section, and the webpage that uses the system is vulnerable to XSS.
It does not filter script tags and simple scripting like
alert(XSS) wi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 951-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 30th, 2006
Invalid characters removed from From: [EMAIL PROTECTED], |@securityfocus.com,
## MyBB 1.02 usercp2.php XSS
##--##
## Devil-00 D3vil-0x1 - Attacking MyBB :)##
## ##
## [EMAIL PROTECTED]##
## ##
##-
I create exploit for a bug at Mininuke ; this bug at "membership.asp"
and you can with this exploit change members password :)
if you inject:
" /membership.asp&pass=[New password]&passa=[confirm new password]&x=[member
name] "
This bug found by nukedx & exploit by Hessam-x
-
+ APP name :
On Sun, 29 Jan 2006, Amit Klein (AKsecurity) wrote:
> I tried setting a cookie for .com.pl, and I failed (that is, the browser
> did not respect it). If you set a cookie for .kom.pl, it will be OK (if
> you're in .kom.pl domain, that is).
Amit,
Mozilla/Firefox/Netscape are vulnerable to this fla
/*
Do you want to hack? les`t go .. free your mind
Tu veux etre un hacker? allez .. if faut libere ta tete!
Quieres hackear? dale .. libera tu mente
Vulnerabilidad en modem Arescom NetDSL-1000
por un buffer overflow debido < [255] en la pila stack.
DoS atack por F
##Night_Warrior
##night_warrior771[at]hotmail.com
##sPaiz-Nuke Cross-Site Scripting Vulnerability
##http://www.alstrasoft.com
http://www.example.com/sPaiz-Nuke/modules.php?name=Articles&file=search&query=[XSS]&type=articles&type=comments
http://www.example.com/sPaiz-Nuke/modules.php?name=Art
Wasn't this reported a long time ago?
http://www.securityfocus.com/bid/15141
Paros is prone to a remote authentication bypass vulnerability.
This issue may result in the disclosure of sensitive information, and
possible execution of commands on the victim machine.
Paros version 3.2.5 is affected
HTA runs applications from HTML documents. Like I mentioned, never broke
anything in my experience. And yes, I sometimes develop stuff on this old
windows box, including webstuff. HTA is a MS invention, Firefox has
followed. But the main thing HTA has been, and IMHO will remain, is a
security
This issue has been addressed as of version 5.05 of Pocket Controller
Professional released on January 9th, 2006.
Visit www.soti.net for more information.
i admit, i posted this bug just a short while ago, but since its an
anoyance more then a vuln.. i dont really care.. be glad i didnt demo it
here :) (for evolution users anyway)
so the issue is with text based file attachments with the
"Content-Disposition" set to "inline".. if this text file co
The guys over at LURHQ (Joe Stewart) produced some amazing statistics
from the logs provided to the TISF BlackWorm task force by the more
whitehat than whitehat RCN (.com/.net) ISP with the cooperation of the FBI.
By country, de-duping, removing DDoS and other counter-poisoning
attempts as bes
Users can inject XSS into the form field "Name", when adding a comment on a
picture. This will lead to the execution of XSS code.
Simple scripting like alert('hello') , and more advanced
document.location, and document.cookie works.
This has been tested on version 0.5.1. Other versions might be
Invalid characters removed from From: [EMAIL PROTECTED], |@securityfocus.com,
D3vil-0x1 MyBB Bug ###
## Local File Inclusion
##
## MyBB 1.2 -> Admin Can Include Local File :)
## File :- admin/plugins.php
Line :- 51
//
This FAQ was authored by members of the TISF BlackWorm task force
(specifically the MWP / DA groups and the SANS ISC handlers).
The purpose is both to provide with a resource for concerned users and
network administrators, as well as to be a level-headed myth-free source
on the subject.
Ther
On Jan 30, 2006, at 2:51 PM, [EMAIL PROTECTED] wrote:
If you flood the telnet configuration a couple dozen times with
long
strings, eventually the telnetd service flat out dies. Routing
functions
of the NetDSL continue to work fine as before. It is unknown
whether only
the telnetd ser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 959-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 30th, 2006
/**
Package: Etomite Content Management System
Auth: http://www.etomite.org/
Version(s): 0.6 / previous versions may also be backdoored
Vulnerability Type: Remote Code Execution
*/
Disclaimer:
-
The information is provided "as is" without warranty of any kind.
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:026
http://www.mandriva.com/security/
___
You can disable auto launching Winamp for playlist files as a workaround.
For Firefox, go to Tools / Options settings, click on Download icon, then
click on View & Edit Actions... Scroll down to M3U extension and then
push the Remove Action button. Firefox will no longer automatically
launch fi
I spotted it on Christopher Boyd's Vital Security blog. Chris is a Microsoft
security MVP and security research manager at FaceTime, an instant messaging
security company. However, this worm appears to have spread much further and
has slithered around the world.
The worm is actually an animated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:027
http://www.mandriva.com/security/
___
> The FAQ can be found at:
> http://isc.sans.org/blackworm
> http://blogs.securiteam.org
That's http://blogs.securiteam.com
My apologies, and thanks to all those who notified me.
Gadi.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-- Forwarded message --
From: Rick Elnor
To: [EMAIL PROTECTED]
Date: Sun, 29 Jan 2006 10:11:08 -0800
Subject: [OSVDB Mods] [Change Request] 22693: Etomite todo.inc.php cij Variable
Arbitrary Command Execution
Hello,
I am Rick Elnor, the Etomite CMS security expert and owner
35 matches
Mail list logo