The http-equiv and Gandalf examples are very similar, but I think
there might be some important distinctions.
1) The http-equiv example (CVE-2004-1104) uses a BASE tag with an href
attribute. In the form, the A tag has an href= without a value.
The value of the BASE HREF is displayed on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:047
http://www.mandriva.com/security/
Topic: zoo contains exploitable buffer overflows
Announced: 2006-02-22
Product:zoo
Category: Applications/Archiving
Impact: Remote code execution
Credits:Jean-Sébastien Guay-Leroux
I. BACKGROUND
zoo is a file archiving utility for maintaining
NSFOCUS Security Advisory (SA2006-01)
Winamp m3u File Processing Buffer Overflow Vulnerability
Release Date: 2006-02-23
CVE ID: CVE-2006-0720
http://www.nsfocus.com/english/homepage/research/0601.htm
Affected systems software
===
Nullsoft Winamp 5.12
Nullsoft Winamp
-- NOCC Webmail = 1.0 multiple arbitrary local inclusion +
php injection - remote code execution /
/ cross site scripting / path disclosure
software:
==
Secunia Research 23/02/2006
- Visnetic AntiVirus Plug-in for MailServer Privilege Escalation -
==
Table of Contents
Affected
New eVuln Advisory:
Teca Diary PE SQL Injection Vulnerability
http://evuln.com/vulns/75/summary.html
Summary
eVuln ID: EV0075
CVE: CVE-2006-0729
Software: Teca Diary PE
Sowtware's Web Site: http://www.teca-scripts.com
Versions: 1.0
Critical Level: Moderate
===
Ubuntu Security Notice USN-257-1 February 23, 2006
tar vulnerability
CVE-2006-0300
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
ZDI-06-002: Adobe Macromedia ShockWave Code Execution
http://www.zerodayinitiative.com/advisories/ZDI-06-002.html
February 23, 2006
-- CVE ID:
CVE-2005-3525
-- Affected Vendor:
Adobe Macromedia
-- Affected Products:
Macromedia Shockwave Installer
-- TippingPoint(TM) IPS Customer Protection:
On 21/02/06, Gadi Evron [EMAIL PROTECTED] wrote:
Indeed, it has become an annoying trend everybody talks about but nobody
writes about. Trojan horses, worms, etc. exploiting PHP bugs. Either
vulnerabilities in know applications such as WordPress, PHPBB, Drupal,
etc. or actually trying
On Tue, Feb 21, 2006 at 02:40:41AM -0500, Paul Laudanski wrote:
servers, but their Abuse department closed at 5pm. A full 6 or so hours
to run before they open back up.
Oh yah? Yahoo Paranoids jumped right on this...
$ dig www.user-unlock-amazon.com a
; DiG 9.3.0
What exactly does this have to do with bugtraq? I mean, I know there
are bugs in the tax system... LOL, but some detail would be nice.
On Feb 21, 2006, at 12:27 PM, Fixer wrote:
Does anyone know of a good contact address for the people that make
the HR Block tax software? Their web site
Ok, I should have been a little more specific; my fault. I've
discovered what looks like an interesting vuln in one of their
products and I'm not sure who to fwd the info to. I've
searched and Googled, but to no avail. Any info would be good,
preferably something that doesn't involve filling
Other domains used for phishing I have seen are paypal-unlocking.net,
secure.commonwealth-banking.com and
citibusinessonline.da-us.citybizcorp.com.
Surely someone, somewhere, has to take some responsibility for allowing
domains to be created which are clearly and obviously bogus. Who could
Thanks for the reply, I'm seeing all sorts of strange URLs being used for
the popular sites such as banks and ebay, amazon, paypal. Amazing isn't
it?
On Wed, 22 Feb 2006, Geoff Vass wrote:
Other domains used for phishing I have seen are paypal-unlocking.net,
secure.commonwealth-banking.com
Hi,
We're looking for other speakers for our annual ISESTORM event
(www.isestorm.org) from April 1 - 8. This is our third event
which we do at cost and it will take place in Barcelona, Spain
again at La Salle University (La Salle URL). We are inviting
speakers to talk about experiences within
--
HYSA-2006-003 h4cky0u.org Advisory 012
--
Date - Thu Feb 24 2006
TITLE:
==
Oi! Email Marketing 3.0 SQL Injection
SEVERITY:
=
High
SOFTWARE:
=
Oi! Email
Advisory:
NSAG-№196-23.02.2006
Research:
NSA Group [Russian company on Audit of safety Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
FCKeditor 2.2
Site of manufacturer:
http://www.fckeditor.net
The status:
19/11/2005 - Publication is postponed.
Advisory:
NSAG-№198-23.02.2006
Research:
NSA Group [Russian company on Audit of safety Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
The Bat v. 3.60.07
Site of manufacturer:
www.ritlabs.com
The status:
19/11/2005 - Publication is postponed.
Advisory:
NSAG-№195-23.02.2006
Research:
NSA Group [Russian company on Audit of safety Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
FCKeditor 2.0 FC
Site of manufacturer:
http://www.fckeditor.net
The status:
19/11/2005 - Publication is postponed.
There's a LOT of phishing domains on Yahoo. Apparently all you need to
do setup an account is a fake address and phone number. I routinely
report it to them. You can always send an email to
[EMAIL PROTECTED] as well as anyone else you can find.
Alex
-Original Message-
From: Paul
Bugtraq Subscribers,
Due to a recent lateral shift I've made, I am no longer moderating
the Bugtraq mailing list. I haven't moderated full time for a
while, and now it's time to hand the list over to a new manager.
David McKinney [EMAIL PROTECTED] will be taking over Bugtraq
as primary
22 matches
Mail list logo