---
[ECHO_ADV_30$2006] BL4's SMTP server BufferOverflow Vulnerable
---
Author : Dedi Dwianto
Date : April, 27th 2006
Location : Ind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1046-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 27th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1045-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 27th, 2006
===
Ubuntu Security Notice USN-275-1 April 27, 2006
mozilla vulnerabilities
CVE-2005-4134, CVE-2006-0292, CVE-2006-0296, CVE-2006-0748,
CVE-2006-0749, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729,
CVE-2006-1730, CVE-2006-1731, CVE-2
security curmudgeon mentioned:
> /portfolio.php?cat_id=[XSS]
Based on source inspection of 1.0.2, this parameter is cleansed.
line 31 of portfolio.php says:
$catId = $dbFilter->db_clean_input($_GET['cat_id'], 'integer');
which looks like it's going to do input validation as an integer.
BU
This exploit has only been tested on 2.1.4. Others are most likely vulnerable
but have not yet been tested.
Simple SQL injection in func_msg.php on line 448. to_by_id is not properly
sanitized. It's passed to the class via an instance of the messenger class,
which takes it from the ipb sanitiz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00651782
Version: 1
HPSBMA02113 SSRT061148 rev.1 - HP Oracle for OpenView (OfO)
Critical Patch Update April 2006
NOTICE: The information in this Security Bulletin should be acted
upon as soon a
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
: Discovered by: Qex
: Date: 25 April 2006
:
: /member.php?action=viewpro&member=[XSS]
Can you confirm this? Doing a quick grep of the 1.0.2 source code finds no
occurace of "viewpro" at all. The line above also happens to be exactly
the same as your DevBB disclosure, suggesting this may be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c0016
Version: 4
HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local
Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.
Rel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00629555
Version: 9
HPSBUX02108 SSRT061133 rev.9 - HP-UX running Sendmail, Remote
Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted
upon as soon as p
Land Down Under 802 and below version Path Disclosure Vulnerability
#---
#Aria-Security.net Advisory
#Discovered by:[EMAIL PROTECTED] (amin emami)
#date:21/04/2006
#or
===
Ubuntu Security Notice USN-274-1 April 27, 2006
mysql-dfsg vulnerability
CVE-2006-0903
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty War
Firefox, and IE are not a problem. The problem is the AppleWebKit 417.9, and
this is "only" used by Safari.
An example:
TextEdit is also using the WebKit. Post the code into a document and open it
with Apple's TextEdit... <- will slow down and crash ;-) the same is with
SubEthaEdit... <- both
MyBB Local SQL Injections ..
[ This Local Injections Only For Admin ]
* 1 *
[code]
adminfunctions.php , line 730
$db->query("INSERT INTO ".TABLE_PREFIX."adminlog
(uid,dateline,scriptname,action,querystring,ipaddress) VALUES
('".$mybbadmin['uid']."','".$now."','".$scriptnam
A fix has been made available:
http://forums.invisionpower.com/index.php?showtopic=213374
16 matches
Mail list logo