-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1051-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 4th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00629555
Version: 10
HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote
Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted
upon as soon
Discovered by: Noam Rathaus using the beSTORM fuzzer.
Reported to vendor: December, 2005.
Vendor response: Microsoft does not consider this issue to be a security
vulnerability.
Public release date: 4th of May, 2006.
Advisory URL:
This is fixed in IPB 2.1.6
http://forums.invisionpower.com/index.php?showtopic=214248view=getnewpost
Regards,
Matt
REWTERZ-20060504 - Sami FTP Server Remote Buffer Overflow Vulnerability
Release Date:
May 4, 2006
Severity:
High (Remote Code Execution)
Vendor:
KarjaSoft
Software Affected:
Sami FTP Server v2.0.2 and before
Operating Systems Affected:
Windows NT 4.0
Windows 98 / ME
Windows 2000
Windows XP
This is fixed in Invision Gallery 2.0.7
http://forums.invisionpower.com/index.php?showtopic=214248view=getnewpost
Regards,
Matt Mecham
--
- Cute Guestbook Remote XSS Exploit -
-= http://colander.altervista.org/advisory/CuteGuestbook.txt =-
--
-= Cute Guestbook =-
PunBB 1.2.11 Cross-Site Scripting
File name :- misc.php
Action:- Send Email
Line :- 123
[php]
redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);
[/php]
The $_POST['redirect_url'] = Unfilter Input
Exploit :-
Send POST Request
[code]
GET
Name: zawhttpd
Version: 0.8.23 previous version probably too.
Language: C
Problem: Buffer Overflow
Vendor: http://www.norz.org/zawhttpd.html
Discovered by: Kamil 'K3' Sienicki
Description:
zawhttpd is a mini Web server that features HTTP/1.0 and 1.1 support,
keep-alive persistent connections,
REWTERZ-20060503 - XM Easy Personal FTP Server Remote Buffer Overflow
Vulnerability
Release Date:
May 3, 2006
Severity:
High (Remote Code Execution)
Vendor:
Dxmsoft
Software Affected:
XM Easy Personal FTP Server v4.3 and before
Operating Systems Affected:
Windows NT 4.0
Windows 98 / ME
Fast Click SQL Lite = 1.1.3 Remote File Inclusion
---
Aria-security.com advisory
Bug Discovered by [EMAIL PROTECTED] (amin emami)
email:[EMAIL PROTECTED] and [EMAIL PROTECTED]
Date:02/05/2006
original
Fast Click = 2.3.8 Remote File Inclusion
---
Aria-security.com advisory
Bug Discovered by [EMAIL PROTECTED] (amin emami)
email:[EMAIL PROTECTED] and [EMAIL PROTECTED]
Date:02/05/2006
original
321soft PhP Gallery 0.9 - directory travel XSS
Software: 321soft PhP Gallery
Version: 0.9
Type: directory travel XSS
Date: Mai 3 01:38:04 CEST 2006
Vendor: 321soft.de
Page: http://321soft.de/
Risc: Middle
credits:
--Security Report--
Advisory: libero.it XSS vulnerability - HTML injection
---
Author: Davide Denicolo
---
Date: 28/04/06
---
Contact: davideatsecurityinfos.com
---
Vendor: ItaliaOnLine S.r.l (http://www.libero.it)
Service: Web
Level: Low
---
Description:
Libero.it is a Web portal of big Italian
Hi to all!
Trying with a friend the latest Panda Antivirus and
ClamAv we have been found that they are unable to
detect the old I Love You virus by simply changing
the name of one variable.
Attached goes a working I Love You virus in which I
changed ONLY the variable dirsystem with the name
kk2
Affected software:
Bigwebmaster Guestbook version 1.02 and down
Vendor:
http://www.bigwebmaster.com/Perl/Scripts_and_Programs/Guestbooks/
Introduction:
(taken from vendor site)
This is one of the most powerful guestbooks that you will find on the
internet. Visitors who come to your site will be
perhaps instead of c + len c being the test of pointer wraparound, one may
use the following (if there is a desire to use pointer-based arithmetic)...
#define MAXPTR (char *)0x // this would differ on 64 bit systems
if (MAXPTR - c len)
{
// we have a pointer wraparound...
}
I think everything about Oracle has been said,
everything is in the table to show how really bad
Oracle is at security, but only few people seems to
get the message, I wonder if at least goverments are
paying attention since national infraestructure
systems are running with Oracle, what else we
Steven M. Christey schrieb:
--
Dynamic Evaluation Vulnerabilities in PHP applications
--
Following is a brief introduction to a growing class of serious
vulnerabilities in PHP
On Wed, May 03, 2006 at 06:12:35PM +0100, [EMAIL PROTECTED] wrote:
Hi,
There is a flaw (well more a stupid design than anything else) in OpenVPN
2.0.7 (and below) in the the Remote Management Interface that allows an
attacker to gain complete control because there is NO AUTHENTICATION (YES
On Tue, May 02, 2006 at 04:10:27PM +0100, David Litchfield wrote:
That's what good regular patches allow me to do. The benefits
are absolutely clear. There are two major problems that can
cause these benefits to evaporate into thin air, however.
1) Late Patches
2) Re-issued Patches
3)
21 matches
Mail list logo
