RE: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure

Hi Greg, No, the ACS Solution Engine (aka appliance) is not vulnerable. Thanks, John -Original Message- From: Greg owens [mailto:[EMAIL PROTECTED] Sent: Monday, May 08, 2006 6:45 PM To: Matthew Cerha (mcerha); bugtraq@securityfocus.com Cc: [EMAIL PROTECTED]; psirt (mailer list) S

Re: vbulletin security Alert

Testing this on a vBulletin 3.5.x-dev build all that I was able to produce was HTML output, no arbitrary PHP code was executed. You can test this by simply inserting into a template nothing appears. If there are more steps please do provide them.

[ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:085 http://www.mandriva.com/security/ ___

Re: Oracle - the last word

David Litchfield said: >When Oracle 10g Release 1 was released you could spend a day looking >for bugs and find thirty. When 10g Release 2 was released I had to >spend two weeks looking to find the same number. This increasing level of effort is likely happening for other major widely audited so

Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion

#!/usr/bin/php -q -d short_open_tag=on http://retrogod.altervista.org\r\n\r\n";; echo "works with register_globals = On & magic_quotes_gpc = Off\r\n\r\n"; if ($argc<6) { echo "Usage: php ".$argv[0]." host path user pass cmd OPTIONS\r\n"; echo "host: target server (ip/hostname)\r\n"; ech

[TZO-042006] Insecure Auto-Update and File execution (2)

Dear List, As my advisory has been a bit unclear in certain regards, I would like to clarify a few questions I have received briefly : - The Auto update problem with Zango Adware remains, there was no fix. - The Adware component is distributed by over 10.000 affilates everyday and I expect it

[SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1055-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze May 11th, 2006

Microsoft MSDTC NdrAllocate Validation Vulnerability

McAfee, Inc. McAfee Avert™ Labs Security Advisory Public Release Date: 2006-05-09 Microsoft MSDTC NdrAllocate Validation Vulnerability CVE-2006-0034 __ • Synopsis There is an RPC procedure within the MSDTC interfac

Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability

== Secunia Research 11/05/2006 - UltimateZip unacev2.dll Buffer Overflow Vulnerability - == Table of Contents Affected Software

Verizon Voicewing and Linksys PAP2-VN

Product: Verizon voicewing combined with Linksys PAP2-VN Reported by: Haavar Valeur Status: Vendor unwilling to address the problem Reported: Mar 15, 2006 I found a way it is possible to make and receive calls from other Verizon accounts. The problem is that Verizon publishes encrypted con

phpBB "charts.php" XSS and SQL-Injection

// phpBB "charts.php" (hack) XSS and SQL-Injection // - [~] Advisory by: LoK-Crew [-] Exploit: http://www.example.com/charts.php?action=vote&rate=1&id=[XSS] http://www.example.com/charts.php?action=vote&rate=1&id=[SQL] [-] Go

[ GLSA 200605-13 ] MySQL: Information leakage

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200605-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -