-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:107
http://www.mandriva.com/security/
___
JEdit ActiveX Control Information Disclosure vulnerability
Publish Date: July 17, 2006
Status:SRLabs.net contacted with the vendor at July 7 2006 to request
security
contact for sending information about vulnerability but couldn't get
any response yet
Vendor: Jaguarsoft (http:/
Hi,
I am trying to understand how the below mentioned sendmail
vulnerability.
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
The description says that the DoS occurs when sendmail goes in a deeply
nested malformed MIME message and uses the MIME 8-bit to 7-bit
conversion functio
The vendor has released version 1.1 to address this issue.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:108
http://www.mandriva.com/security/
___
Critical Security advisory #009 [http://www.critical.lt]
Advisory can be reached: http://www.critical.lt/?vuln/349
We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas
Shouts to Lithuanian girlz! and our friends ;]
Product: Opera 9 (8.x is immune to this)
Vuln type: Denial of Service
___
iKu Advisory
___
Product : Microsoft InternetExplorer 6
: various filter applications
Dat
pls check this link
http://www.securityfocus.com/archive/1/359414
it was 2 years ago :D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This also affects IE 7 Beta 2.
Did you shoot this over to Microsoft?
[EMAIL PROTECTED] wrote:
> ___
>
>
>iKu Advisory
>
> _
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:110
http://www.mandriva.com/security/
___
This was fixed way back in March 2005:
http://www.subdreamer.com/forum/showthread.php?t=2501
These files are not vulnerable,
I checked the codes of them and i see that for
action.php,
include('./config.php');// common functions
include_once($DIR_LIBS . 'ACTION.php');
media.php,
include('../config.php');
include($DIR_LIBS . 'MEDIA.php'); // media classe
This is a bogus report. Please mark it as such or remove it. This so called
exploit is nothing but an attemtpt to defame the name of Phorum.
1. common.php is checked on the very first line of non-comment code that it is
not being called directly. It has been this way in all 5.x version of Ph
I'm not too sure you can count phpBB as "the winner" here. As far as I
can recall, it has had only two major vulns. I would say "the winner"
would be something like phpNUKE (to put my point, phpNUKE has had 31
vulns from 2003 to present day of which most are unpatched, where as
phpBB has had 32 in
Eduha Meeting php shell upload Vulnerabilities
Site:http://eduha.forever.kz/
Demo:http://nextlevel.astrakhan.ru/meeting/
Example:
http://victim/path/index.php?act=add
add photo(upload php phpshell)
Bug Video: http://www.biyosecurity.
>For example, allowing users to upload and execute any C executable file to a
>public web server can prove to be quite dangerous.
>
>I think the same can be said for allowing PHP on a public web server, you
>have just allowed anyone with a website to compromise the entire machine.
I think the rele
> Do you not think stuff like this should be pointed out to the public so
that
> when selecting a web host they know that one who supports PHP may be
putting
> them at extreme risk compared to one who is a bit more security conscious?
Well then we better start having web hosting companies who supp
> Well then we better start having web hosting companies who support ASP,
> Perl, CGI etc. be pointed out to the public so that when selecting a web
> host they know that they might be being put into an extreme risk
situation.
Yes that's exactly the point, the risks for each should be pointed out
Challenge Publication is 06.15.2006
http://www.digitalarmaments.com/challange200606483923.html
I. Details
Digital Armaments officially announce the launch of July-August hacking
challenge.
The challenge starts on July 1. For the July-August Challenge, Digital
Armaments will give 5000 cred
cjGuestbook v1.3
Homepage:
http://cmj-php.opanelhosting.com
Affected files:
* posting in the guestbook
XSS vuln with cookie disclosure:
cjGuestbook uses bbcode, and since theres a vulnerability in early editions of
bbcode we can achieve our XSS example.
For a PoC put in as your commen
Microsoft Excel 0-day Vulnerability FAQ document at SecuriTeam Blogs has been
updated with information included to related Microsoft Security Advisory.
Updates included to Revision History too.
Additionally, my research say there was sample available as early as 12th June.
TrendMicro TROJ_EMBED
Somechess v1.5 rc1
Homepage:
http://www.astrodogpress.org/chess/
Affected files:
*Profile input boxes
---
Upon dumping the sql data into the table if you get errors and it wont create
the tables & data (like it did to me), then just remove all the " from the sql
file
Very interesting, indeed. Does this work with functional characters
such as html brackets? What about html tag obfuscation (bypassing
script filters such as those in place at hotmail)?
Nice find.
Paul
On 6/21/06, Fixer <[EMAIL PROTECTED]> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:109
http://www.mandriva.com/security/
___
24 matches
Mail list logo
