Credit's to n00b..Round 2 of the marquee tag's bug...
ive found a dos in flock web browser and crash's the browser ive provided a
proof of concept :P...
thnx
tested on win xp pro service pack 1..
http://www.flock.com/
flox web browser remote dos exploit by n00b :: http://www.f
> * Advisories:
> * http://www.microsoft.com/technet/security/advisory/921365.mspx
> * http://www.securityfocus.com/bid/18422/
There are at least three separate Excel issues that were published in
the past week. These references suggest that it's the "zero-day"
exploit from last Friday (CVE-2006
vlBook 1.02 Advisory
Date:
-
2005 June 23
Product:
vlBook 1.02 © 2005
Vendor:
---
http://vlab.info/
Descriptions:
-
The vlbook is a free, open source and light-weight guestbook written in PHP
using flat files to store messages
--
SNS Advisory No.88
Webmin Directory Traversal Vulnerability
Problem first discovered on: Sun, 04 Jun 2006
Published on: Fri, 23 Jun 2006
--
Severity Level:
--
===
QaTraq 6.5 RC: Multiple XSS Vulnerabilities
===
Technical University of Vienna Security Advisory
TUVSA-0606-001, June 23, 2006
===
ORIGINAL ADVISORY:
http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
VENDOR INFORMED
-Summary-
Software: CPG Coppermine Photo Gallery
Sowtwares Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.8.stable
Cl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00705283
Version: 1
HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.
Relea
Amit Klein wrote Thursday, June 22, 2006 3:47 AM
> So in order to exploit this in HTML over HTTP, the attacker needs to
either add/modify the Content-Type response header, or to add/modify the
META tag in the HTML page.
There are other ways that might carry a bigger injection threat:
Style sheet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0037
Package names: kernel, netpbm
Summary: Multiple vulnerabilities
Date: 2006-06-23
Affected version
Product of AEwebworks Dating Software
http://www.aewebworks.com/
---
Cross Site Scripting (XSS)
---
http://target.xx:80/index.php?Sex=";>alert(/Elipsis+Security+Test/)&Mode=last
^"G4" Template work^
---
POST /join_form.php HTTP/1.1
Content-Ty
Dating Agent PRO 4.7.1
http://www.datetopia.com/datingagent/
--
-
PHPinfo page
/requirements.php
-
SQL injection
-
http://target.xx/picture.php?pid=1[SQL]
http://target.xx/mem.php?mid=1[SQL]
http://target.xx/search.p
Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability
June 23, 2006
Product Overview:
Trend Micro Control Manager is a centralized, web-based outbreak
management console designed to simplify enterprise-wide coordination
of outbreak security actions and management of Trend Micro products
Cisco Secure ACS Weak Session Management Vulnerability
June 23, 2006
Product Overview:
Cisco Secure Access Control Server (ACS) provides a centralized
identity networking solution and simplified user management experience
across all Cisco devices and security management applications.
Cisco Secur
On 23 Jun 2006 at 10:35, Vincent Archer wrote:
> On Fri, Jun 23, 2006 at 12:08:56AM +0200, Amit Klein (AKsecurity) wrote:
> > So what I don't understand now is why IE's "solution" is any better than
> > Opera/Firefox?
> >
> > Why is modifying the data (msb) any better than modifying the
> > dat
Trying to make the language 'safe' won't fix it because the language is not the
problem. The real problem is the way PHP is presented to most new developers.
PHP has been introduced as a tool for the web developer. As a language its goal
is "to allow web developers to write dynamically generate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
DREAMACCOUNT V3.1 Command Execution Exploit
Discovered By CrAsh_oVeR_rIdE(Arabian Security Team)
Coded By Drago84(Exclusive Security Team)
-
Title:
[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability
Author:
Kil13r - http://www.kil13r.info/
Local / Remote:
Remote
Timeline:
2006/06/21 - Discovery
2006/06/21 - Vendor notification
2006/06/22 - Release
Affected version:
NetSoft SmartNet 2.0
Not af
Hi all,
I have done a patch to current Linux VNC client (ver. 4.1.1), which permit to
authenticate to a bugged server with a NULL session, although password
authentication is required
(RealVNC Remote Authentication Bypass Vulnerability, BID 17978).
Here is the patch for file CConnection.cxx
rPath Security Advisory: 2006-0110-1
Published: 2006-06-23
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
kernel=/[EMAIL PROTECTED]:devel//1/2.6.16.22-0.1-1
References:
http://www.cve.mitre.org/cgi-bin/cven
[EMAIL PROTECTED] wrote:
> The 5000 credits prizes will be given on the publication of a official
> Microsoft Bullettin with severity High regarding the vulnerability.
The Microsoft rating system does not have a "High" rating for severity. They
have Low, Medium, Important and Critical. See
http:
Azhteam Digital Security Team ##
## ##
# productcart #
# #
# Find by Soltan_def
Discovered By: CrAzY CrAcKeR
Site:www.alshmokh.com
I want to thank my friend:-
nono225-mHOn-rageh-Lover Hacker-Brh
BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r
Example:-
/showmods.php?boardid=[SQL]
===
ORIGINAL ADVISORY:
http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html
http://www.kapda.ir/page-advisory.html
-Summary-
Software: MyBB
Sowtwares Web Site: http://www.mybboard.com
Versions: 1.1.3
Class: Remote
Status: Patche
Tested and confirmed on Opera 9.00 built 8482.
Interesting this also managed to crash Notepad.exe on Windows XP SP2
Home Edition when viewing the source of the page in IE7 Beta 2.
Darren Clarke
IT / Comms Admin
-
Critical Securi
[EMAIL PROTECTED] wrote:
> Trying to make the language 'safe' won't fix it because the language is not
> the problem. The real problem is the way PHP is presented to most new
> developers.
>
>
> PHP has been introduced as a tool for the web developer. As a language its
> goal is "to allow web de
[P]roduit : Calendar
Provided by Codewalkers
[S]ite officiel : http://Calendar.codewalkers.com
[V]ulnérabilité : SQL Injection
[E]xploitation : /calendar.php?display=event&id=[SQL]
[C]rédit : Silitix - www.Silitix.com
[A]vis de sécurité original : www.Sili
--- Darren Reed <[EMAIL PROTECTED]> wrote:
> From my own mail archives, PHP appears to make up at least 4%
> of the email to bugtraq I see - or over 1000 issues since 1995,
> out of the 25,000 I have saved.
>
> People complain about applications like sendmail...in the same
> period, it has been re
ECHO.OR.ID
ECHO_ADV_34$2006
---
[ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion
-
Discovered By: CrAzY CrAcKeR
Site:www.alshmokh.com
I want to thank my friend:-
nono225-mHOn-rageh-Lover Hacker-Brh
BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r
Example:-
/report.php?postid=[SQL]
==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID : SYMSA-2006-005
Advisory Title: Lanap CAPTCHA bypass exposure
Author: Michael White, [EMAIL PROTECTED] and
Graham Murphy
On 6/21/06 3:24 PM, "Paul" <[EMAIL PROTECTED]> spoketh to all:
>>> At
>>>
>>>
>>> http://www.iku-ag.de/ASCII
>>>
>>>
>>> you can find a test page that displays a secret message. IE6 displays
>>>
>>> the text correctly, Firefox 1.5 and Opera 8.5 display glibberish text.
Safari 2.0.3 a
Title:
[Kil13r-SA-20060622-2] Namo DeepSearch 4.5 Cross-Site Scripting Vulnerability
Author:
Kil13r - http://www.kil13r.info/
Local / Remote:
Remote
Timeline:
2006/06/21 - Discovery
2006/06/21 - Vendor notification
2006/06/21 - Vendor response
2006/06/22 - Release
Affected version:
On Tue, 20 Jun 2006, Jain, Siddhartha wrote:
> Hi,
>
> I am trying to understand how the below mentioned sendmail
> vulnerability.
> http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
>
> The description says that the DoS occurs when sendmail goes in a deeply
> nested malformed MIM
> I think that any ability of the (l)users to expose executables as web
> services threatens the security of the web server machine, irrespective of
> programming language. (But I don't see how it threatens "the internet" --
> they can already connect their own misconfigured machine to the net
di
On 21 Jun 2006 03:39:09 -, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Details:
Vulnerability can be exploited by using a large value in a href tag to create
an out-of-bounds memory access.
Proof Of Concept DoS exploit:
http://www.critical.lt/research/opera_die_happy.html
Interesting e
36 matches
Mail list logo
