FYI Flash9 added a new property for object and embed tags to prevent
this technique from being used: allowNetworking:
http://livedocs.macromedia.com/flex/2/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Partsfile=1590.html
That page doesn't explicitly list LoadVars as being
NSFOCUS Security Advisory (SA2006-07)
ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS
Vulnerability
Release Date: 2006-07-27
CVE ID: CVE-2006-3840
http://www.nsfocus.com/english/homepage/research/0607.htm
Affected systems software
===
RealSecure Network
a6mambohelpdesk Mambo Component = 18RC1 Remote Include Vulnerability
# Rish : High
# Class : Remote
# Script : a6mambohelpdesk
# Thanx : www.lezr.com/vb
# codes
?
include( $mosConfig_live_site/components/com_a6mambohelpdesk/about.html
);
?
# d0rkiz :
On 26 Jul 2006 at 22:43, 3CO wrote:
FYI Flash9 added a new property for object and embed tags to prevent
this technique from being used: allowNetworking:
http://livedocs.macromedia.com/flex/2/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Partsfile=1590.html
That page
Thank you, Tim.
I published a fixed version:
http://jodies.de/ipcalc-archive/ipcalc-0.41.tar.gz
I contacted the author (Krischan Jodies -
http://www.jodies.de/) on the 7th,
offering them 14 days to respond but have had no reply to acknowledge that
the problem even exists, I've
===
Ubuntu Security Notice USN-324-1 July 27, 2006
freetype vulnerability
CVE-2006-3467
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu
===
Ubuntu Security Notice USN-325-1 July 27, 2006
ruby1.8 vulnerability
CVE-2006-3694
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
===
Ubuntu Security Notice USN-326-1 July 27, 2006
heartbeat vulnerability
CVE-2006-3815
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1125-2[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
July 27th, 2006
==
Secunia Research 27/07/2006
- Mozilla Firefox XPCOM Event Handling Memory Corruption -
==
Table of Contents
Affected
Hey all,
Today I released a new whitepaper Bypassing Oracle dbms_assert. This
technique makes many already fixed Oracle vulnerabilities (SQL Injection)
exploitable again.
URL:
http://www.red-database-security.com/wp/bypass_dbms_assert.pdf
Summary:
By using specially crafted parameters
ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-025.html
July 26, 2006
-- CVE ID:
CVE-2006-3677
-- Affected Vendor:
Mozilla
-- Affected Products:
Firefox 1.5.0 - 1.5.0.4
SeaMonkey 1.0 - 1.0.2
-- TippingPoint(TM) IPS
rPath Security Advisory: 2006-0137-1
Published: 2006-07-26
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
User Deterministic Unauthorized Access
Updated Versions:
firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.5-1-0.1
References:
TitLe : Xss in MttKe-php v2.6
eXpLoIt :
http://[target]/[path]/components/polls?p=polltopic=scriptalert()/script
By : R0t-KeY
--- s33 u ;)
greetz...
#!/usr/bin/perl
#
# p0c
# Tested on Windows XP SP2 with triton 1.0.4
# c0rrupt -{at}- f34r -{dot}- us
#
# This exploits the sipxtapi vuln in triton which was patched.. sometime ago..
# The exploit sends a specially crafted udp packet to the triton client
# which leads to
GeoClassifieds Enterprise 2.0.5.2
http://geodesicsolutions.com/products/classifieds/classifieds_enterprise.htm
--
Cross Site Scripting (XSS)
--
POST http://target.xx:80/index.php?a=10 HTTP/1.0
Host: target.xx
Content-Type:
DETAILS:
The /etc/init.d/mysql script lists the root password of MySQL database:
-INPUT_DB_PASSWORD=mysql123
-bin/mysqladmin -uroot -pmysql123 shutdown
The file permission of file /etc/init.d/mysql will allow all users with a login
to the NAS server to view the root password
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1126-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
July 27th, 2006
Some vulnerabilities have been discovered in Phorum, which can be exploited by
malicious people to conduct cross-site scripting attacks, disclose sensitive
information, and potentially compromise a vulnerable system.
1) Input passed to the template parameter in pm.php isn't properly
I can't believe it. Oracle releases new patches and they have not been
solved one of the main problems: A user with only the SELECT privilege can
do WHATEVER (S)HE WANTS WITH THE ENTIRE DATABASE
I'm not sure if is time to full disclosure it but, anyway, I will full
disclosure one inocent
--==CRLF injection==--
GET /mybloggie/ HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
Host: 127.0.0.1:80
Cookie: PHPSESSID=op0-11{}};q, or something like that
Connection: Close
This demonstration code does not contain any carriage return / line
feed sequences. What is the
21 matches
Mail list logo