#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#---
#Software: uPhotoGallery 1.1
#Method: SQL injection
#
#PoC:
#http://target/slideshow.asp?img_id=290ci=[SQL Injection]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
On Mon, Nov 27, 2006 at 05:36:29PM -, [EMAIL PROTECTED] wrote:
Vendor Response:
Red Hat has verified the flaw in the DeploymentFileRepository class
of the JBoss application server. A remote attacker who is able to
access the console manager could read or write to files with the
Large-scale comparisons using historical data, while suggestive, have
certain limitations. I touched on many of these in my open letter on
the interpretation of vulnerability statistics [1] when talking about
trend analysis in vulnerability databases, but many of the points
apply here.
For
hey team, seems evince is vuln through it's embedded use of gv to the same hole
described in bid 20978. here is exploit code for evince. users using
epiphany web browser beware, this is click-a-link exploitation.
--K-sPecial
/*
* Creator: K-sPecial (xzziroz.net) of .aware (awarenetwork.org)
*
Hi Steven,
For example, there appears to be distinct difference in editorial
policy between Oracle and Microsoft in terms of publishing
vulnerabilities that the vendors discovered themselves, instead of
third parties. This might produce larger numbers for Oracle, which
appears to include
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0066
Package names: openldap, proftpd
Summary: Multiple vulnerabilities
Date: 2006-11-28
Affected
===
Ubuntu Security Notice USN-386-1 November 28, 2006
imagemagick vulnerability
CVE-2006-5868
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu
HEy...it's Not REMOTE include
Kod:
define('_LINKYOU','link');
define('_SORRYBROWSER1',' to the page.');
Name: ProFTPD mod_tls pre-authentication buffer overflow
Vendor: http://www.proftpd.org
Release date: 28 Nov, 2006
Author: Evgeny Legerov [EMAIL PROTECTED]
I. DESCRIPTION
A remote buffer overflow vulnerability has been found in mod_tls module of
ProFTPD server.
The
===
Ubuntu Security Notice USN-385-1 November 27, 2006
tar vulnerability
CVE-2006-6097
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
===
Ubuntu Security Notice USN-387-1 November 28, 2006
dovecot vulnerability
CVE-2006-5973
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
I have not been able to find a way to exploit this with a normal PhpGedView
installation even with register_globals turned on. It always errors out before
this could be a problem.
In order to access it the $nuke_type would have to be set to postnuke. Which
is in itself trivial with
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
16 matches
Mail list logo