-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1205-2[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
December 1sd, 2006
Invision Gallery 2.0.7
DOS attak can be performed
index.php?automodule=gallery&cmd=postcomment&op=doaddcomment&Post=test&img=111
OR id IN (SELECT BENCHMARK(1000,BENCHMARK(1000,md5(current_date))) FROM
ipb_gallery_images )
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:220
http://www.mandriva.com/security/
___
Thanks for sharing!
Quick fix is to edit file forum/modules/blog/lib/entry_reply_entry.php
and change the following code (line 52 for me)
'where' => "entry_id = {$this->ipsclass->input['eid']}"
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:221
http://www.mandriva.com/security/
___
Thanks for pointing this out JP, it does in fact look confusing. We
determined during the Digital Vaccine filter creation process that a
previously released filter was robust enough to block the attack without
further modification and the vendor was immeditately notified.
ZDI Team
"Dude Van
rPath Security Advisory: 2006-0221-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
openldap=/[EMAIL PROTECTED]:devel//1/2.2.26-8.5-1
openldap-clients=/[EMAIL PROTECTED]:devel//1/2.2.26-
#Aria-Security Team Advisory
#
#
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=57
#---
#Software: CPanel
#Tested On CPanel 11 Beta at cpanel.net
#Poc:
#
http://target:2082/frontend/x3/mail/manage.html?account=XSS
h
/ -[061124b]- \
| deV!L`z Clanportal - Arbitrary File Upload |
\ /
S Y N O P S I S /
='
-( access: remote severity: high )-
deV!L`z Clanportal allows nearly arbitrary
/ -[061124a]- \
| deV!L`z Clanportal - SQL Injection |
\ /
S Y N O P S I S /
='
-( access: remote severity: high )-
An SQL injection has been found in deV!L`z Clanportal, which allow
==
Layered Defense Advisory 1 December 2006
==
1) Affected Software
Novell Client 4.91 SP2
Novell Client 4.91 SP2 Patch Kit
Novell Client 4.91 SP3
Earlier versions may also be vulnerable
==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1223-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
December 01, 2006
- -
Hello,
We would like to inform you about a vulnerability in Outpost Firewall PRO 4.0.
Description:
The system process services.exe cares about system services. It runs them during the system boot and thus owns full
access handles to all system services. Outpost protects all processes against
rPath Security Advisory: 2006-0220-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local Deterministic Denial of Service
Updated Versions:
dovecot=/[EMAIL PROTECTED]:devel//1/1.0.beta8-4.2-1
References:
http://www.cve.mitre.org/cgi-bin/cvena
# LiderHack.Org
# Script name : Aspee Ziyaretçi Defteri (tr)
# Script Download : http://aspindir.com/goster/4575
# Risk : High
# Found By : ShaFuck31
# Thanks : Dekolax , DesquneR , [EMAIL PROTECTED] , SaboTaqe
# Vulnerable file : giris.asp
Manual connect :
Go to Admin Panel Login -> ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1222-2[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
December 1st, 2006
Novell ZENworks Asset Management Collection Client Heap Overflow
Vulnerability
iDefense Security Advisory 12.01.06
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 01, 2006
I. BACKGROUND
Novell Inc's ZENworks is a set of tools used to automate IT management and
business processes acros
Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability
iDefense Security Advisory 12.01.06
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 01, 2006
I. BACKGROUND
Novell Inc's ZENworks is a set of tools used to automate IT management and
business processes across the vari
On 11/30/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Thanks for pointing this out JP, it does in fact look confusing. We
determined during the Digital Vaccine filter creation process that a
previously released filter was robust enough to block the attack without
further modification and the
rPath Security Advisory: 2006-0224-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect Non-deterministic Unauthorized Access
Updated Versions:
gnupg=/[EMAIL PROTECTED]:devel//1/1.4.5-1.1-1
References:
http://www.cve.mitre.org/cgi-bin/cv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0068
Package names: gnupg, tar
Summary: Multiple vulnerabilities
Date: 2006-12-01
Affected versions: T
rPath Security Advisory: 2006-0222-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect User Deterministic Vulnerability
Updated Versions:
tar=/[EMAIL PROTECTED]:devel//1/1.15.1-7.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename
Solar Designer <[EMAIL PROTECTED]> writes:
> However, in those (most common) cases when all you need is to concatenate
> strings, relying on or providing an snprintf() implementation might be
> an overkill.
Gnulib's xvasprintf detects %s...%s format strings, which makes the
code easy to analyse f
##
#
#
# freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability
#
#
24 matches
Mail list logo