eEye Research - http://research.eeye.com
Intel Network Adapter Driver Local Privilege Escalation
Release Date:
December 7, 2006
Date Reported:
July 10, 2006
Severity:
Medium (Local Privilege Escalation to Kernel)
Systems Affected:
Windows 2000, XP, 2003, Vista
Intel PRO 10/100 - 8.0.27.0
===
Ubuntu Security Notice USN-393-2 December 07, 2006
gnupg2 vulnerabilities
CVE-2006-6169, CVE-2006-6235
===
A security issue affects the following Ubuntu releases:
Ubuntu 6
E1.0.1
OpenPKG Community2-STABLE-20061018 gnupg-1.4.6-2.20061207
OpenPKG Community2-STABLE gnupg-1.4.6-2.20061207
OpenPKG CommunityCURRENT gnupg-1.4.6-20061206
OpenPKG CommunityCURRENT
#
# DUdirectory Admin Panel SQL Injection
#Download:
#http://www.duware.com/zips/productsnew/DUdirectory31.zip
# Search:"DUdrirectory"
# DUdirectory/admin/default.asp
#
# User:'or' Pass:'or'
#
On Thu, 7 Dec 2006 22:00:31 +0300
3APA3A <[EMAIL PROTECTED]> wrote:
> Dear Tomasz Kojm,
>
> TK> That's _extremely_ irresponsible to disclose bugs without giving the
> TK> vendors any chance to fix them and prepare new software releases.
>
> This is a rare case I can not agree with such stat
#!/usr/bin/perl
# phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit
# Download Script
h
Dear Tomasz Kojm,
TK> That's _extremely_ irresponsible to disclose bugs without giving the vendors
TK> any chance to fix them and prepare new software releases.
This is a rare case I can not agree with such statement.
Ability to bypass content filter is not a bug before this issues is
===
Ubuntu Security Notice USN-390-3 December 06, 2006
evince-gtk vulnerability
CVE-2006-5864
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubunt
Tomasz Kojm wrote:
> That's _extremely_ irresponsible to disclose bugs without giving the vendors
> any chance to fix them and prepare new software releases.
bla bla bla, full disclosure is cheaper
i really hate responsible disclosure criers, it's a personal choice,
you can't cry if somebody want
Vulnerability Description
==
The Linksys WIP 330 VoIP wireless phone will crash when a full
port-range Nmap scan is run against its IP address.
Linksys WIP 330 Firmware Version
==
1.00.06A
Nmap scan command
nmap -P0 -p 1-65535
Impact
The related Trojans have the following names:
Troj/DwnLdr-FXG
http://www.sophos.com/security/analyses/trojdwnldrfxg.html
and
Troj/DwnLdr-FXH
http://www.sophos.com/security/analyses/trojdwnldrfxh.html
Other references released:
BID:
http://www.securityfocus.com/bid/21451
FrSIRT:
http://www.frsir
vendor site:http://phpbb.com/
product:phpbb
bug:xss
risk:low
A xss post has been discovered in phpbb ,the impact of this attack is very low
,because it's more a bug , than a vulnerability .
An authentificated user can excute some html code in his private message box ,
by sending a message to an
How so? I can't see why it's anyones responsibility's to fix a
corporations code, Especially if they don't have you on their payroll.
Tomasz Kojm wrote:
On Wed, 06 Dec 2006 15:24:25 +0100
Hendrik Weimer <[EMAIL PROTECTED]> wrote:
Several e-mail virus scanners can be tricked into passing a
On 12/6/06, José Carlos Nieto Jarquín <[EMAIL PROTECTED]> wrote:
Note:
I'm sorry, two of the the exploits in the prior e-mail were incomplete.
This is just another couple of proof of concept exploits for this
well-known browser. The third one is a lame combination of both.
Tested under Windows
So what happened to the Week of Oracle Database Bugs" (WoODB)?
Looks like it got pull off? Legal threat from Oracle's legal department?
Did not see any announcement on this list.
http://www.argeniss.com/woodb.html
The Week of Oracle Database Bugs
We are sad to announce that due to many probl
===
Ubuntu Security Notice USN-393-1 December 07, 2006
gnupg vulnerability
CVE-2006-6235
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LT
ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-044.html
December 6, 2006
-- CVE ID:
CVE-2006-5856
-- Affected Vendor:
Adobe
-- Affected Products:
Adobe Download Manager 2.1 and earlier
-- TippingPoint
Hi
Last week I have been googling around for comments and reactions from my
report "Malware Detection Rate in Alternative Word Formats"
(http://www.iplosion.com/archives/3) which was posted in the ISC diary on
August 23rd, 2006 (http://isc.sans.org/diary.php?storyid=1630). To sum it up
there has n
On Wed, 06 Dec 2006 15:24:25 +0100
Hendrik Weimer <[EMAIL PROTECTED]> wrote:
> Several e-mail virus scanners can be tricked into passing an EICAR
> test file if the following conditions are met:
>
> 1. the EICAR file is encoded in Base64 including characters not in the
>standard alphabet (e.g
TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow
Vulnerability
http://www.tippingpoint.com/security/advisories/TSRT-06-15.html
December 6, 2006
-- CVE ID:
CVE-2006-6334
-- Affected Vendor:
Citrix
-- Affected Products:
Citrix Presentation Server Client for Windows <
>function invalideregtest($input)
>
>script just check $topic by invalideregtest function
I think this function just *tries* to check inputs, but doesn't
succeed. Did you do any live testing using $topic ?
We should expect to see more erroneous cleansing/checking functions as
programmers attemp
On Wed, 6 Dec 2006, Hendrik Weimer wrote:
> Several e-mail virus scanners can be tricked into passing an EICAR
> test file if the following conditions are met:
>
> 1. the EICAR file is encoded in Base64 including characters not in the
>standard alphabet (e.g. whitespaces) and
> 2. the part con
Hi Ryan
Ryan Buena wrote:
Source: http://secunia.com/advisories/23232/
Does anybody have any more detailed information on specifics about
this vulnerability? There is very little detail concerning this.
SANS/ISC piece:
http://isc.sans.org/diary.php?storyid=1913
Microsoft Advisory:
http://ww
Digital Armaments advisory for Platinum Subcription is 06.20.2006
Digital Armaments public advisory is 12.07.2006
http://www.digitalarmaments.com/2006061285940301.html
I. Background
Yahoo! Inc. is an American computer services company with a mission to "be the
most essential global Internet ser
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200612-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up
MySpace was hit by a worm in a semi-automatic manner. This time the
worm propagated via a QuickTime flaw found a couple of months ago.
This shouldn't be a surprise to anyone. It is quite serious that this
attack vector was picked up
26 matches
Mail list logo