[SECURITY] [DSA 1244-1] New xine-lib packages fix arbitrary code execution

2006-12-28 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1244-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff December 28th, 2006

Re: XSS with Vbulletin (new idea !)

2006-12-28 Thread micmast
This has been discovered before, that is why Macromedia object tags have the allowscript option.

[SECURITY] [DSA 1214-2] Updated gv packages fix arbitrary code execution

2006-12-28 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1214-2[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff December 27th, 2006

[OpenPKG-SA-2006.044] OpenPKG Security Advisory (w3m)

2006-12-28 Thread OpenPKG GmbH
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public):OpenPKG-SA-2006.044 Advisory Type: OpenPKG Security Adv

Re: XSS with Vbulletin (new idea !)

2006-12-28 Thread l . d . 0
mr. ashraf morad your idea was good , but why with vbulletin ? do you know what happened with your exploit ? its actullay not wrong with vBulletin , i mean its not bug in vbulletin .. its only support with ( Internet Explorer ) if you use FireFox or Opera , your idea will be failure thanx fo

Re: XSS - CMS Made Simple v1.0.2

2006-12-28 Thread nanoymaster
I can't remember if I posted another xss found (probably fond by someone else as well but I thought you might like to know) in the search box or url oyu can put xss eg. http://www.target.com/index.php?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=15&cntnt01searchinput=";>alert('hi')&cntnt

SMS handling OpenSER remote code executing

2006-12-28 Thread sapheal
Synopsis: SMS handling OpenSER remote code executing Product: OpenSER Version: <=1.1.0 Issue: == A critical security vulnerability has been found in OpenSER SMS handling module. The vulnerable function should read the SMS from the SIM-memory. Details: int fetchsms(struct m

OpenSER OSP Module remote code execution

2006-12-28 Thread sapheal
Synopsis: OpenSER OSP Module remote code execution Product: OpenSER Version: <=1.1.0 Issue: == A critical security vulnerability has been found in OpenSER Open Settlement Protocol (OSP) module. OSP is an ETSI defined standard for Inter-Domain VoIP pricing,authorization and usage exchan

[SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution

2006-12-28 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1243-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff December 28th, 2006

Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities

2006-12-28 Thread xorontr
--- Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities --- Author: xoron --- Vuln Code: include_once($lm_absolute_path."components/c

[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution

2006-12-28 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1242-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff December 27th, 2006