- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200701-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
This bug has been tested on the versions SMF 1.1.1
and 1.1 RC3.
Aria-Security Team
http://aria-security.net
Author: BorN To K!LL
Maybe this person should be called BorN To Gr3p or BorN To Post Fake
and Pointl3ss ExploiTz!
###
Bug in :. news.php
code :
require_once($CONFIG['script_path'].functions/functions.php);
rPath Security Advisory: 2007-0011-1
Published: 2007-01-23
Products: rPath Linux 1
Rating: Informational
Exposure Level Classification:
Indirect Deterministic Denial of Service
Updated Versions:
wget=/[EMAIL PROTECTED]:devel//1/1.10.2-4-0.1
References:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:024
http://www.mandriva.com/security/
Hello,
during a course project studying security and privacy related to Bluetooth, we
discovered a simple but effective DoS attack using OBEX push.
Using ussp-push [1], it is possible to send out files very quickly. By
continuously trying to push a #64257;le, the target is #64258;ooded with
Hello,
during a course project studying security and privacy related to
Bluetooth, we discovered a simple but effective DoS attack using OBEX push.
Using ussp-push [1], it is possible to send out files very quickly. By
continuously trying to push a file, the target is flooded with prompts
whether
I have created a xss filter to protect from xss attacks. Though i have
filtered only for 8 characters but i was able to test against all the
attacks mentioned in the RSnake's cheat sheet. Appscan was not able to
detect any xss attacks on it. I request the application security community
to help
Overview:
Safari on occasions may improperly parse the source of an HTML
document, which can lead to the execution of html tags within
comments. This can become dangerous when input filters allow html
tags within comments, as they will get parsed and executed under
certain circumstances.
SP == Shiva Persaud [EMAIL PROTECTED] writes:
XFOCUS team (http://www.xfocus.org/) had discovered Multiple OS kernel
insecure handling of stdio file descriptor.
===
Affected OS Version
AIX 5.3
SP The AIX Security Team can be reached at [EMAIL PROTECTED]
SP We
rPath Security Advisory: 2007-0012-1
Published: 2007-01-23
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local User Non-deterministic Vulnerability
Updated Versions:
ed=/[EMAIL PROTECTED]:devel//1/0.4-1-0.1
References:
Hi people,
I was wondering whether I was right or not about this vuln:
http://www.securityfocus.com/bid/21978
Unfortunately, I don't have a Colfusion to test on.. What I would do is:
http://colfusion-server/an-existing-file.cfm%2500.cfm
and I expect the server to spit out the source code
Type: Deniel of Service
Severity: Critical
Title: AToZed Software IntraWeb Component for Borland Delphi and Kylix
DoS vulnerability
Date: January 23, 2007
Synopsys
A DoS vulnerability exists in the IntraWeb Component of AToZed Software.
Background
-
IntraWeb is a RAD
Could you please provide more details about this vulnerability ? Especially
which versions are affected :-)
Kind regards,
Marek Kroemeke
what ?
no bug there ?
can u give us proof ! examples !!
thanks
by [EMAIL PROTECTED]
l.d.0
rPath Security Advisory: 2007-0015-1
Published: 2007-01-23
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect Denial of Service
Updated Versions:
libsoup=/[EMAIL PROTECTED]:devel//1/2.2.99-1-0.1
References:
Dear Rage Coder,
I think this is a now problem, see Microsoft knowledge base article 837115:
http://support.microsoft.com/kb/837115
Microsoft recommend to use User Profile Hive Cleanup Service:
--
[ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion
--
Author : Ahmad Muammar W.K (a.k.a) y3dips
Date Found : January, 21st 2007
Location : Indonesia, Jakarta
web :
rPath Security Advisory: 2007-0014-1
Published: 2007-01-23
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local User Deterministic Denial of Service
Updated Versions:
libgtop=/[EMAIL PROTECTED]:devel//1/2.12.0-1.2-1
References:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:025
http://www.mandriva.com/security/
I am the principal behind FishCart, discussed in the above advisory. I found
tonight after posting to bugtraq about another reported problem that this
previous bug is reported as unpatched.
As best we could determine the post from dcrab was not accurate regarding the
SQL injection claims.
A new FW version with the fix is released:
ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7050/firmware/
Matthias
[EMAIL PROTECTED] wrote:
Denial of Service against AVM Fritz!Box 7050 (and others)
Discovered by: Matthias Wenzel
Advisory: http://mazzoo.de/blog/2007/01/18#FritzBox_DoS
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200701-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:217-2
http://www.mandriva.com/security/
#
#RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur
#
#
#scrip :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200701-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
PR06-14: IP Phones based on Centrality Communications/Aredfox PA168
chipset weak session management vulnerability
This advisory has been published following consultation with UK NISCC
[http://www.niscc.gov.uk/]
Date Found: 3rd November 2006
Date Public: 22nd January 2007
Vulnerable:
Phones
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:xine-ui,xine-lib,xine-extra,xine-devel
Announcement ID:SUSE-SA:2007:013
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200701-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
29 matches
Mail list logo