[ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200701-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: Re: Re: SMF index.php?action=pm Cross Site-Scripting

This bug has been tested on the versions SMF 1.1.1 and 1.1 RC3. Aria-Security Team http://aria-security.net

Re: Fantastic News =- (news.php) Remote File Include Vulnerability - bogus... again

Author: BorN To K!LL Maybe this person should be called BorN To Gr3p or BorN To Post Fake and Pointl3ss ExploiTz! ### Bug in :. news.php code : require_once($CONFIG['script_path'].functions/functions.php);

rPSA-2007-0011-1 wget

rPath Security Advisory: 2007-0011-1 Published: 2007-01-23 Products: rPath Linux 1 Rating: Informational Exposure Level Classification: Indirect Deterministic Denial of Service Updated Versions: wget=/[EMAIL PROTECTED]:devel//1/1.10.2-4-0.1 References:

[ MDKSA-2007:024 ] - Updated kdegraphics packages fix crafted pdf file vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:024 http://www.mandriva.com/security/

Bluetooth DoS by obex push

Hello, during a course project studying security and privacy related to Bluetooth, we discovered a simple but effective DoS attack using OBEX push. Using ussp-push [1], it is possible to send out files very quickly. By continuously trying to push a #64257;le, the target is #64258;ooded with

Bluetooth DoS by obex push

Hello, during a course project studying security and privacy related to Bluetooth, we discovered a simple but effective DoS attack using OBEX push. Using ussp-push [1], it is possible to send out files very quickly. By continuously trying to push a file, the target is flooded with prompts whether

xss filter to protect from xss attacks

I have created a xss filter to protect from xss attacks. Though i have filtered only for 8 characters but i was able to test against all the attacks mentioned in the RSnake's cheat sheet. Appscan was not able to detect any xss attacks on it. I request the application security community to help

Safari Improperly Parses HTML Documents BlogSpot XSS vulnerability

Overview: Safari on occasions may improperly parse the source of an HTML document, which can lead to the execution of html tags within comments. This can become dangerous when input filters allow html tags within comments, as they will get parsed and executed under certain circumstances.

Re: Multiple OS kernel insecure handling of stdio file descriptor

SP == Shiva Persaud [EMAIL PROTECTED] writes: XFOCUS team (http://www.xfocus.org/) had discovered Multiple OS kernel insecure handling of stdio file descriptor. === Affected OS Version AIX 5.3 SP The AIX Security Team can be reached at [EMAIL PROTECTED] SP We

rPSA-2007-0012-1 ed

rPath Security Advisory: 2007-0012-1 Published: 2007-01-23 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local User Non-deterministic Vulnerability Updated Versions: ed=/[EMAIL PROTECTED]:devel//1/0.4-1-0.1 References:

Adobe ColdFusion Information Disclosure

Hi people, I was wondering whether I was right or not about this vuln: http://www.securityfocus.com/bid/21978 Unfortunately, I don't have a Colfusion to test on.. What I would do is: http://colfusion-server/an-existing-file.cfm%2500.cfm and I expect the server to spit out the source code

AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability

Type: Deniel of Service Severity: Critical Title: AToZed Software IntraWeb Component for Borland Delphi and Kylix DoS vulnerability Date: January 23, 2007 Synopsys A DoS vulnerability exists in the IntraWeb Component of AToZed Software. Background - IntraWeb is a RAD

Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability

Could you please provide more details about this vulnerability ? Especially which versions are affected :-) Kind regards, Marek Kroemeke

Re: phpAdsNew 2.0.7 Remote File Include

what ? no bug there ? can u give us proof ! examples !! thanks by [EMAIL PROTECTED] l.d.0

rPSA-2007-0015-1 libsoup

rPath Security Advisory: 2007-0015-1 Published: 2007-01-23 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect Denial of Service Updated Versions: libsoup=/[EMAIL PROTECTED]:devel//1/2.2.99-1-0.1 References:

Re: Windows logoff bug possible security vulnerability and exploit.

Dear Rage Coder, I think this is a now problem, see Microsoft knowledge base article 837115: http://support.microsoft.com/kb/837115 Microsoft recommend to use User Profile Hive Cleanup Service:

[ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion

-- [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion -- Author : Ahmad Muammar W.K (a.k.a) y3dips Date Found : January, 21st 2007 Location : Indonesia, Jakarta web :

rPSA-2007-0014-1 libgtop

rPath Security Advisory: 2007-0014-1 Published: 2007-01-23 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local User Deterministic Denial of Service Updated Versions: libgtop=/[EMAIL PROTECTED]:devel//1/2.12.0-1.2-1 References:

[ MDKSA-2007:025 ] - Updated kernel packages fix multiple vulnerabilities and bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:025 http://www.mandriva.com/security/

Re: Multiple SQL injections and XSS in FishCart 3.1

I am the principal behind FishCart, discussed in the above advisory. I found tonight after posting to bugtraq about another reported problem that this previous bug is reported as unpatched. As best we could determine the post from dcrab was not accurate regarding the SQL injection claims.

Re: DoS against AVM Fritz!Box 7050 (and others)

A new FW version with the fix is released: ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7050/firmware/ Matthias [EMAIL PROTECTED] wrote: Denial of Service against AVM Fritz!Box 7050 (and others) Discovered by: Matthias Wenzel Advisory: http://mazzoo.de/blog/2007/01/18#FritzBox_DoS

[ GLSA 200701-18 ] xine-ui: Format string vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200701-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ MDKSA-2006:217-2 ] - Updated proftpd packages fix vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:217-2 http://www.mandriva.com/security/

RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur

# #RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur # # #scrip :

[ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200701-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability

PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability This advisory has been published following consultation with UK NISCC [http://www.niscc.gov.uk/] Date Found: 3rd November 2006 Date Public: 22nd January 2007 Vulnerable: Phones

SUSE Security Announcement: xine (SUSE-SA:2007:013)

-BEGIN PGP SIGNED MESSAGE- __ SUSE Security Announcement Package:xine-ui,xine-lib,xine-extra,xine-devel Announcement ID:SUSE-SA:2007:013

[ GLSA 200701-17 ] libgtop: Privilege escalation

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200701-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -