- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
#!/usr/bin/php
http://www.acid-root.new.fr \/ [EMAIL PROTECTED]
NOTE | Works regardless of php settings
USAGE | $argv[0] -url [Options]
OPTIONS | -proxy If you wanna use a proxy
| -proxyauth Basic authentification
");exit(1);
}
$url = getparam('url',1);
$pro = getparam('proxy'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1269-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 18th, 2007
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Actually, I have a hard time understanding why it isn't a conflict of
interest -- at least in theory (perhaps not in practice).
Security apps sell in direct proportion to infection rates, fear of
infection, etc.
In the case of Msft, the more exploits they have in the browser, the
more securit
One point of view that was raised whereby it could possibly be determined
that an OS vendor providing security applications to protect it's OS was a
conflict of interest is as follows:
"IMHO I think the fear has always been that as long as an OS was closed
source, that company owning that OS c
netVigilance Security Advisory #14
w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities
Description:
w-agora is a set of scripts written in PHP. This package is intended to allow
users to share, exchange and publish information, files and discussions over
the web.
Multiple path discl
On 19 Mar 2007 15:13:53 -, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability
This was also found by Kacper on 2006-09-18.
http://www.milw0rm.com/exploits/2333
/str0ke
Hi to all,
While playing in my home's network with Scapy I found
a vulnerability affecting the wireless services
offered by Zyxel routers with, at least, ZynOS v3.40.
That's the unique model I tested.
The exploit in question:
--
""" ZynOS v3.40 One pac
===
Ubuntu Security Notice USN-437-1 March 19, 2007
libwpd vulnerability
CVE-2007-0002
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 L
MICROSOFT WINDOWS
Ndistapi.sys IRQL escalation
Rubén Santamarta [Email concealed]
Affected products:
Microsoft Windows XP SP2
Microsoft Windows 2003 Server SP1
Introduction
-
NDISTAPI.sys is a kernel-mode component that exposes connectionless
miniport drivers to the TAPI
avatar upload vuln:
http://site.com/phpx/gallery.php?action=addImage
you can upload any kind of file in the gallery.
your file gone be refused by the script but it will be located here :
http://site.com/phpx/gallery/shelties/your_filename.php ;)
xss permanent :
dans profile:
-signature
xss non
CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability
==
CCleaguePro
Version: 1.0.1 RC1
Website URL:http://www.castillocentral.com/
==
Discoved by Snake
[Unkn0wn Security Resea
netVigilance Security Advisory #15
w-agora version 4.2.1 Information Disclosure Vulnerability
Description:
w-agora is a set of scripts written in PHP. This package is intended to allow
users to share, exchange and publish information, files and discussions over
the web.
It is possible to discl
Hi!
According to what I can find McAfee has not changed the default
permissions. Users can still not write to
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection.
Is there anyone trusting the GUI password to be the only thing to keep
the VirusScan settings in an enterprise environment?
All the
Mark Litchfield wrote:
Consider the Anti-Trust law suits filed against MS by AOL regarding IE
and RealNetworks regarding Windows Media Player back in 2003, lets say
for discussion, MS now turn around and offer up their 'Security
Applications' for free. You know exactly what is going to happen
Mark Litchfield wrote:
I have heard the comment "It's a huge conflict of interest" for one company
to provide both an operating platform and a security platform" made by John
Thompson (CEO Symantec) many times from many different people. See article
below.
http://www2.csoonline.com/blog_vie
=
Layered Defense Research Advisory 18 March 2007
=
1) Affected Software
F-Secure Anti-Virus Client Security Version 6.02
=
2) Severity Rating:
Low risk
board log disclosure :
can see the board log in :http://site.com/unb_lib/logs/board-2007-03-16.log
mail disclosure :
can see every mail/pm sended in :
http://site.com/unb_lib/logs/email-YY-MONTH-DAY-HOURS-MINUTS-SEC.log
sql error disclosure :
can see every error sql : http://site.com/unb_lib/l
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[|Description:|]
A security bug has been discovered in MetaForum 0.513 Beta.
This bug can be used by an attacker to upload a malicious php file on the
server.
During the upload, the MIME type of the file is the only verified parameter.
The extention isn't.
This enables a attacker to fake the MIME
Hi;
Affected versions:
LedgerSMB < 1.1.10 (but see below), current is 1.1.11
SQL-Ledger < 2.6.27 (but see below). Current is 2.6.27
Effects: Arbitrary code execution (both products) and authentication
bypass (SQL-Ledger only).
We have discovered yet another major security issue in both SQL-
23 matches
Mail list logo
