-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
``
~ @@ ==VNSECURITY==
CALL FOR PAPERS
|=-=[ VNSECON 2007 ]=--=|
|=-=|
|=---=[ August 3-4,
CVE-Id:
CVE-2007-1558
Short description:
Security vulnerability in the APOP protocol, related to recent
collision attacks by Wang and al. against MD5. Using the man in the
middle setting, one can recover the first characters of the password
with a few hundred authentications from th
Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities
iDefense Security Advisory 03.31.07
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 31, 2007
I. BACKGROUND
ImageMagick is used as a suite of image manipulation tools (animate,
composite, conjure, convert, display,
-
Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability
-
Author : Mufti Rizal a.k.a mbahngarso
Date
IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities
iDefense Security Advisory 03.31.07
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 31, 2007
I. BACKGROUND
IBM Corp.'s Tivoli Provisioning Manager for OS Deployment is a network
boot server that facilitates cen
Copy & paste?... ¬¬
The original author is ka0x (from DOM Team):
http://milw0rm.com/exploits/3638
that's happened?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200704-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
On 4/2/07, jasus <[EMAIL PROTECTED]> wrote:
Copy & paste?... ¬¬
Hey jasus,
I received this around 2 hours apart from each other. So its kind of
hard to say who the original author was. I emailed Mufti and never
received a reply so I just posted the first email.
/str0ke
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability
Script: 2BGal
Version: 3.1.1
Download: http://www.ben3w.com/multimedia/2bgal.zip
Discover: BorN To K!LL
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Bug in:
Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer
Overflow Vulnerability
iDefense Security Advisory 04.02.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 02, 2007
I. BACKGROUND
Hewlett-Packard Mercury Quality Center is a web-based interface that
allows manager
+ Subject:
DirectAdmin persistant XSS [takeover an Administrator`s account]
+ Version:
< DirectAdmin 1.29.3
+ Discovered by:
Kanedaaa: http://kaneda.bohater.net
+ DirectAdmin Description:
DirectAdmin is a popular, advanced Web Control Panel with many features
for webhosting. www.directadmin.co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Fri, Mar 30, 2007 at 03:21:57AM -, [EMAIL PROTECTED] wrote:
> It has been reported on http://www.securityfocus.com/bid/18114/ about
> this vulnerability in AIX 5.1 - 5.3, some exploits is published in
> milw0rm to exploits this issue http:/
The Week Of Vista Bugs starts now!
New undisclosed vulnerabilities / flaws / exploitation techniques (with
advanced technical details and 0days) related to Microsoft Windows Vista
will be provided.
Our first technical paper is:
Bypassing Vista Firewall, Flying over obstructive line
The WOVB'
Hi, more information about the patch released April 1st can be found here:
http://zert.isotf.org/
Including:
1. Technical information.
2. Why this patch was released when eeye already released a third party
patch.
The newly discovered zero-day vulnerability in the parsing of animated
cursors is
[0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g)
Grant or revoke dba permission to unprivileged user
Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0"
AUTHOR: Andrea "bunker" Purificato
http://rawlab.mindcreations.com
DATE: Mon Apr 2 11:54:22 CEST 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00854999
Version: 1
HPSBMA02198 SSRT061177 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote
Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon a
On Wed, 28 Mar 2007, Tim Rees wrote:
> All other system binaries (e.g. screen etc.) are now inaccessible, but
> if a user (or root) runs sudo (or whatever the user names it) in the
> meantime before someone realises something is wrong, the malicious
> binary will be executed.
You do not have to r
This vulnerability has nothing to do with Drake CMS v0.3.2.
It affected Drake CMS v0.2.2 ALPHA and ONLY when PHP was with register globals
active; since the product was ALPHA it was not released for production websites
but only for ALPHA testers to spot bugs.
ALPHA testers keep themselves update
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1274-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
April 02, 2007
-
http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-for-microsoft-security-advisory-935423.aspx
Gadi.
Update released for Articles module in response to above security exploit.
users are advised to update to articles 1.03.
updated version can be found on the developers website >
http://support.sirium.net/modules/mydownloads/viewcat.php?cid=2
22 matches
Mail list logo