Re: Vulnerabilities digest

On Tue, 21 Aug 2007, 3APA3A wrote: > 6. Ivan Nl (http://uNkn0wn.eu) reports vulnerabilities in > Linkliste 1.2, Butterfly online vistors counter 1.08, mcLinksCounter > 1.2, My_REFERER 1.08. > > Original messages in English are available from > http://securityvulns.com/sour

Buffer-overflow in the Asura engine

### Luigi Auriemma Application: Asura engine (network SDK) http://www.rebellion.co.uk Games:Rogue Trooper <= 1.0 Prism: Guard

Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service

> On a side note, when I was testing this vulnerability, I tried > varying the size of the ICMP packet. Strangely enough, I got no response > if the packet was of size 1469 bytes, or 1471 bytes. There must be > something special about 1470 byte ICMP packets. Anyone have any ideas? >

Olate Download 3.4.2~download.php ~ sql injection

VISITE ORIGINAL ADVISORY FOR MORE DETAILS http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html VISITE ORIGINAL ADVISORY FOR MORE DETAILS Software: Olate Download Sowtware's Web Site: http://www.olate.co.uk/ Versions: 3.4.2 Class: Remote Status: Unpatched Exploit: A

Re: Skype Network Remote DoS Exploit

Am I missing something or if it was a concentrated DOS by bots or mischievous cretins, wouldnt we have network evidence like we see in another DOS situations. If the traffic was examined wouldnt we see different findings e.g. malicious calls vs. regular login traffic causing Skype's internal alg

Re: RE: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service

I've also tried this on a Verizon Palm OS Treo Smartphone, and it took only one ICMP packet at the size noted in this writeup. This bug is definitely different then the ICMP flood affecting palm pilots in CVE-2003-0293.

TeamSpeak 2 Server Vulnerabilities?

Hello, I have heard something about TeamSpeak 2 Server vulnerabilities but never found any full disclosure of it. Does somebody know something about it? Greetings

Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

Moderator note: this copy of the post has a corrected URL. CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations. As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open sourc

Camino release 1.5.1 fixes several vulnerabilities

It appears that Camino Project has released new security update version 1.5.1 recently. Reference: Camino 1.5.1 Release Notes http://www.caminobrowser.org/releases/1.5.1/ "Upgraded to version 1.8.1.6 of the Mozilla Gecko rendering engine, which includes several critical security and stability f

Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS

VISITE ORIGINAL ADVISORY FOR MORE DETAILS http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html VISITE ORIGINAL ADVISORY FOR MORE DETAILS ——-Summary—- Software: Olate Download Sowtware's Web Site: http://www.olate.co.uk/ Versions: 3.4.2 Class: R

Olate Download 3.4.2~modules/core/uim.php~XSS

VISIT ORIGINAL ADVISORY FOR MORE DETAILES http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html VISIT ORIGINAL ADVISORY FOR MORE DETAILES ——-Summary—- Software: Olate Download Sowtware's Web Site: http://www.olate.co.uk/ Versions: 3.4.2 Class: Remote Status: Unpa

HPSBST02255 SSRT071456 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-042 to MS07-050

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01143196 Version: 1 HPSBST02255 SSRT071456 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-042 to MS07-050 NOTICE: The information in thi

Re: Local Privilege Escalation Vulnerabilities in Lotus Notes Client

Dear [EMAIL PROTECTED], It looks like duplicated for CVE-2005-2454 and should be fixed in Lotus Notes client 7.0.2, see http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773 Please specify Notes client version. --Wednesday, August 22, 2007, 2:25:28 PM, you wrote to bugtraq@securi

Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations. As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open source under the Apache 2.0 license and can be obtained from http

Ripe Website Manager SQL Injection and Cross Site Scripting Vulnerabilities

Refer to the advisory... OS2A Ripe Website Manager SQL Injection and Cross Site Scripting Vulnerabilities OS2A ID: OS2A_1009 Status: 07/11/2007 Issue Discovered

Encryption Weakness in Sun Sun AS 9.0_0.1 (build b02-p01)

Version Tested: Sun Application Server 9.0_0.1 (build b02-p01) Technical Description of the vulnerability: In the process of performing application security testing of software on Sun box, the Sun Admin Console was used to manipulate/change SSL Ciphers. Changes to the ORB listeners (SSL and SSL_Mu

Local Privilege Escalation Vulnerabilities in Lotus Notes Client

Local Privilege Escalation Through Default ntmulti.exe File Permissions Unprivileged users can execute arbitrary programs that run with the privileges of the LocalSystem account by replacing the Multi-user Cleanup Service executable with arbitrary executables. This vulnerability exists because t

[ MDKSA-2007:169 ] - Updated gdm packages fix DoS vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:169 http://www.mandriva.com/security/ ___

[ MDKSA-2007:168 ] - Updated vim packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:168 http://www.mandriva.com/security/ ___