Date Found: 19th June 2007
Successfully tested on: version 5.5.2
F5 Networks has confirmed the following versions to be vulnerable:
FirePass versions 5.4 - 5.5.2
FirePass versions 6.0 - 6.0.1
Description:
F5 Networks FirePass 4100 SSL VPN is vulnerable to XSS within the "backurl"
parame
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:204-1
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Nov 12, 2007, at 11:27 AM, Matt D. Harris wrote:
However some of these issues can be mitigated without too much
trouble. For example, one could have a dynamically growing
dictionary of words to search for based on random words in random
results pages that it grabs. At the very least,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
==
AutoIndex <= 2.2.2 Cross Site Scripting and Denial of Service
==
Author: L4teral
Impact: Cross Site Scripting
Denial of Ser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01271085
Version: 1
HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain
Extended Privileges
NOTICE: The information in this Security Bulletin should be acted upon as so
Hi,
I just published a presentation, that is an overview, about the RFID technology
and the related security menaces.
I hope it can be useful :-)
The presentation can be found at the following link:
http://www.rosiello.org/archivio/rfid-angelo-rosiello.pdf
Thank you,
Angelo Rosiello
htt
However some of these issues can be mitigated without too much trouble.
For example, one could have a dynamically growing dictionary of words
to search for based on random words in random results pages that it
grabs. At the very least, this would kill any attempts to filter it out
of the data
Hi lists, sorry for crossposting.
On the wave of spoofer2.pl, i've recoded that poc in c and created a
nice makefile. This tool creates spoofed dns requests. If you set the
right domain names (with lots of A records) and dns servers (open,
recursive), you can easily get a traffic multiplication ef
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0065-1
Published: 2007-11-11
Rating: Minor
Updated Versions:
libpng=/[EMAIL PROTECTED]:devel//1/1.2.22-1-0.1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3
References:
http://cve.mitre.org/c
High quality versions of the three Cisco IOS shellcode demonstration
videos have now been released:
http://www.irmplc.com/index.php/153-Embedded-Systems-Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0069-1
Published: 2007-11-11
Rating: Minor
Updated Versions:
perl=/[EMAIL PROTECTED]:devel//1/5.8.7-8.2-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3
References:
http://cve.mitre.org/cgi-
On Nov 10, 2007, at 9:28 AM, Paul Sebastian Ziegler wrote:
The mechanism is quite easy: It searches Google for random words and
picks random pages among the results, then spiders from there (well it
is spidering except that it only follows one URL at a time within a
session thus simulating a us
iDefense Security Advisory 11.12.07
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 12, 2007
I. BACKGROUND
WinPcap is a software package that facilitates real-time link-level
network access for Windows-based operating systems. A wide range of
open-source projects, including Wireshark,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0067-1
Published: 2007-11-11
Rating: Minor
Updated Versions:
pidgin=/[EMAIL PROTECTED]:1-devel//1/2.2.2-1-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3
References:
http://cve.mitre.org/cg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0064-1
Published: 2007-11-11
Rating: Moderate
Updated Versions:
pcre=conary.rpath.com at rpl:1/7.4-0.2-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3
References:
http://cve.mitre.org/cgi-b
Source:
http://int21.de/cve/CVE-2007-3694-bm.html
Cross site scripting (XSS) in broadcast machine
References
http://www.getmiro.com/create/broadcast/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3694
Description
Cross site scripting describes attacks that allow to insert malicious h
#!/usr/bin/perl
#Product: PHP-Nuke Module Advertising
#BugFounder: 0x90
#HomePage: WwW.0x90.COM.Ar
#Problem: Blind SQL Injection
use strict;
use warnings;
use LWP;
use Time::HiRes;
use IO::Socket;
my $host = "http://[url]/modules.php?name=Advertising";;
my $useragent = LWP::User
Hi all,
This is a notification that the remote file inclusion vulnerabilities reported
in CVE-2007-5631 have been fixed in PeopleAggregator v1.2pre6-release-55, and
are not exploitable if PHP's register_globals directive is disabled.
CVE entry: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0068-1
Published: 2007-11-11
Rating: Minor
Updated Versions:
ruby=/[EMAIL PROTECTED]:devel//1/1.8.6_p110-1-0.1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3
References:
http://www.cve.mitre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Sebastian Ziegler wrote:
> > Dear Infosec community,
> >
> > as most of you may have heard the German government passed a law today
> > that will lead to all connections being logged for 6 months. This
> > includes phone calls as well as all inter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dear Infosec community,
as most of you may have heard the German government passed a law today
that will lead to all connections being logged for 6 months. This
includes phone calls as well as all internet connections.
This is madness for various a
Tanel Poder has found a way to get SYSDBA access to the Oracle database by
utilising a user who has the BECOME USER system privilege, execute privileges
on KUPP$PROC.CHANGE_USER and CREATE SESSION. he shows how a user with these
privileges can become SYS (but not SYSDBA) and then use an immediat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0066-1
Published: 2007-11-11
Rating: Moderate
Updated Versions:
ImageMagick=/[EMAIL PROTECTED]:1-devel//1/6.3.6.9-1-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3
References:
http://cve.mi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0063-1
Published: 2007-11-09
Rating: Minor
Updated Versions:
perl=/[EMAIL PROTECTED]:devel//1/5.8.7-8.2-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-2
References:
http://cve.mitre.org/cgi-
H - Security Labs
Eggblog v3.1.0 Security Advisory
ID : HSEC#2007
General Information
--
Name : EggBlog v.3.1.0
Vendor HomePage :http://sourceforge.net/projects/eggblog/
Platforms: PHP && MySQL
Vulnerability Type
So let me get this straight, you are saying that when you search as admin, you
can find posts from vip section, that admin can normally access ( what a
surprise ), but when you log off, and act as non-logged in user, you cant find
them? Or you cant just speak proper english and we cant understan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1405-2[EMAIL PROTECTED]
http://www.debian.org/security/Thijs Kinkhorst
November 11th, 2007
Aria-Security Team,
http://Aria-Security.net
---
Shout Outs: AurA, imm02tal
Vendor: http://www.freshink.net/rc-links.htm
Demo: http://www.lite.freshink.net/admin_logon.asp
Google Search: Developed by: GA Soft
Username: anything' OR 'x'='x
password: anything' OR
[48bits Advisory] QuickTime Panorama Sample Atom Heap Overflow
Abstract:
QuickTime is prone to a heap overflow vulnerability when parsing
malformed Panorama Sample Atoms, which are used in QuickTime Virtual
Reality
Movies. This Vulnerability allows attackers to execute code on
vulnerable installa
32 matches
Mail list logo