Hi all,
After a long wait and a series of misadventures, we are pleased to
announce the availability of the HITBSecConf2005 Kuala Lumpur
videos.
You can grab them here: http://video.hitb.org/2005.html
The videos are distributed via Bit Torrent network and are broken
down into two separate
--
IRM Security Advisory No. 015
File system path disclosure on TYPO3 Web Content Manager
Vulnerablity Type / Importance: Information Leakage / Medium
Problem discovered: January 13th 2006
Vendor contacted: January 13th 2006
Fortinet Security Advisory: FSA-2006-07
BitComet URI Buffer Overflow Vulnerability
Advisory Date : January 18, 2006
Reported Date : November 29, 2005
Vendor : BitComet
Affected Products : BitComet v0.60
Severity : High
Reference :
New eVuln Advisory:
WebspotBlogging Authentication Bypass Vulnerability
http://evuln.com/vulns/41/summary.html
Summary
Software: WebspotBlogging
Sowtware's Web Site: http://www.webspot.co.uk/
Versions: 3.0
Critical Level: Dangerous
Type: SQL Injection
Class:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Call Manager Privilege Escalation
Advisory ID: cisco-sa-20060118-ccmpe
http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml
Revision 1.0
For Public Release 2006 January 18 1600 UTC (GMT)
-
Hi,
This is the author of the MSN Messenger Password Recovery tool. Searched in
google and found this post.
I would like to assure you that this program is not dangerous and does not
perform any illegal actions. All it does is read the registry values and
decrypt them. What's wrong with using
Title: CAID 33756 - DM Deployment Common Component
Vulnerabilities
CA Vulnerability ID: 33756
Discovery Date: 2005-12-20
CA Advisory Date: 2006-01-17
Discovered By: Cengiz Aykanat (CA internal audit), and
Karma[at]DesignFolks[dot]com[dot]au.
Impact: Remote attacker can cause a denial of
Blogger.com classic HTTP response splitting vulnerability
~
0. Original Advisory
~~~
http://o0o.nu/~meder/o0o_Blogger_HTTP_response_splitting.txt
I. Background
~
Blogger.com is Google's
On Thu, Jan 19, 2006 at 10:30:36AM -, Advisories wrote:
File system path disclosure on TYPO3 Web Content Manager
Vulnerablity Type / Importance: Information Leakage / Medium
Hm, since when path disclosure is medium importance?
The following files were found to disclose the application
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00592668
Version: 1
HPSBUX02092 SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.
##Night_WarriorKurdish Hacker
##night_warrior771[at]hotmail.com
##Phpclanwebsite BBCode IMG Tag XSS Vulnerability
##Contact :night_warrior771[at]hotmail.com
##hompage : www.phpclanwebsite.com
Vulnerable:
[img]javascript:alert('XSS')[/img]
Contact :night_warrior771[at]hotmail.com
Night_Warrior
Hey,
I just wanted to point out a couple of things I neglected to mention
in my first reply to this advisory:
1) Even if something isn't a critical problem, a vendor should still
respond to the issue, if for no other reason than to straighten out
the situation with the user who had enough insight
Critical security advisory #006
Tftpd32 2.81 Format String + DoS PoC
Critical Security - 22:03 2006.01.19
Critical Security research: http://www.critical.lt
Product site: http://tftpd32.jounin.net/
Credits : Critical Security Team (www.critical.lt)
Original Advisory:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:017
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-06:05.80211 Security Advisory
The FreeBSD Project
Topic:
Change passwd 3.1 (SquirrelMail plugin )
Coded by rod hedor
web-- http://lezr.com
[local exploit]
* Multiple
buffer overflows are present in the handling of command line
arguements in chpasswd.
The bug allows a
hacker to exploit the process to run arbitrary code.
#include stdio.h
#
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html
###
SQL Injection in package SYS.KUPV$FT
Name SQL Injection in package SYS.KUPV$FT
AffectedOracle 10g Release 1
SeverityHigh Risk
CategorySQL
#
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html
###
Name SQL Injection in package SYS.KUPV$FT_INT Affected Oracle 10g
Release 1 Severity High Risk Category SQL Injection Vendor URL
http://www.oracle.com/
18 matches
Mail list logo