HITBSecConf2005 Videos Released

2006-01-19 Thread Praburaajan
Hi all, After a long wait and a series of misadventures, we are pleased to announce the availability of the HITBSecConf2005 Kuala Lumpur videos. You can grab them here: http://video.hitb.org/2005.html The videos are distributed via Bit Torrent network and are broken down into two separate

IRM 015: File system path disclosure on TYPO3 Web Content Manager

2006-01-19 Thread Advisories
-- IRM Security Advisory No. 015 File system path disclosure on TYPO3 Web Content Manager Vulnerablity Type / Importance: Information Leakage / Medium Problem discovered: January 13th 2006 Vendor contacted: January 13th 2006

Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability

2006-01-19 Thread Fortinet Research
Fortinet Security Advisory: FSA-2006-07 BitComet URI Buffer Overflow Vulnerability Advisory Date : January 18, 2006 Reported Date : November 29, 2005 Vendor : BitComet Affected Products : BitComet v0.60 Severity : High Reference :

[eVuln] WebspotBlogging Authentication Bypass Vulnerability

2006-01-19 Thread alex
New eVuln Advisory: WebspotBlogging Authentication Bypass Vulnerability http://evuln.com/vulns/41/summary.html Summary Software: WebspotBlogging Sowtware's Web Site: http://www.webspot.co.uk/ Versions: 3.0 Critical Level: Dangerous Type: SQL Injection Class:

Cisco Security Advisory: Cisco Call Manager Privilege Escalation

2006-01-19 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Call Manager Privilege Escalation Advisory ID: cisco-sa-20060118-ccmpe http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml Revision 1.0 For Public Release 2006 January 18 1600 UTC (GMT) -

Re: Re: MSN Messenger Password Decrypter for WinXP/2003

2006-01-19 Thread null
Hi, This is the author of the MSN Messenger Password Recovery tool. Searched in google and found this post. I would like to assure you that this program is not dangerous and does not perform any illegal actions. All it does is read the registry values and decrypt them. What's wrong with using

CAID 33756 - DM Deployment Common Component Vulnerabilities

2006-01-19 Thread Williams, James K
Title: CAID 33756 - DM Deployment Common Component Vulnerabilities CA Vulnerability ID: 33756 Discovery Date: 2005-12-20 CA Advisory Date: 2006-01-17 Discovered By: Cengiz Aykanat (CA internal audit), and Karma[at]DesignFolks[dot]com[dot]au. Impact: Remote attacker can cause a denial of

Google's Blogger.com classic HTTP response splitting vulnerability

2006-01-19 Thread Meder Kydyraliev
Blogger.com classic HTTP response splitting vulnerability ~ 0. Original Advisory ~~~ http://o0o.nu/~meder/o0o_Blogger_HTTP_response_splitting.txt I. Background ~ Blogger.com is Google's

Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager

2006-01-19 Thread Michael Shigorin
On Thu, Jan 19, 2006 at 10:30:36AM -, Advisories wrote: File system path disclosure on TYPO3 Web Content Manager Vulnerablity Type / Importance: Information Leakage / Medium Hm, since when path disclosure is medium importance? The following files were found to disclose the application

[security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS)

2006-01-19 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00592668 Version: 1 HPSBUX02092 SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Phpclanwebsite BBCode IMG Tag XSS Vulnerability

2006-01-19 Thread [at]
##Night_WarriorKurdish Hacker ##night_warrior771[at]hotmail.com ##Phpclanwebsite BBCode IMG Tag XSS Vulnerability ##Contact :night_warrior771[at]hotmail.com ##hompage : www.phpclanwebsite.com Vulnerable: [img]javascript:alert('XSS')[/img] Contact :night_warrior771[at]hotmail.com Night_Warrior

Re: Directory traversal in phpXplorer

2006-01-19 Thread Stan Bubrouski
Hey, I just wanted to point out a couple of things I neglected to mention in my first reply to this advisory: 1) Even if something isn't a critical problem, a vendor should still respond to the issue, if for no other reason than to straighten out the situation with the user who had enough insight

Critical security advisory #006 tftpd32 Format string

2006-01-19 Thread admin
Critical security advisory #006 Tftpd32 2.81 Format String + DoS PoC Critical Security - 22:03 2006.01.19 Critical Security research: http://www.critical.lt Product site: http://tftpd32.jounin.net/ Credits : Critical Security Team (www.critical.lt) Original Advisory:

MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability

2006-01-19 Thread Mandriva Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:017 http://www.mandriva.com/security/

FreeBSD Security Advisory FreeBSD-SA-06:05.80211

2006-01-19 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-06:05.80211 Security Advisory The FreeBSD Project Topic:

Change passwd 3.1 (SquirrelMail plugin )

2006-01-19 Thread rod hedor
Change passwd 3.1 (SquirrelMail plugin ) Coded by rod hedor web-- http://lezr.com [local exploit] * Multiple buffer overflows are present in the handling of command line arguements in chpasswd. The bug allows a hacker to exploit the process to run arbitrary code. #include stdio.h

Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT

2006-01-19 Thread ak
# http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html ### SQL Injection in package SYS.KUPV$FT Name SQL Injection in package SYS.KUPV$FT AffectedOracle 10g Release 1 SeverityHigh Risk CategorySQL

Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT

2006-01-19 Thread ak
# http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html ### Name SQL Injection in package SYS.KUPV$FT_INT Affected Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/