Re: Xoops RC3 script injection vulnerability fixed

In-Reply-To: [EMAIL PROTECTED] RC3.0.5 is released to fix a security vulnerability recently posted on Bugtraq ML. Overview === There was a vunerability when a user previews/submits a news in the News module, HTML tags were allowed to process. Solution === All users are

Re: Xoops RC3 script injection vulnerability

In-Reply-To: [EMAIL PROTECTED] | Xoops RC3 script injection vulnerability | PROGRAM: Xoops VENDOR: http://www.xoops.org/ VULNERABLE VERSIONS: RC3.0.4,possibly previous versions IMMUNE VERSIONS:

Re: axis2400 webcams

* Barry Zubel [2003-02-28 17:19:04 -]: Tested the viewing of http://server/log/messages on Axis 2100 model, and it is vulnerable. Sorry, can't reproduce it on a 2100 with firmware 2.33.1. It prompts me for authentication, and *only* the root username/password pair grant me access to

Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)

Maybe this is related to http://bugs.proftpd.org/show_bug.cgi?id=3173 ? That bug only applies to 1.3.1, so 1.3.0 is not affected. 1.3.2 is supposed to fix this bug. Sergio Aguayo - Original Message - From: gat3...@gat3way.eu To: bugtraq@securityfocus.com Sent: Tuesday, February 10

Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory

Hi 3APA3A, It was a mistake in the advisory, It should say: Integer cast around in UPX packed files parsing I ask for apologies for the mistake. Unfortunately we can't give more details about the vulnerability because the German Law (§202) Cheers, Sergio

Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory

. The advisory at http://www.nruns.com/security_advisory.php will be updated soon. Cheers, Sergio

Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage

* pe...@foofus.net [2011-11-07 15:32:47 +]: 2. Description: Passwords can be extracted in plan text from the settings export file. http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/settingfile.ucf

Re:joomla com_zimbcomment Components Local File Include vulnerability

2013/9/25 iedb.t...@gmail.com: The joomla com_zimbcomment Components suffers from a Local File Include Vulnerability. # # Iranian Exploit DataBase Forum # http://iedb.ir/acc # http://iedb.ir # # Exploit Title : joomla

redirection vuln crawlers breed security through obscurity

that page with a link on a homepage or an already indexed page. BTW the colegue didn't set any association between .inc and the php interpreter. So you can even get the header.inc source with another maybe harder educated guess. ... and happy Easter holidays. -- Ivan Sergio Borgonovo http

Some hashes for the record

b1ca4f27ed99944422c784e06379ba1d 32f1dcdda06b6fea3f4198b14d9e89563f6eccf6 4a959d1db292b3c5f85ed83263dd80b3 a60a7fbd6201ed7b7b49170e8c17ae8098f2e743 Cheers, ~ Sergio - -- Sergio 'shadown' Alvarez Security Researcher === email: [EMAIL PROTECTED] gpg : F140 A2E4 1675 BDB6 9FE4

cacti -- Multiple security vulnerabilities have been discovered

/about25749.html -- Mario Sergio Candian - Live your dreams and face your fears