-
Fedora Legacy Update Advisory
Synopsis: Updated mod_auth_pgsql package fixes security issue
Advisory ID: FLSA:177326
Issue date:2006-02-27
Product: Fedora Core
Keywords:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:050
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 983-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 28th, 2006
-
Fedora Legacy Update Advisory
Synopsis: Updated auth_ldap package fixes security issue
Advisory ID: FLSA:177694
Issue date:2006-02-27
Product: Red Hat Linux
Keywords:
-
Fedora Legacy Update Advisory
Synopsis: Updated PostgreSQL packages fix security issues
Advisory ID: FLSA:157366
Issue date:2006-02-27
Product: Red Hat Linux, Fedora Core
/*
---
[N]eo [S]ecurity [T]eam [NST]® WordPress 2.0.1 Multiple Vulnerabilities
---
Program : WordPress 2.0
Homepage: http://www.wordpress.org
Vulnerable Versions: WordPress 2.0.1
-
Fedora Legacy Update Advisory
Synopsis: Updated udev packages fix a security issue
Advisory ID: FLSA:175818
Issue date:2006-02-27
Product: Fedora Core
Keywords: Bugfix
Not my WG602v2.
[EMAIL PROTECTED] wrote:
Netgear WG602 reportedly contains a default administrative account. This issue
can allow a remote attacker to gain administrative access to the device.
super_username=Gearguy
super_passwd=Geardog
Abstract:
-
The ExpressPay stored-value card system used by FedEx Kinko's is
vulnerable to attack. An attacker who gains the ability to alter the
data stored on the card can use FedEx Kinko's services fraudulently
and anonymously, and can even obtain cash from the store.
Description:
-
Fedora Legacy Update Advisory
Synopsis: Updated gnutls packages fix a security issue
Advisory ID: FLSA:181014
Issue date:2006-02-27
Product: Fedora Core
Keywords: Bugfix
#!/usr/bin/perl
# HESSAM-X
# FarsiNews 2.5Pro Exploi
# Exploit by Hessam-x (www.hessamx.net)
#Iran Hackerz Security Team
#WebSite: www.hackerz.ir
#
# Summery
# Name: FarsiNews [www.farsinewsteam.com]
# version : 2.5Pro
- Advisory: EJ3 TOPo Cross Site Scripting Vulnerability
- Author: Yunus Emre Yilmaz || Yns [EMAIL PROTECTED]
- Application: EJ3 TOPo ( http://ej3soft.ej3.net )
- Affected Version : v2.2.178 ( maybe older versions..)
- Risk : Critical
Details : If an attacker access /code/inc_header.php
MyBB New SQL Injection
D3vil-0x1 Devil-00
Milw0rm ID :-
http://www.milw0rm.com/auth.php?id=1320
The Inf.File :-
misc.php
Linez :-
[code]
$buddies = $mybb-user['buddylist'];
$namesarray = explode(,,$buddies);
if(is_array($namesarray))
{
Software - QwikiWiki
Version - v1.4
Type - XSS Vulnerability
Powered by QwikiWiki v1.4 - www.qwikiwiki.com
Examples:
http://(host)/index.php?page=body bgcolor=black/body
http://(host)/index.php?page=alert(document.cookie);/script
Found by Dr^Death of Suicide Scene Internet Security Group 2006
Vulnerability in c-client library (tested with versions 2000,2001,2004),
mail_open
could be used to open stream to local files.
For php and imap module
imap_open allow to bypass safemode and open_basedir restrictions.
Use imap_body or others to view a file and imap_list to recursively list a
Vulnerable: PHP4, PHP5
with use of sendmail 8.13.4
When safemode disabled and open_basedir restriction in effect, we can pass
extra parameters
to sendmail command in mail function, especially the -C and -X arguments.
-C for alternate configuration file
-X to log all in a file
Can be used to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00601530
Version: 1
HPSBMA02099 SSRT061118 rev.1 - HP System Management Homepage (SMH)
Running on Windows: Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should
I checked this against my 602v1 also last night, no go
James Garrison wrote:
Not my WG602v2.
[EMAIL PROTECTED] wrote:
Netgear WG602 reportedly contains a default administrative account.
This issue can allow a remote attacker to gain administrative access
to the device.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:051
http://www.mandriva.com/security/
- Advisory: PEHEPE Membership Management System Multiple Vulnerabilities
- Author: Yunus Emre Yilmaz -- mail[at]yunusemreyilmaz(dot)com
- Application: PEHEPE MemberShip Management System
(http://www.pehepe.org/UYEL#304;K3)
- Affected Version : v3 ( maybe older versions..)
- Risk : Critical
--
Summary
Software: bttlxeForum
Sowtware's Web Site: http://www.bttlxe.com/
Versions: 2.*
Type: Cross-Site Scripting
Class: Remote
Exploit: Available
Solution: Not Available
Discovered by: runvirus
(worlddefacers.de securitycentra.com)
Hello,
If you carefully look at the inline attachments, you will find this
(first proof of concept) :
htmlhead/headbody style=margin: 0px; padding: 0px; border:
0px;iframe src=http://www.sysdream.com; width=100% height=100%
frameborder=0 marginheight=0 marginwidth=0/iframe
The information
Hi guys.
We discussed recursive DNS servers before (servers which allow to query
anything - including what they are not authoritative for, through them).
The attack currently in the wild is a lot bigger and more complicated
than this, but to begin, here is an explanation (by metaphor) of
Information pertaining to this vulnerability has been posted on Fortinet's
security advisories web page.
http://www.fortinet.com/FortiGuardCenter/ftp_vuln.html
On this page, we can read Fortinet advises that a RECENTLY
discovered vulnerability
It was just discovered and announced to
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
We believe this to be a testing error. The problem of loading remote
iframe and css content was fixed prior to the release of Mozilla
Thunderbird 1.0
The testcase included in the advisory contains the
Daniel Veditz wrote:
[a plain text message]
Just got half a dozen bounces because my plain-text email supposedly
contained Suspicious I-Frame.a (Malicious Mobile Code) virus. Those of
you behind McAfee GroupShield barriers may not be getting the whole
conversation here if people can't even use
26 matches
Mail list logo