rPath Security Advisory: 2007-0061-1
Published: 2007-03-28
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
inkscape=/[EMAIL PROTECTED]:devel//1/0.45.1-0.1-1
References:
--start--
Following the advisory of the XSS vulnerability found on Libero.it
(italian ISP) portal,
and after the official response given by the portal owners which
stated that in no way user accounts would be at risk,
several other XSS vulns have been found on Libero.it/Infostrada.it
portals (both
They probably need to redo their entire site's scripts, I wouldn't doubt
there's a few more exploits in there somewhere. -- 2+ exploits within one
site in one month is pretty sad.
On Wednesday 28 March 2007 12:17, LK wrote:
After the report of Rosario Valotta on this ML, another XSS
They probably need to redo their entire site's scripts, I wouldn't doubt
there's a few more exploits in there somewhere. -- 2+ exploits within one
site in one month is pretty sad.
Hemmm...
The same guys relased another 4 just a few minutes ago.
The idiot part is that Libero strongly refuse
[EMAIL PROTECTED] wrote:
They probably need to redo their entire site's scripts, I wouldn't doubt
there's a few more exploits in there somewhere. -- 2+ exploits within one
site in one month is pretty sad.
Hemmm...
The same guys relased another 4 just a few minutes ago.
The idiot part
Hello there,
I've read the article, but I still do not see where the severe redirection
vulnerability is. Is this not a feature of the neworder.box.sk web site to
allow anyone to be redirected to anypage they submit to redirect.php?
Thanks,
-Nikolay Kichukov
- Original Message -
From:
Nikolay Kichukov wrote:
Hello there,
I've read the article, but I still do not see where the severe redirection
vulnerability is. Is this not a feature of the neworder.box.sk web site to
allow anyone to be redirected to anypage they submit to redirect.php?
Thanks,
-Nikolay Kichukov
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:071
http://www.mandriva.com/security/
Hello Aditya,
I see your point there. Hope they get it fixed. Should the patch involve
some referrer checking?
Regards,
-Nikolay Kichukov
- Original Message -
From: Aditya K Sood [EMAIL PROTECTED]
To: Nikolay Kichukov [EMAIL PROTECTED];
full-disclosure@lists.grok.org.uk
Sent: Thursday,
[EMAIL PROTECTED] wrote:
Referer checking will not stop open redirects you must create a whitelist.
Consider the following
http://site/script?u=http://site/script?u=http://cnn.com
It will hit the script, redirect back to itself set the referer header then
continue.
- Robert
We buy and sell 0day vulnerability along with working demostrative exploit.
We are interested only in client side exploits.
We are interested in Internet Explorer and Microsoft Office.
If you have good vulnerability we can pay cash, western union or wire transfer
in advance.
If you are a
Correct me if I'm wrong, but wouldn't that defeat the point of Full
Disclosure?
[EMAIL PROTECTED] wrote:
We buy and sell 0day vulnerability along with working demostrative exploit.
We are interested only in client side exploits.
We are interested in Internet Explorer and Microsoft Office.
Michael Bann wrote:
Correct me if I'm wrong, but wouldn't that defeat the point of Full
Disclosure?
They're fully disclosing their non disclosure policy.
___
Full-Disclosure - We believe in it.
Charter:
IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability
iDefense Security Advisory 03.29.07
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 29, 2007
I. BACKGROUND
IBM Corp.'s Lotus Sametime product provides a real-time online conferencing
solution. More information on the
Foresight Linux Essential Advisory: 2007-0004-1
Published: 2007-03-29
Rating: Moderate
Updated Versions:
openoffice.org=/[EMAIL PROTECTED]:devel//1//[EMAIL
PROTECTED]:1-devel//1/2.2.0-0.0.5-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-2
References:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:072
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:073
http://www.mandriva.com/security/
Well if you want 0days why don't you just buy core impact or immunity
canvas
On 3/29/07, don bailey [EMAIL PROTECTED] wrote:
Michael Bann wrote:
Correct me if I'm wrong, but wouldn't that defeat the point of Full
Disclosure?
They're fully disclosing their non disclosure policy.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Foresight Linux Essential Advisory: 2007-0005-1
Published: 2007-03-29
Rating: Minor
Updated Versions:
slocate=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/3.1-8.1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-3
References:
https://metalink.oracle.com/metalink/plsql/f?p=200:101:1834058191406040565notification_msg=scriptalert(document.cookie)/script
On 3/29/07, Edmond Dantes [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
They probably need to redo their entire site's scripts, I wouldn't doubt
there's a few more
[Shirkdog Security Advisory SHK-004]
Title:
--
Computer Associates (CA) Brightstor Backup Mediasvr.exe Remote Code
Vulnerability
Description of Application:
---
http://www3.ca.com/solutions/ProductFamily.aspx?ID=115
Brightstor ARCserv Backup provides a complete,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- ---
VMware Security Advisory
Advisory ID: VMSA-2007-0002
Synopsis: VMware ESX server security updates
Issue date:2007-03-29
Updated on:
Today Microsoft released a security advisory about a vulnerability in the
Animated Cursor processing code in Windows:
http://www.microsoft.com/technet/security/advisory/935423.mspx
It seems like the vulnerability is already exploited in the wild:
24 matches
Mail list logo