- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200602-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200602-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
===
Ubuntu Security Notice USN-258-1 February 27, 2006
postgresql-7.4, postgresql-8.0, postgresql vulnerability
CVE-2006-0678
===
A security issue affects the following Ubuntu
Archive_Zipr (Zip file management class) Directory
traversal
This class provides handling of tar files in PHP.
It supports creating, listing, extracting and adding
to tar files.
Gzip support is available if PHP has the zlib
extension built-in or
loaded. Bz2 compression is also supported with
Norton Internet monitoring tools issues
Versions Affected : *
Fix : No
What im writing about is how to stop the internet of some user that is
using the norton tools and IRC / any other chat at the same time.
By default norton monitor checks for words like keylogger , start
keylogger , key logger
This has been corrected on 1.2.4 and a patch is available at http://pwsphp.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
KingOfSka - http://www.cpc.info.ms
Contro Potere Crew Advisories #5 26/02/2006
http://www.archangelmgt.com/
Archangel Weblog 0.90.02 Admin Authentication Bypass Remote File Inclusion
TITLE:
Thomson SpeedTouch 500 series vulnerable to XSS
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
SOFTWARE:
SpeedTouch 5.3.2.6.0
DESCRIPTION:
There consists a vulnerability in the SpeedTouch modems, which
can be exploited by malicious people to conduct cross-site scripting
attacks,
New eVuln Advisory:
Quirex Arbitrary File Disclosure Vulnerability
http://evuln.com/vulns/78/summary.html
Summary
eVuln ID: EV0078
CVE: CVE-2006-0795
Software: Quirex
Sowtware's Web Site: http://www.teca-scripts.com/
Versions: 2.0.2 2.0 and earlier
Critical
What: Mail Transport System Professional is a RFC compliant mail server
for Windows.
Who: http://www.mtsprofessional.com/
Problem: Open relay hole when forwarding all outgoing mail through an ISP.
When configured to forward all outgoing mail through an ISP MTS Pro will
accept and forward
##
# GulfTech Security ResearchFebruary 26, 2006
##
# Vendor : Robert Hoffman
# URL : http://sourceforge.net/projects/phprpc/
# Version : phpRPC = 0.7
# Risk : Remote Code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 982-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 27th, 2006
I don't really recall receiving any sort of notification about this. . . .
But anyway, I am indeed aware of XSS vulnerabilities in the software. My time
has been devoted to overhauling my blog software, however. I hope to seriously
rewrite the guestbook script as soon as possible. It _is_ a
==
Secunia Research 27/02/2006
- ArGoSoft Mail Server Pro viewheaders Script Insertion -
==
Table of Contents
Affected
Web Site
http://www.activecampaign.com/support/
Version : 1-2-All KB
* KnowledgeBuilder KB
* iSalient KB
* SupportTrio KB
* visualEdit KB
* General KB
This is a support-faq script. The questions is asked. But this a script high
the
=
INTERNET SECURITY AUDITORS ALERT 2006-002
- Original release date: February 27, 2006
- Last revised: February 27, 2006
- Discovered by: Vicente Aguilera Diaz
- Severity: 3/5
=
I. VULNERABILITY
Donato Ferrante
Application: DirectContact
http://reyero.info/dc/
Version: 0.3b
Bug: directory traversal
Date: 27-Feb-2006
Author: Donato Ferrante
e-mail: [EMAIL PROTECTED]
web:
Information pertaining to this vulnerability has been posted on Fortinet's
security advisories web page.
http://www.fortinet.com/FortiGuardCenter/ftp_vuln.html
Netgear WG602 reportedly contains a default administrative account. This issue
can allow a remote attacker to gain administrative access to the device.
super_username=Gearguy
super_passwd=Geardog
New eVuln Advisory:
PerlBlog Multiple Vulnerabilities
http://evuln.com/vulns/81/summary.html
Summary
eVuln ID: EV0081
CVE: CVE-2006-0780 CVE-2006-0781 CVE-2006-0782
Software: PerlBlog
Sowtware's Web Site: http://www.chronicled.org/perlblog/
Versions: 1.09b 1.09
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:049
http://www.mandriva.com/security/
When configured to backup configuration settings, the device will store various
information in cleartext. Accessing this file could allow an attacker to obtain
sensitive information which could aid the attacker in compromising the web
administration interface of the device, DSL/cable account
Information pertaining to this vulnerability has been posted on Fortinet's
security advisories web site.
http://www.fortinet.com/FortiGuardCenter/url_vuln.html
23 matches
Mail list logo