-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-06:09.opensshSecurity Advisory
The FreeBSD Project
Topic:
A buffer overflow in DELE was originally reported to Bugtraq by CorryL
in March 2005, for ArGoSoft FTP 1.4.2.8 (CVE-2005-0696):
http://www.securityfocus.com/archive/1/392653
According to CorryL's disclosure timeline, no patch had been released
by the disclosure date.
So, is this a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-06:10.nfsSecurity Advisory
The FreeBSD Project
Topic:
Updated Noah Classifieds Component for Joomla!/Mambo fixes vulnerabilities
Problem:
Several vulnerabilities were recently discovered in Noah Classifieds 1.3 which
also affect the Joomla!/Mambo component. Details on the vulnerabilities are
available at http://www.kapda.ir/advisory-268.html
The
New eVuln Advisory:
Leif M. Wright's Blog Multiple Vulnerabilities
http://evuln.com/vulns/82/summary.html
Summary
eVuln ID: EV0082
CVE: CVE-2006-0843 CVE-2006-0844 CVE-2006-0845 CVE-2006
Software: Leif M. Wright's Blog
Sowtware's Web Site:
Eric B wrote:
Wait, so if I read this right, consumers with existing cards could
dupe their legit cards for fake ones and cash in the fake ones yet
still have credit on the legit card?
So I'm assuming Fedex has no database/authentication system storing
these serials...brilliant.
Yup.
wp-content/ is also prone to directory listing
Javor Ninov aka DrFrancky
[EMAIL PROTECTED] wrote:
/*
---
[N]eo [S]ecurity [T]eam [NST]® WordPress 2.0.1 Multiple Vulnerabilities
Daniel Veditz wrote:
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
We believe this to be a testing error.
I responded too soon. This is indeed a problem in the current release
version of Thunderbird 1.5
==
Secunia Research 01/03/2006
- Lighttpd Script Source Disclosure Vulnerability -
==
Table of Contents
Affected
: http://www.activecampaign.com/support/
:
: Version : 1-2-All KB
:* KnowledgeBuilder KB
:* iSalient KB
:* SupportTrio KB
:* visualEdit KB
:* General KB
:
: This is a support-faq script. The questions is asked. But this a script
:
Advisory Name: SAP Web Application Server http request url parsing vulnerability
Release Date: 01/03/2006
Affected Applications: SAP WebAS Kernel up to version 7.00
Affected Platforms: Platform-Independant
Local / Remote: Remote
Severity: Medium to High
Author: A. Grossmann arnold.grossmann
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-06:09.opensshSecurity Advisory
The FreeBSD Project
Topic:
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
The css part of this exploit is actively used by Intellicontact (or
whatever they call themselves this week), the host of the factcheck.org
mailing list. For example:
LINK
About 7 weeks ago an automated mailing list spewed a large but valid email
containing a lot of URLS and other formatting. When this email is fed into
evolution the behaviour it causes leads evolution to expand dramatically in
size and eat vast amounts of CPU time. If you've got a lot of patience
Hi,
as i replied privately to you, yes i think we can say that. You could
consider it as an update...
Note that the vendor was contacted without response.
Regards
/JA
Steven M. Christey a écrit :
A buffer overflow in DELE was originally reported to Bugtraq by CorryL
in March 2005, for
Official page : http://www.limbo-cms.com/
Vulnerable : Limbo 1.*
Fix : No
Bug :
http://somehost/path-to-limbo/index.php?option=frontpageItemid=system(CODE)
example : index.php?option=frontpageItemid=system(uname)
Google search string : inurl:option=frontpage
--
Best Regards,
Aleksander
Background
--
Firefox is very popular and secure web browser. Until now, it is used by
milions of people and thousands of internet clubs. One of the great features of
Firefox are extensions. You can use them to create things inside your browser
which are beyond your imagination. But
So which is it -- the WGT624 or the WG602?
Others are claiming their WG602 is clean, so I'm guessing it's the 1st.
This is definitely a good idea, although I don't think it should be a
compulsory feature (optional would be nice). If more people than just you
have access to a machine at the end of the day there's no way to guarantee
security. This is just another method of stealing information like a
keylogger
- 4images =1.7.1 remote code execution
software:
site: http://www.4homepages.de/
i)
vulnerable code in index.php at line 35-54:
...
if (isset($HTTP_GET_VARS['template']) ||
While you're on the subject of the potentials of DOSing using DNS servers, I
noticed several months ago some possible abuses myself, although I soon lost
interest for some reason or another.
I noticed that a portion of the worlds DNS servers for some reason or another
send back large amounts
azurIt wrote:
Background
--
Firefox is very popular and secure web browser. Until now, it is used by
milions of people and thousands of internet clubs. One of the great features
of
Firefox are extensions. You can use them to create things inside your browser
which are beyond your
On 3/1/06, azurIt [EMAIL PROTECTED] wrote:
the internet. The worst of all is that _anyone_, who has physical access to
your computer, can install extensions into your browser _without_ your
notification.
Not on a multi-user system. For example, on this Linux workstation, I
can install
This is definitely a good idea, although I don't think it should be a
compulsory feature (optional would be nice). If more people than just you
have access to a machine at the end of the day there's no way to guarantee
security. This is just another method of stealing information like a
keylogger
==
Secunia Research 01/03/2006
- NetworkActiv Web Server Script Source Disclosure Vulnerability -
==
Table of Contents
Affected
On 2/28/06, Daniel Veditz [EMAIL PROTECTED] wrote:
Once a user has pressed the Show Images button--not the best label
since it covers all remote content--that state is stored in the mailbox
metadata/index file (.msf) and the remote content will then be loaded on
future viewings.
Hmmm. I
azurIt wrote:
But everything has an other side..
Same goes for any other executable. This isn't news and it isn't unique
to firefox. If you download and install programs, or extensions, or
plugins, or active x objects, or any other kind of executable code, it can
be malicious. Why aren't
Application: NCP VPN/PKI Client
Site:http://www.ncp.de
Version: 8.11, Build 146 and maybe lower
OS: Windows
Bugs:Local Privilige Escalation, DoS and other
Product:
NCP's Secure Communications provides a comprehensive portfolio of
products for implementing
FYI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
APPLE-SA-2006-03-01 Security Update 2006-001
Security Update 2006-001 is now available and addresses the following
issues:
apache_mod_php
CVE-ID: CVE-2005-3319, CVE-2005-3353, CVE-2005-3391, CVE-2005-3392
Available for: Mac OS X v10.3.9, Mac
You should check mail() also...
mail() has exactly the same issue, since both mail() and mb_send_mail() applies
php_escape_shell_cmd() to 5th parameter.
Since the PoC is feeding usual options to sendmail command,
php_escape_shell_cmd()
is useless for this kind of code.
Solution:
DO NOT TRUST
Offical webpage :
http://superbounou.phpnet.org/smartblog/
Version : v1.2
http://www.site.com/[path]/index.php?evilcode?cmd=id
http://www.site.com/?pg=evilcode?cmd=id
Patriotic Hackers
irc.gigachat.net #kurdhack
Botan,B3g0k,Seyh,Nistiman
Even done in the most well-meaning manner this is still computer trespass
unless it is permitted by the subscriber agreement for an ISP and done by
that ISPs staff.
I am all in favor of reducing newbie zombies. the only way I can see to do
so is to get the user to consent to the upgrade.
On Fri, 24 Feb 2006, Matthew Schiros wrote:
PHP, like any and all projects, does indeed have security flaws. So
does MySQL. So does Linux. So does sshd. So does Windows. To claim
that we should abandon any individual service simply because it has
security bugs is absurd. Yes, there are
I think you're making my point for me. If, as you say, the Linux
community has a faster turn-around time on poorly designed and
supported applications than, say, the Windows community, if PHP were
actually as bad as some people try to make it out, there'd be no
market penetration for it, as it
On Mon, 27 Feb 2006, Matthew Schiros wrote:
I think you're making my point for me. If, as you say, the Linux
community has a faster turn-around time on poorly designed and
supported applications than, say, the Windows community, if PHP were
actually as bad as some people try to make it out,
That doesn't seem to follow, to me. You cited the Linux as another
example of a product with flaws, so it seems that you thought of it
as being separate. But now you argue that because I said that the
Linux community has less patience for design flaws that PHP's success
supports your point.
I see this only as a problem if the admin has it set to automatically
post comments. Does anyone know if this is the behavior on a default
installation? That and idiot admins approving a comment with bad code in
it.
And what about filtering out %22? Does it do this already?
-Original
A lot of problems can be chalked up to user error but we all need to
face the fact that users do not click No. People are conditioned to
just click Yes/Ok/Next no matter what; even when they know better. Even
home users would be better off with the feature enabled. If they had to
enter a
On 3/1/06, Javor Ninov [EMAIL PROTECTED] wrote:
wp-content/ is also prone to directory listing
sure, which you can enable and disable with an .htaccess file or by
placing an empty index.html file in it
I mean, that's the dir that's used to upload content (usually images
used in the blog
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Risk: Critical! Impact: XSS, Full Path Disclosure, Directory
Listing
Here a critical bug is an arbitrary command execution, account ownage, etc
an XSS isn't at all critical...
+ Full path disclosure Directory listing + When I discovered
this
On Wed, 01 Mar 2006 21:12:28 +0100
azurIt [EMAIL PROTECTED] wrote:
I was primary talking about the internet clubs. FFsniFF was tested on
_one_ computer in local internet club: About 30 sniffed accounts
(mostly mail and chat accounts) in two days.
There are also another ways how extensions can
--Security Report--
Advisory: ICQmail.com Mail2World.com (ms_inbox.asp Current_folder) XSS
vulnerability
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 25/02/06 01:43 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: M2W
42 matches
Mail list logo