-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Relase Date: 2006-03-15
CVE: CVE-2006-0031
Affected Products:
==
Microsoft Office Excel 2000
Microsoft Office Excel XP
Microsoft Office Excel 2003
Impact:
===
Microsoft Excel is a popular spreadsheet program of Microsoft Office
and my manpages for rmdir(1) [the utility] and rmdir(2) [the system
call] both say that the directory must be empty (ie, have no entries
other than . or ..).
rmdir(2) should fail and errno should be set to ENOTEMPTY if the
directory is not empty.
On 3/14/06, Steven M. Christey [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Microsoft Excel Named Range Arbitrary Code Execution
Classification:
===
Level: low-med-[HIGH]-crit
ID: HEXVIEW*2006*03*14*1
URL: http://www.hexview.com/docs/20060314-1.txt
References:
===
[Originally published by fearwall on
Hi.
For those who didn't attend to Black Hat Europe nor
EuSecWest, here is the paper on which the presentation
was based.
WLSI - Windows Local Shellcode Injection
Abstract:
This paper describes a new technique to create 100%
reliable local exploits for Windows
operating systems, the technique
= CodeScan Advisory, codescan.com [EMAIL PROTECTED]
=
= Multiple Vulnerabilities In ASPPortal.net
=
= Vendor Website:
= http://www.aspportal.net
=
= Affected Version:
=Version 3.00
=
= Researched By
=CodeScan Labs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1002-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 15th, 2006
= CodeScan Advisory, codescan.com [EMAIL PROTECTED]
=
= Unauthenticated Arbitrary File Read in Horde v3.09 and prior
=
= Vendor Website:
= http://www.horde.org
=
= Affected Version:
=Versions prior to and including
New eVuln Advisory:
discussion - xhawk.net BBCode 'img' XSS SQL Injection Vulnerabilities
http://evuln.com/vulns/92/summary.html
Summary
eVuln ID: EV0092
Vendor: xhawk.net
Vendor's Web Site: http://xhawk.net
Software: discussion
Sowtware's Web Site:
==
Secunia Research 15/03/2006
- Adobe Document/Graphics Server File URI Resource Access -
==
Table of Contents
Affected
Subject: call for speakers and thoughts on VoIP Security - there's a
long way to go!
There's no question that VoIP Security is a BIG issue. Most management
surveys say that it's the first or second reason given for why companies
are delaying on VoIP.
VoIPSA is certainly a resource, as NIST.
Has anyone seen a sasser variant that effects Windows 2k3 SP1?
We have started seeing servers exhibiting the exact same effects that
sasser had back when it was all the rage that are completely patched to
the latest Windows Update spec before ever touching the non firewalled
internet.
ORIGINAL ADVISORY:
http://myimei.com/security/2006-03-11/mybb-103-memberphp-xss-attack-in-contact-details.html
http://kapda.ir/advisory-297.html
-Summary-
Software: MyBB
Sowtwares Web Site: http://www.mybboard.com
Versions: 1.0.4
Class: Remote
Status: Unpatched
Exploit: Available
ORIGINAL ADVISORY:
http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html
http://kapda.ir/advisory-296.html
Summary
Software: MyBB
Sowtwares Web Site: http://www.mybboard.com
Versions: 1.0.4
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
ORIGINAL ADVISORY:
http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html
http://kapda.ir/advisory-295.html
Summary
Software: MyBB
Sowtwares Web Site: http://www.mybboard.com
Versions: 1.0.4
Class: Remote
Status: Unpatched
Exploit: Not Available
Solution:
Mar 7th, [EMAIL PROTECTED] wrote:
What: Purple paper on discovery and exploitative vhost hacking techniques.
Whom (target audience): pentesters.
I've hesitated for a few days now with a reply, but this paper is
quite useless and gives a distorted view on dedicated and shared
hosting.
This
A chain is only as strong as its weakest link.
When I get the GnuPG distribution from the non-secure http://gnupg.org (or a
https://gnupg.org with a CAcert.org certificate) I get a distribution signed by
Werner Koch's key issued one day after the previous signing key expired
2006-01-01.
The
Problem:
Invision Board v2.1.4 has a problem with sessions. Once it is
installed on a server where php is allowed to
use transparant sessions a session can be hijacked by other users.
Testing:
Once you visit a site where Invision Board is used the first click on
the Log In link points
I've received a couple of off-list replies. See my comments in-line.
On Tue, 14 Mar 2006, Martin Mačok wrote:
Have you verified that the sequence is global and not only per peer? The
latter would mean that vuln can't be used as a middle-man for IDLE
scanning...
Yeah, of course i've verified
Couldn't you just target pretty much any dynamic page on the web with such a
script? All you'd have to do is edit a few details.
I don't understand how this qualifies as a security hole?
I installed the latest MS patches and after rebooting, my wireless
network refused to connect. It still showed excellent signal strength
but was unable to establish a connection. I tried using both the
adapter's client (Intel PRO Set) and the standard Windows client,
with identical results.
At MS' direction I reinstalled the patches one by one, rebooting
after each install. The network problem did not occur.
James Garrison wrote:
I installed the latest MS patches and after rebooting, my wireless
network refused to connect. It still showed excellent signal strength
but was unable
This was already discussed in a different thread, here is Microsofts take
on what was happening:
Drew,
I work for Microsoft doing support for incidents such as this. My support
group is not aware of any such issues.
The error code -1073741819 is an access violation. An access violation,
Vulnerability was fixed in https://www.e-gold.com/acct/confirm.asp
money transfer script.
Problem description:
If authenticated user is referred to the script AccounID/PassPhrase validation
is not performed.
By redirecting user to URL
Hello full-disclosure, bugtraq
Netsling (shurik.f_(at)_gmail.com) reported vulnerability in E-gold.
Vulnerability was reported and fixed in E-gold partner payment script.
It was possible to transfer money from E-gold account without
knowledge of AccounID/PassPhrase if user is
24 matches
Mail list logo