[xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Relase Date: 2006-03-15 CVE: CVE-2006-0031 Affected Products: == Microsoft Office Excel 2000 Microsoft Office Excel XP Microsoft Office Excel 2003 Impact: === Microsoft Excel is a popular spreadsheet program of Microsoft Office

Re: histhost v1.0.0 xss and possible rmdir

and my manpages for rmdir(1) [the utility] and rmdir(2) [the system call] both say that the directory must be empty (ie, have no entries other than . or ..). rmdir(2) should fail and errno should be set to ENOTEMPTY if the directory is not empty. On 3/14/06, Steven M. Christey [EMAIL PROTECTED]

[HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Microsoft Excel Named Range Arbitrary Code Execution Classification: === Level: low-med-[HIGH]-crit ID: HEXVIEW*2006*03*14*1 URL: http://www.hexview.com/docs/20060314-1.txt References: === [Originally published by fearwall on

WLSI - Windows Local Shellcode Injection - Paper

Hi. For those who didn't attend to Black Hat Europe nor EuSecWest, here is the paper on which the presentation was based. WLSI - Windows Local Shellcode Injection Abstract: This paper describes a new technique to create 100% reliable local exploits for Windows operating systems, the technique

CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net

= CodeScan Advisory, codescan.com [EMAIL PROTECTED] = = Multiple Vulnerabilities In ASPPortal.net = = Vendor Website: = http://www.aspportal.net = = Affected Version: =Version 3.00 = = Researched By =CodeScan Labs

[SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1002-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze March 15th, 2006

CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior

= CodeScan Advisory, codescan.com [EMAIL PROTECTED] = = Unauthenticated Arbitrary File Read in Horde v3.09 and prior = = Vendor Website: = http://www.horde.org = = Affected Version: =Versions prior to and including

[eVuln] discussion - xhawk.net BBCode 'img' XSS SQL Injection Vulnerabilities

New eVuln Advisory: discussion - xhawk.net BBCode 'img' XSS SQL Injection Vulnerabilities http://evuln.com/vulns/92/summary.html Summary eVuln ID: EV0092 Vendor: xhawk.net Vendor's Web Site: http://xhawk.net Software: discussion Sowtware's Web Site:

Secunia Research: Adobe Document/Graphics Server File URI Resource Access

== Secunia Research 15/03/2006 - Adobe Document/Graphics Server File URI Resource Access - == Table of Contents Affected

FW: call for speakers and thoughts on VoIP Security - there's a long way to go!

Subject: call for speakers and thoughts on VoIP Security - there's a long way to go! There's no question that VoIP Security is a BIG issue. Most management surveys say that it's the first or second reason given for why companies are delaying on VoIP. VoIPSA is certainly a resource, as NIST.

Sasser variant that effects 2k3 SP1 completely updated?

Has anyone seen a sasser variant that effects Windows 2k3 SP1? We have started seeing servers exhibiting the exact same effects that sasser had back when it was all the rage that are completely patched to the latest Windows Update spec before ever touching the non firewalled internet.

[[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details

ORIGINAL ADVISORY: http://myimei.com/security/2006-03-11/mybb-103-memberphp-xss-attack-in-contact-details.html http://kapda.ir/advisory-297.html ——-Summary—- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.4 Class: Remote Status: Unpatched Exploit: Available

[KAPDA::#35] - MyBB1.0.4~member.php~XSS after login

ORIGINAL ADVISORY: http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html http://kapda.ir/advisory-296.html ——–Summary——– Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.4 Class: Remote Status: Unpatched Exploit: Available Solution: Available

[KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection

ORIGINAL ADVISORY: http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://kapda.ir/advisory-295.html ——–Summary——– Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.4 Class: Remote Status: Unpatched Exploit: Not Available Solution:

Re: Purple Paper: Exegesis Of Virtual Hosts Hacking

Mar 7th, [EMAIL PROTECTED] wrote: What: Purple paper on discovery and exploitative vhost hacking techniques. Whom (target audience): pentesters. I've hesitated for a few days now with a reply, but this paper is quite useless and gives a distorted view on dedicated and shared hosting. This

GnuPG weak as one guy with a spare laptop.

A chain is only as strong as its weakest link. When I get the GnuPG distribution from the non-secure http://gnupg.org (or a https://gnupg.org with a CAcert.org certificate) I get a distribution signed by Werner Koch's key issued one day after the previous signing key expired 2006-01-01. The

Invision Power Board v2.1.4 - session hijacking

Problem: Invision Board v2.1.4 has a problem with sessions. Once it is installed on a server where php is allowed to use transparant sessions a session can be hijacked by other users. Testing: Once you visit a site where Invision Board is used the first click on the Log In link points

Re: Linux zero IP ID vulnerability?

I've received a couple of off-list replies. See my comments in-line. On Tue, 14 Mar 2006, Martin Mačok wrote: Have you verified that the sequence is global and not only per peer? The latter would mean that vuln can't be used as a middle-man for IDLE scanning... Yeah, of course i've verified

Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit

Couldn't you just target pretty much any dynamic page on the web with such a script? All you'd have to do is edit a few details. I don't understand how this qualifies as a security hole?

Latest MS patches kill wireless networking?

I installed the latest MS patches and after rebooting, my wireless network refused to connect. It still showed excellent signal strength but was unable to establish a connection. I tried using both the adapter's client (Intel PRO Set) and the standard Windows client, with identical results.

Re: Latest MS patches kill wireless networking?

At MS' direction I reinstalled the patches one by one, rebooting after each install. The network problem did not occur. James Garrison wrote: I installed the latest MS patches and after rebooting, my wireless network refused to connect. It still showed excellent signal strength but was unable

Re: Sasser variant that effects 2k3 SP1 completely updated?

This was already discussed in a different thread, here is Microsofts take on what was happening: Drew, I work for Microsoft doing support for incidents such as this. My support group is not aware of any such issues. The error code -1073741819 is an access violation. An access violation,

Vulnerability in e-gold

Vulnerability was fixed in https://www.e-gold.com/acct/confirm.asp money transfer script. Problem description: If authenticated user is referred to the script AccounID/PassPhrase validation is not performed. By redirecting user to URL

Vulnerability fixed in E-gold

Hello full-disclosure, bugtraq Netsling (shurik.f_(at)_gmail.com) reported vulnerability in E-gold. Vulnerability was reported and fixed in E-gold partner payment script. It was possible to transfer money from E-gold account without knowledge of AccounID/PassPhrase if user is