[ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200608-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

NewsLetter v3.5 = (NL_PATH) Remote File Inclusion Exploit

#= #NewsLetter v3.5 = (NL_PATH) Remote File Inclusion Exploit # #| #Critical Level : Dangerous

[Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution

Kurdish Security newsReporter v1.0 Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : newsReporter Site : http://www.knusperleicht.at Code : require

[Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution

Kurdish Security Guestbook v3.5 Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site : http://www.knusperleicht.at Code : define('FILE_POSTS',GB_PATH.db/posts.dat);

[Kurdish Security # 18 ] FAQ Script Remote Command Execution

Kurdish Security FAQ Script v1.0 Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : FAQ Script Site : http://www.knusperleicht.at Code : //if the script is includet you have

[Kurdish Security # 19 ] FileManager Remote Command Execution

Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : FileManager Site : http://www.knusperleicht.at Code : $dwl_download_path = downloads;

[Kurdish Security # 20 ] Quickie Remote Command Execution

Kurdish Security Quickie Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact :

[Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution

Kurdish Security ShoutBox Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : ShoutBox Site : http://www.knusperleicht.at Code :

[SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1130-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze July 30th, 2006

WoW Roster = 1.5.x Remote File Include (hsList.php)

Title : WoW Roster = 1.5.x Remote File Include (hsList.php) ### Discovered By AG-Spider - Class : Remote file include Rish : Danger

Re: Gdiplus.dll division by 0

On 7/31/06, Early Warning Team [EMAIL PROTECTED] wrote: We tried the Proof of Concept on our test machines and couldn't reproduce the reported exceptional behavior. The scenarios we tested were: - Windows XP Service Pack 2, img tag in Internet Explorer 6 - Windows XP Service Pack 2, Insert

[vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability

[vuln.sg] Vulnerability Research Advisory Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability by Tan Chew Keong Release Date: 2006-07-31 Summary --- A vulnerability has been found in Lhaplus. When exploited, the vulnerability allows execution of arbitrary code when the

[ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:135 http://www.mandriva.com/security/

VMSA-2006-0004 Cross site scripting vulnerability and other fixes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- VMware Security Advisory Advisory ID: VMSA-2006-0004 Synopsis: Cross site scripting vulnerability and other fixes Knowledge base

[USN-327-2] firefox regression

=== Ubuntu Security Notice USN-327-2August 01, 2006 firefox regression https://bugzilla.mozilla.org/show_bug.cgi?id=346167 === A security issue affects the following Ubuntu

ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability

BlackICE does not protect pamversion.dll in its installation directory. And also because its component protection fails to protect BlackICE processes this can be misused to inject fake DLL into BlackICE service. The whole advisory with more details and source code is available here

WoW Roster = 1.5.x Remote File Include (hsList.php)

Title : WoW Roster = 1.5.x Remote File Include (hsList.php) ### Discovered By AG-Spider - Class : Remote file include Rish : Danger

[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1132-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp Aug 1st, 2005

[SECURITY] [DSA 1131-1] New apache package fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1131-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp Aug 1st, 2006

SUSE Security Announcement: freetype2 (SUSE-SA:2006:045)

-BEGIN PGP SIGNED MESSAGE- __ SUSE Security Announcement Package:freetype2 Announcement ID:SUSE-SA:2006:045 Date: Tue,

SUSE Security Announcement: libtiff (SUSE-SA:2006:044)

-BEGIN PGP SIGNED MESSAGE- __ SUSE Security Announcement Package:libtiff Announcement ID:SUSE-SA:2006:044 Date: Tue, 01

[ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:136 http://www.mandriva.com/security/

SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Symantec has posted a Security Advisory for Symantec On-Demand Protection. PLease see the advisory for complete information: http://www.symantec.com/avcenter/security/Content/2006.08.01a.html -BEGIN PGP SIGNATURE- Version: PGP

Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]

* email message logs (but not the content of the messages) * version information of both spam/antivirus definitions and system firmware version Used in conjunction with the vulnerability Barracuda Arbitrary File Disclosure (NNL-20060801-02), the integrity of the system can be compromised

Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]

the Barracuda Hardcoded Password Vulnerability (NNL-20060801-01) guest password vulnerability this restriction can easily be overcome. This particular problem is amplified by the fact that it is possible to download the full configuration file for the barracuda. The configuration file

[ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:137 http://www.mandriva.com/security/

DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow'

DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow' Author: Kevin Finisterre Vendor: http://www.apple.com/ Product: 'Mac OSX =10.4.7' References: http://www.digitalmunition.com/DMA[2006-0801a].txt http://www.digitalmunition.com/getpwnedmail-x86.pl

Re: Gdiplus.dll division by 0

Am Dienstag, den 01.08.2006, 17:24 +0200 schrieb giacomo collini: On 7/31/06, Early Warning Team [EMAIL PROTECTED] wrote: We tried the Proof of Concept on our test machines and couldn't reproduce the reported exceptional behavior. The scenarios we tested were: - Windows XP Service Pack 2,

[SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1133-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff August 1st, 2006

JavaScript port scanning

Inspired by SPI Dynamics - tiny JavaScript port scanner http://www.gnucitizen.org/projects/javascript-port-scanner/ -- pdp (architect) http://www.gnucitizen.org