Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

There is a well-known unpatched code execution type vulnerability reported originally in msjet40.dll version 4.00.8618.0 too. This issue reported by HexView is known since March 2005: http://www.securityfocus.com/bid/12960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0944 We probably

[ GLSA 200711-24 ] Mozilla Thunderbird: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ GLSA 200711-26 ] teTeX: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ECHO_ADV_84$2007] ProfileCMS = 1.0 Remote SQL Injection Vulnerability

ECHO_ADV_84$2007 - [ECHO_ADV_84$2007] ProfileCMS = 1.0 Remote SQL Injection Vulnerability - Author :

Vulnerability Hash Database - Maillist

Hi All I have created a Google Groups named Vulnerability Hash Database, for fun ;) I think I do not need to explain more about what it is used for. Welcome to post your hashes of vulnerability/POC to this list. You can visit this maillist @ http://groups.google.com/group/vulnhashdb To

Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

is it? If I recall correctly, the hexview advisory was the result of something like a word-to-byte truncation followed by a byte sign-extension (but its been long enough that I may be misremembering it) In this advisory it was not entirely clear what the condition was, from what I remember

[ GLSA 200711-25 ] MySQL: Denial of Service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ GLSA 200711-27 ] Link Grammar: User-assisted execution of arbitrary code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ GLSA 200711-21 ] Bochs: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

VigileCMS 1.4 Multiple Remote Vulnerabilities

VigileCMS 1.4 Multiple Remote Vulnerabilities --- --- Author : DevilAuron (http://devilsnight.altervista.org) Vendor :

Belkin Wireless G Router DoS

#ATI security Group has discovered a Denial of Service Vulnerability in the Belkin Wireless G Router's. #Vulnerability: Denial of Service (SYN FLOOD) #Simple Dork: http://RouterIp (DoS SYN FLOOD on ROUTER) #Vulnerable Product; Belkin Wireless G Router Router Model #F5D7230-4 #Tested on;

[ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:225 http://www.mandriva.com/security/

Crash in LIVE555 Media Server 2007.11.01

### Luigi Auriemma Application: LIVE555 Media Server http://www.live555.com/mediaServer/ Versions: = 2007.11.01 Platforms:*nix, Windows, Mac and others Bug: crash

IceBB 1.0rc6 = Remote SQL Injection

[|Description:|] A security breach has been discoverd in IceBB 1.0-rc6. This breach is caused by a bad filtering of the X-Forwarded-For variable: ./includes/functions.php, line 73 $ip = empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['REMOTE_ADDR'] :

[ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[SECURITY] [DSA 1407-1] New cupsys packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1407-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 18, 2007

[Aria-Secutiy Net] ClickBaneX SQL Injection

--- Aria-Security Team, http://Aria-Security.net --- Shout Outs: AurA, imm02tal http://icash.ch/index.html?ClickAndRank/details.asp Username: anything' OR 'x'='x Password: anything' OR 'x'='x Regards, The-0utl4w From

Re: IceBB 1.0rc6 = Remote SQL Injection

correction [|Exploit:|] http://www.aeroxteam.fr/exploit-IceBB-1.0rc6.txt

Citrix NetScaler Web Management XSS

Citrix NetScaler Web Management XSS Product: Citrix NetScaler http://www.citrix.com/lang/English/ps2/index.asp Citrix NetScaler contains a cross-site scripting vulnerability in the web management interface. None of the parameter values of /ws/generic_api_call.pl are sanitized before they

Certificate spoofing issue with Mozilla, Konqueror, Safari 2

Moin * Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2 do not bind a user-approved webserver certificate to the originating domain name. This makes the user vulnerable to certificate spoofing by subjectAltName:dNSName extensions. I set up a demonstration at

Wordpress Cookie Authentication Vulnerability

Wordpress Cookie Authentication Vulnerability Original release date: 2007-11-19 Last revised: 2007-11-19 Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-auth.txt CVE ID: pending Source: Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/ Systems Affected:

Alcatel OmniPCX Enterprise VoIP Vulnerability

# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # # # # Product: OmniPCX Enterprise # Vendor: Alcatel # Subject: VoIP Phone Audio Stream Rerouting Vulnerability # Risk High # Effect

rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl

rPath Security Advisory: 2007-0242-1 Published: 2007-11-19 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: [EMAIL PROTECTED]:1/5.2.5-1-1 [EMAIL

[ GLSA 200711-28 ] Perl: Buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2

On Sun, 18 Nov 2007, Nils Toedtmann wrote: Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2 do not bind a user-approved webserver certificate to the originating domain name. This makes the user vulnerable to certificate spoofing by subjectAltName:dNSName extensions. ...

Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2

Hi On Tue, 2007-11-20 at 00:51 +0200, Kapetanakis Giannis wrote: ps. I've just discovered this: http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/ rfc3546 defines Server Name Indication (SNI) extention which is used by mod_gnutls for tls name

Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2

On Tue, 20 Nov 2007, Kapetanakis Giannis wrote: I would consider this a feature of the X509 standard and not a bug. The behavior is remarkably counterintuitive. It could be reasonably expected for the browser to properly communicate the situation (show a list of aliases) to the user, or better