There is a well-known unpatched code execution type vulnerability reported
originally in msjet40.dll version 4.00.8618.0 too.
This issue reported by HexView is known since March 2005:
http://www.securityfocus.com/bid/12960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0944
We probably
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ECHO_ADV_84$2007
-
[ECHO_ADV_84$2007] ProfileCMS = 1.0 Remote SQL Injection Vulnerability
-
Author :
Hi All
I have created a Google Groups named Vulnerability Hash Database, for fun ;)
I think I do not need to explain more about what it is used for.
Welcome to post your hashes of vulnerability/POC to this list.
You can visit this maillist @ http://groups.google.com/group/vulnhashdb
To
is it? If I recall correctly, the hexview advisory was the result of
something like a word-to-byte truncation followed by a byte
sign-extension (but its been long enough that I may be misremembering
it)
In this advisory it was not entirely clear what
the condition was, from what I remember
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VigileCMS 1.4 Multiple Remote Vulnerabilities
---
---
Author : DevilAuron (http://devilsnight.altervista.org)
Vendor :
#ATI security Group has discovered a Denial of Service Vulnerability in the
Belkin Wireless G Router's.
#Vulnerability: Denial of Service (SYN FLOOD)
#Simple Dork: http://RouterIp (DoS SYN FLOOD on ROUTER)
#Vulnerable Product; Belkin Wireless G Router
Router Model #F5D7230-4
#Tested on;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:225
http://www.mandriva.com/security/
###
Luigi Auriemma
Application: LIVE555 Media Server
http://www.live555.com/mediaServer/
Versions: = 2007.11.01
Platforms:*nix, Windows, Mac and others
Bug: crash
[|Description:|]
A security breach has been discoverd in IceBB 1.0-rc6.
This breach is caused by a bad filtering of the X-Forwarded-For variable:
./includes/functions.php, line 73
$ip = empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['REMOTE_ADDR'] :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA 1407-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 18, 2007
---
Aria-Security Team,
http://Aria-Security.net
---
Shout Outs: AurA, imm02tal
http://icash.ch/index.html?ClickAndRank/details.asp
Username: anything' OR 'x'='x
Password: anything' OR 'x'='x
Regards,
The-0utl4w
From
correction
[|Exploit:|]
http://www.aeroxteam.fr/exploit-IceBB-1.0rc6.txt
Citrix NetScaler Web Management XSS
Product: Citrix NetScaler
http://www.citrix.com/lang/English/ps2/index.asp
Citrix NetScaler contains a cross-site scripting vulnerability in the web
management interface. None of the parameter values of /ws/generic_api_call.pl
are sanitized before they
Moin *
Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2
do not bind a user-approved webserver certificate to the originating
domain name. This makes the user vulnerable to certificate spoofing by
subjectAltName:dNSName extensions.
I set up a demonstration at
Wordpress Cookie Authentication Vulnerability
Original release date: 2007-11-19
Last revised: 2007-11-19
Latest version:
http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-auth.txt
CVE ID: pending
Source: Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/
Systems Affected:
#
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#
#
# Product: OmniPCX Enterprise
# Vendor: Alcatel
# Subject: VoIP Phone Audio Stream Rerouting Vulnerability
# Risk High
# Effect
rPath Security Advisory: 2007-0242-1
Published: 2007-11-19
Products:
rPath Appliance Platform Linux Service 1
rPath Linux 1
Rating: Minor
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
[EMAIL PROTECTED]:1/5.2.5-1-1
[EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Sun, 18 Nov 2007, Nils Toedtmann wrote:
Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2
do not bind a user-approved webserver certificate to the originating
domain name. This makes the user vulnerable to certificate spoofing by
subjectAltName:dNSName extensions.
...
Hi
On Tue, 2007-11-20 at 00:51 +0200, Kapetanakis Giannis wrote:
ps. I've just discovered this:
http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/
rfc3546 defines Server Name Indication (SNI) extention
which is used by mod_gnutls for tls name
On Tue, 20 Nov 2007, Kapetanakis Giannis wrote:
I would consider this a feature of the X509 standard and not a bug.
The behavior is remarkably counterintuitive. It could be reasonably
expected for the browser to properly communicate the situation (show a
list of aliases) to the user, or better
28 matches
Mail list logo