Winamp v5.571 malicious AVI file handling DoS Vulnerability

# Tested on Windows 7 and Winamp v5.571(x86) # This bug is informed to Nullsoft and was fixed long back. # The status can be found at http://forums.winamp.com/showthread.php?s=threadid=316000 # This code works on Python 3.0. To make it work on 3.0 remove braces in print print(\n***Winamp

RE: Ghostscript 8.64 executes random code at startup

From: paul.sz...@sydney.edu.au [mailto:paul.sz...@sydney.edu.au] Sent: Sunday, 30 May, 2010 06:50 I also see no -P- and no absolute paths for the ps files mentioned in many gs scripts e.g. /usr/bin/pdf2dsc or /usr/bin/ps2ascii . Also, crappy coding for GS_EXECUTABLE=gs. Am not sure if these

Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera

Hi Mustlive, I'm not sure if there's a need to discuss or clarify this any further. Please refer to my earlier posts, and for the sake of saving some of our time efforts, avoid drawing tangents about scripts and noscripts (I've clarified both earlier) weasel words (security vulnerability and

RE: Nginx 0.8.35 Space Character Remote Source Disclosure

Looks like this affected Windows only, and was fixed a while ago. Changes with nginx 0.7.6501 Feb 2010 *) Security: now nginx/Windows ignores trailing spaces in URI. Thanks to Dan Crowley, Core Security Technologies. -Original Message-

Re: Nginx 0.8.35 Space Character Remote Source Disclosure

Does not work on 0.7.65. On Mon, May 31, 2010 at 11:00 AM, abc12...@hushmail.com wrote: what about the stable branch? Versions 0.7.65 and earlier?

[Bkis-02-2010] Multiple Vulnerabilities in CMS Made Simple - Bkis

[Bkis-02-2010] Multiple Vulnerabilities in CMS Made Simple 1. General information CMS Made Simple is a free content management system (CMS) written in PHP, available at www.cmsmadesimple.org. In March, 2010, Bkis Security discovered some XSS and CSRF vulnerabilities in CMS Made Simple 1.7.1.

DoS vulnerability in Internet Explorer

Hello Bugtraq! I want to warn you about Denial of Service vulnerability in Internet Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008). But recently I made new tests concerning this vulnerability, so I decided to remind you about it. I know this vulnerability for a long time

SQL injection vulnerability in Ecomat CMS

Vulnerability ID: HTB22390 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_ecomat_cms.html Product: Ecomat CMS Vendor: Codefabrik GmbH Vulnerable Version: 5.0 and Probably Prior Versions Vendor Notification: 18 May 2010 Vulnerability Type: SQL Injection Status: Not

XSS vulnerability in Ecomat CMS

Vulnerability ID: HTB22391 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_ecomat_cms.html Product: Ecomat CMS Vendor: Codefabrik GmbH Vulnerable Version: 5.0 and Probably Prior Versions Vendor Notification: 18 May 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not

Re: [Full-disclosure] PuTTY private key passphrase stealing attack

Couldn't this also be thwarted by having a MOTD? It generally displays before the bashrc if I'm not mistaken. -- Rob Fuller | Mubix Room362.com | Hak5.org On Mon, May 31, 2010 at 8:47 PM, Jan Schejbal jan.mailinglis...@googlemail.com wrote: PuTTY, a SSH client for Windows, requests the

[ GLSA 201006-01 ] FreeType 1: User-assisted execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 201006-02 ] CamlImages: User-assisted execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Onapsis Research Labs: Onapsis Bizploit - The opensource ERP Penetration Testing framework

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear colleague, We are proud to announce the release of Onapsis Bizploit, the first opensource ERP Penetration Testing framework. Presented at the renowned HITB Dubai security conference, Bizploit is expected to provide the security community with

PuTTY private key passphrase stealing attack

PuTTY, a SSH client for Windows, requests the passphrase to the ssh key in the console window used for the connection. This could allow a malicious server to gain access to a user's passphrase by spoofing that prompt. We assume that the user is using key-bases ssh auth with ssh and connects

[ GLSA 201006-03 ] ImageMagick: User-assisted execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: [Full-disclosure] PuTTY private key passphrase stealing attack

On Jun 1, 2010, at 2:47 AM, Jan Schejbal wrote: PuTTY, a SSH client for Windows, requests the passphrase to the ssh key in the console window used for the connection. This could allow a malicious server to gain access to a user's passphrase by spoofing that prompt. We assume that the

[ GLSA 201006-04 ] xine-lib: User-assisted execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 201006-05 ] Wireshark: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 201006-06 ] Transmission: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 201006-07 ] SILC: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability

ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-090 June 1, 2010 -- Affected Vendors: Novell -- Affected Products: Novell Zenworks -- TippingPoint(TM) IPS Customer Protection:

[ GLSA 201006-08 ] nano: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 201006-09 ] sudo: Privilege escalation

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: RE: Nginx 0.8.35 Space Character Remote Source Disclosure

Vul in stable versions now isn't work. Original Advisory: http://blog.pouya.info/userfiles/vul/NginX.rar

Applicure dotDefender 4.0 administrative interface cross site scripting

Applicure dotDefender 4.0 administrative interface cross site scripting An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http