[ GLSA 200511-23 ] chmlib, KchmViewer: Stack-based buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 200511-22 ] Inkscape: Buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

ANN: Free endpoint security software released (Core FORCE 070.105)

Greetings: CoreLabs, the research arm of Core Security Technologies is pleased to announce the public release of Core FORCE, a free software endpoint security solution. Core FORCE, a fully functional endpoint protection software for Windows 2000 and Windows XP systems, is released under the

Guppy = 4.5.9 Remote code execution

Guppy = 4.5.9 Remote code execution / various arbitrary inclusion issues software: site: http://www.freeguppy.org/ description: a very popular French PHP CMS that stores data in files i) remote code/commands execution (tested and working against php 5.0.2 and php 4.3.3 with register globals

WebCalendar Multiple Vulnerabilities

-multiple-vulnerabilities/ Advisory http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt AuthorFrancesco “aScii” Ongaro (ascii at katamail . com) Date 20051128 WebCalendar is vulnerable to four SQL Injection (files activity_log.php, admin_handler.php

Php Web Statistik Multiple Vulnerabilities

PHP Web Statistik Multiple Vulnerabilities Name Multiple Vulnerabilities in PHP Web Statistik Systems Affected PHP Web Statistik (verified on 1.4) Severity Medium Risk Vendorwww.php-web-statistik.de Advisory

Free Web Stat Multiple XSS Vulnerabilities

FreeWebStat Multiple XSS Vulnerabilities Name Multiple XSS Vulnerabilities in FreeWebStat Systems Affected FreeWebStat (verified on 1.0 rev37) Severity Medium Risk Vendorwww.freewebstat.com Advisory http://www.ush.it/2005/11/25/free-web-stat/

APC Security Advisory - PowerChute Network Shutdown's Web Interface Only Supports HTTP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APC Security Advisory - PowerChute Network Shutdown's Web Interface Only Supports HTTP Problem Summary: PowerChute Network Shutdown's web interface is only accessible via HTTP, which is not a cryptographically secure protocol. User authentication

Re: XSS on Yahoo Mail

alireza hassani wrote: --- Will Wesley [EMAIL PROTECTED] wrote: Anyway, a solution is really quite simple. Allow users to disable HTML in their email, or why not by default? Don't you think this is not a real solution? User must be safe to use any option and also full performances.

ZRCSA-200503 - ktools Buffer Overflow Vulnerability

ZRCSA-200503 - ktools Buffer Overflow Vulnerability Zone-H Research Center Security Advisory 200503 http://www.zone-h.fr Date of release: 27/11/2005 Software: ktools (http://konst.org.ua/ktools) Affected versions: = 0.3 Risk: Medium Discovered by: Mehdi Oudad deepfear and Kevin Fernandez

Re: phpBB Code EXEC (v2.0.10)

Add these into the mod_security rules: SecFilterSelective ARG_highlight (\x27|%27|\x2527|%2527) SecFilterSelective THE_REQUEST \x27|%27|\x2527|%2527 issue resolved...

DNS query spam

Hi all, Recently my DNS servers get jammed with bogus queries. The attacks come in series, taking a few minutes each, sometimes from different IPs at the same time, at least twice a day. snap 23:05:40.241026 IP 204.92.73.10.40760 xx.xx.xx.xx.53: 38545+ [1au] ANY ANY? e.mpisi.com. (40)

Re: Multiple security issues in TikiWiki 1.9.x

tikiwiki 1.9.2 is fixed from that flaw, despite what is said in this advisory.

Randshop all versiyon Sql #304;njection

Randshop all versiyon Sql #304;njection Website:http://www.randshop.com Demo:http://www.randshop.com/demoshop/ --- Credit:Liz0ziM wannacut Mail:[EMAIL PROTECTED] www.biyo.tk

- Cisco IOS HTTP Server code injection/execution vulnerability-

It has been identified a vulnerability in the Cisco IOS Web Server. An attacker can inject arbitrary code in some of the dynamically generated web pages. To succesfully exploit the vulnerability the attacker only needs to know the IP of the Cisco. THERE'S NO NEED TO HAVE ACCESS TO THE WEB

Kadu remote DoS

Hi. Kadu is a Gadu-Gadu instant messaging open source client. By sending message with rich_text ,image basic informations and nothing else to speciffic UIN thru Gadu-Gadu server Kadu is stopping to respond or is shutting down immidietly. Behavior depends on version 0.4.2 In most

Google Talk cleartext credentials in process memory

Title: Google Talk Beta Messenger cleartext credentials in process memory Affected versions: 1.0.0.64 (this version is believed to be the first one released to the public) Vendor contacted: 25/08/05 Patched version released: 29/08/05 Advisory released: 28/11/05 Author: pagvac (Adrian Pastor)

What is wrong with these people?

http://www.f-secure.com/weblog/#0723 Here's an interesting one. Peripherals manufacturer I-O Data has shipped a series of nice-looking portable hard drives in the 40GB to 120GB range - carrying the Backdoor.Win32.Tompai trojan on them. You would think Sony's mistake would wake

Re: - Cisco IOS HTTP Server code injection/execution vulnerability-

It has been identified a vulnerability in the Cisco IOS Web Server. An attacker can inject arbitrary code in some of the dynamically generated web pages. To succesfully exploit the vulnerability the attacker only needs to know the IP of the Cisco. THERE'S NO NEED TO HAVE ACCESS TO THE WEB

Core FORCE and OpenBSD PF's

Hello everyone, Theo de Raadt, head of the OpenBSD project, has requested me to clarify something about the firewall technology of the endpoint security package (Core FORCE) released today by Core and announced to bugtraq and other mailing lists. Core FORCE uses a Windows port of OpenBSD's PF