- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Greetings:
CoreLabs, the research arm of Core Security Technologies is pleased to
announce the public release of Core FORCE, a free software endpoint
security solution.
Core FORCE, a fully functional endpoint protection software for Windows
2000 and Windows XP systems, is released under the
Guppy = 4.5.9 Remote code execution / various arbitrary inclusion issues
software:
site: http://www.freeguppy.org/
description: a very popular French PHP CMS that stores data in files
i) remote code/commands execution (tested and working against php 5.0.2 and php
4.3.3
with register globals
-multiple-vulnerabilities/
Advisory
http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt
AuthorFrancesco aScii Ongaro (ascii at katamail . com)
Date 20051128
WebCalendar is vulnerable to four SQL Injection (files activity_log.php,
admin_handler.php
PHP Web Statistik Multiple Vulnerabilities
Name Multiple Vulnerabilities in PHP Web Statistik
Systems Affected PHP Web Statistik (verified on 1.4)
Severity Medium Risk
Vendorwww.php-web-statistik.de
Advisory
FreeWebStat Multiple XSS Vulnerabilities
Name Multiple XSS Vulnerabilities in FreeWebStat
Systems Affected FreeWebStat (verified on 1.0 rev37)
Severity Medium Risk
Vendorwww.freewebstat.com
Advisory http://www.ush.it/2005/11/25/free-web-stat/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
APC Security Advisory - PowerChute Network Shutdown's Web Interface
Only Supports HTTP
Problem Summary:
PowerChute Network Shutdown's web interface is only accessible via
HTTP, which is not a cryptographically secure protocol. User
authentication
alireza hassani wrote:
--- Will Wesley [EMAIL PROTECTED] wrote:
Anyway, a solution is really quite simple.
Allow users to disable HTML in their email, or why
not by default?
Don't you think this is not a real solution?
User must be safe to use any option and also full
performances.
ZRCSA-200503 - ktools Buffer Overflow Vulnerability
Zone-H Research Center Security Advisory 200503
http://www.zone-h.fr
Date of release: 27/11/2005
Software: ktools (http://konst.org.ua/ktools)
Affected versions: = 0.3
Risk: Medium
Discovered by: Mehdi Oudad deepfear and Kevin Fernandez
Add these into the mod_security rules:
SecFilterSelective ARG_highlight (\x27|%27|\x2527|%2527)
SecFilterSelective THE_REQUEST \x27|%27|\x2527|%2527
issue resolved...
Hi all,
Recently my DNS servers get jammed with bogus queries. The attacks come in
series, taking a few minutes each, sometimes from different IPs at the
same time, at least twice a day.
snap
23:05:40.241026 IP 204.92.73.10.40760 xx.xx.xx.xx.53: 38545+ [1au] ANY ANY?
e.mpisi.com. (40)
tikiwiki 1.9.2 is fixed from that flaw, despite what is said in this advisory.
Randshop all versiyon Sql #304;njection
Website:http://www.randshop.com
Demo:http://www.randshop.com/demoshop/
---
Credit:Liz0ziM wannacut Mail:[EMAIL PROTECTED] www.biyo.tk
It has been identified a vulnerability in the Cisco IOS Web Server. An attacker
can inject
arbitrary code in some of the dynamically generated web pages. To succesfully
exploit the vulnerability the attacker only needs to know the IP of the Cisco.
THERE'S NO NEED TO HAVE ACCESS TO THE WEB
Hi.
Kadu is a Gadu-Gadu instant messaging open source client.
By sending message with rich_text ,image
basic informations and nothing else to speciffic UIN thru Gadu-Gadu server Kadu
is stopping to respond or is shutting down immidietly. Behavior depends on
version
0.4.2
In most
Title: Google Talk Beta Messenger cleartext credentials in process memory
Affected versions: 1.0.0.64 (this version is believed to be the first one
released to the public)
Vendor contacted: 25/08/05
Patched version released: 29/08/05
Advisory released: 28/11/05
Author: pagvac (Adrian Pastor)
http://www.f-secure.com/weblog/#0723
Here's an interesting one. Peripherals manufacturer I-O Data has shipped a
series of nice-looking portable hard drives in the 40GB to 120GB range -
carrying the Backdoor.Win32.Tompai trojan on them.
You would think Sony's mistake would wake
It has been identified a vulnerability in the Cisco IOS Web
Server. An attacker can inject arbitrary code in some of the
dynamically generated web pages. To succesfully exploit the
vulnerability the attacker only needs to know the IP of the
Cisco. THERE'S NO NEED TO HAVE ACCESS TO THE WEB
Hello everyone,
Theo de Raadt, head of the OpenBSD project, has requested me to clarify
something about the firewall technology of the endpoint security package
(Core FORCE) released today by Core and announced to bugtraq and other
mailing lists.
Core FORCE uses a Windows port of OpenBSD's PF
20 matches
Mail list logo