-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
===
- RS-Labs Security Advisory -
===
Tittle: Multiple flaws in VHCS 2.x
ID: RS-2006-1
Severity: Critical
Date: 11.Feb.2006
Author: Román
--- DocMGR = 0.54.2 arbitrary remote inclusion
software:
site: http://www.docmgr.org/
description: DocMGR is a complete, web-based Document Management System (DMS).
It allows for the storage of any file type, and supports full-text indexing of
the most popular
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200602-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
##
# GulfTech Security ResearchFebruary 11, 2006
##
# Vendor : Lawrence Osiris
# URL : http://www.phpclasses.org/browse/package/1624.html
# Version : DB_eSession 1.0.2
#
New eVuln Advisory:
phphd Multiple Vulnerabilities
http://evuln.com/vulns/60/summary.html
Summary
eVuln ID: EV0060
CVE: CVE-2006-0607 CVE-2006-0608 CVE-2006-0609
Vendor: Hinton Design
Vendor's Web Site: http://www.hintondesign.org
Software: phphd
Sowtware's Web
The mentioned vulnerabilities may be remedied by upgrading to v1.2.7:
http://www.zen-cart.com/modules/ipb/index.php?showtopic=41626
New eVuln Advisory:
phpstatus Authentication Bypass
http://evuln.com/vulns/61/summary.html
Summary
eVuln ID: EV0061
CVE: CVE-2006-0570 CVE-2006-0571 CVE-2006-0572
Vendor: Hinton Design
Vendor's Web Site: http://www.hintondesign.org
Software: phpstatus
VULNERABLE PRODUCT
---
Invision Power Board Army System Mod
Version: 2.1 and priors.
Url: http://supersmashbrothers.2ya.com
Vulnerability: Remote SQL Injection
-
BACKGROUND
Army
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200602-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 968-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 13th, 2006
http://www.frsirt.com/exploits/08.11.0x82-wu262-advanced.c.php
tested on Folder Guard v4.11
bypassing the Folder Guard password is done by renaming(or moving) the password
file.
the file is FGuard.FGP, after we rename it the Folder Guard will run and wont
ask for a password
for questions or currections please contact me at
[EMAIL PROTECTED]
or
[EMAIL
Hi,
I'm Kiki and I would signal you a XSS in the CMS Siteframe Beaumont 5.0.1a
I enclose the advisory and the origina is here:
http://kiki91.altervista.org/exploit/siteframe5.0.1a_xss.txt
Bye bye
Kiki
p.s: sorry for my bad English but I'm Italian ;)
Advisory:
Siteframe Beaumont 5.0.1a ==
Bypass Fortinet anti-virus using FTP
Severity: Low
Impact:Bypass Fortinet anti-virus
Vulnerabilty type: Design error
Affected products: FortiGate v2.8
CVE reference: CAN-2005-3057
Vulnerability Description:
-
It is possible to bypass the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 969-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 13th, 2006
URL filter bypass in Fortinet
Severity: Low
Impact:Bypass Fortinet web filter
Vulnerabilty type: Design error
Affected products: FortiGate v2.8
CVE reference: CAN-2005-3058
Vulnerability Description:
-
It is possible to bypass Fortinet URL
Matthew Murphy has just disclosed a vulnerability in Internet Explorer.
He will send his advisory later today, but as he is unable to right now,
he asked me to email this for him.
[I didn't want to email the advisory itself as ALL CREDIT BELONGS TO HIM
and I didn't want to take the credit away
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- ---
Problem discovered: February3d
On 13 Feb 2006 07:28:00 -, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
tested on Folder Guard v4.11
bypassing the Folder Guard password is done by renaming(or moving) the
password file.
the file is FGuard.FGP, after we rename it the Folder Guard will run and wont
ask for a password
So
This is an update on.
http://idefense.com/intelligence/vulnerabilities/display.php?id=378
and also a new overflow with .m3u
This overflow is still present in the latest version of winamp 5.13 with a
little bit of modifcation.
FIRST VULN
==
like so..
Example m3U file format:
#EXTM3U
EGS Enterprise Groupware System 1.0 rc4 (possibly prior versions)---
remote code execution
software:
site: http://egs.sourceforge.net/
description: EGS is an Open Source business system
21 matches
Mail list logo