ERNW Security Advisory 01-2006
Buffer Overflow in Algorithmic Researchs PrivateWire Online Registration
Facility
Author:
Michael Thumann mthumann[at]ernw.de
Homepage: http://www.ernw.de
1. Summary:
The Online Registration Facility of Algorithmic Research PrivateWire VPN
Software
doesn't do
# Kurdish Security Advisory
# irc.gigachat.net #kurdhack
# Discovered by Botan
# http://scripts.codingclick.com/MyMail/
http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-9-mymail-directory.html
CodingClick.com MyMail Script is useing for scripts.The passing can do between
On 22 Jun 2006 at 10:36, Darren Clarke wrote:
Tested and confirmed on Opera 9.00 built 8482.
Interesting this also managed to crash Notepad.exe on Windows XP SP2
Home Edition when viewing the source of the page in IE7 Beta 2.
Discussed here
...
The configuration flexibility of PHP is equally rivalled by the code
flexibility. PHP can be used to build complete server applications,
with all the power of a shell user, or it can be used for simple
server-side includes with little risk in a tightly controlled
environment. How you
--
[#] Security Advisory
[^] http://securitynews.ir/
[] Advisory Title: Claroline Cross-Site Scripting Vulnerabilities
[EMAIL PROTECTED] Author : bug [EMAIL PROTECTED] securitynews.ir
[$] Product Vendor : http://www.claroline.net/
DeluxeBB 1.07 Create admin Exploit
+ Summary :
Name : DeluxeBB 1.07
Class : Remote
Risk : High
+ Description:
DeluxeBB (1.07) Have a high Security Bug in
user control panel (cp.php) .
this bug allows to users change access level
SOFTWARE:
===
again Planetc :)
Planetnews
http://www.planetc.de
DESCRIPTION:
google dork = planetnews filetype:php
last path add to admin/planetnews.php edit or add to news, and upload your
shell
example;
http://www.site.com/news/admin/planetnews.php
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1102-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
June 26th, 2006
===
Ubuntu Security Notice USN-304-1 June 26, 2006
gnupg vulnerability
CVE-2006-3082
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
On Fri, Jun 23, 2006 at 05:12:13PM +0200, Amit Klein (AKsecurity) wrote:
On 23 Jun 2006 at 10:35, Vincent Archer wrote:
The same problem did exist in RFC821, which specified the data path as
being 7-bit, with the MSB set to 0. The venerable ancestor sendmail did
enforce that, by and-ing
A new vulnerability was found in Cpanel V.10;
It happen cause the variable *File* of the *select.html* file (in the
edit-zone) just filter the script's labels and the possibility can by open to
other labels like
*Server Side Include,
*HMTL labels...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Geo. wrote:
...
The configuration flexibility of PHP is equally rivalled by the code
flexibility. PHP can be used to build complete server applications,
with all the power of a shell user, or it can be used for simple
server-side includes with little risk in a tightly controlled
environment.
* Geo. ([EMAIL PROTECTED]) wrote:
...
The configuration flexibility of PHP is equally rivalled by the code
flexibility. PHP can be used to build complete server applications,
with all the power of a shell user, or it can be used for simple
server-side includes with little risk in a
Om 18:06 op maandag 26 juni 2006, Geo.:
...
The configuration flexibility of PHP is equally rivalled by the code
flexibility. PHP can be used to build complete server applications,
with all the power of a shell user, or it can be used for simple
server-side includes with little risk in a
We are unable to reproduce this on any of the 3.5.x series or 3.6.x development
branch. The userid parameter is run through our filtering system as an unsigned
integer.
'userid' = TYPE_UINT
Tried this in Flock 0.7.1 on Fedora Core 5 and the browser does hang.
On Thu, 22 Jun 2006 18:27:07 -0600, [EMAIL PROTECTED] wrote:
Credit's to n00b..Round 2 of the marquee tag's bug...
ive found a dos in flock web browser and crash's the browser ive
provided a proof of concept :P...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:111
http://www.mandriva.com/security/
Am Mittwoch, 21. Juni 2006 15:11 schrieb [EMAIL PROTECTED]:
[...]
Product : Microsoft InternetExplorer 6
[...]
Of the tested browsers Firefox 1.5, Opera 8.5 and InternetExplorer 6,
only the InternetExplorer does this correctly, the others evaluate the
bit and display the
ORIGINAL ADVISORY:
http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html
http://KAPDA.ir
-Summary-
Software: MyBB
Sowtwares Web Site: http://www.mybboard.com
Versions: 1.1.3
Class: Remote
Status: Patched
Exploit: Available
This is an exploit for the microsoft hlink.dll buffer overflow which
is used while handling hyperlinks in microsoft office. The related
MSRC blog entry is located here
http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
On 6/23/06, Steven M. Christey [EMAIL PROTECTED] wrote:
*
Moreover the vulnerability seems to be exploitable only by client RFB-3.8 [1]
compliant, which means VNC4 (i.e. vnc4-4.1.1+X4.3.0 for linux). VNC3 for Linux
and Windows are RFB-3.3.
This is because the new protocol version implements a different authentication
handshake procedure. In fact
On 23 Jun 2006 at 7:55, James C. Slora Jr. wrote:
Amit Klein wrote Thursday, June 22, 2006 3:47 AM
So in order to exploit this in HTML over HTTP, the attacker needs to
either add/modify the Content-Type response header, or to add/modify the
META tag in the HTML page.
There are other
Discovered by Damian Zelek - [03 April 2006]
Published - [23 June 2006]
Vendor was informed - [24 April 2006]
Vendors answer - We will talk with our Department of Software :-D
Summary:
GlobeTrotter Mobility Manager is a unique PC software solution that
enables fast, simple and easy
Mailenable is vulnerable due to an error in the handling of the HELO
command in the SMTP service.
Product: Mailenable SMTP Service, All versions
Vuln type: Denial of Service
Risk: moderated
Attack type: Remote
Tested on: Windows 2003
Vendor patch: http://www.mailenable.com/hotfix/default.asp:
Both of those would work in the case where the charset has
already been set by the server. The problem is that most servers set a
charset by default. The other bigger problem is that both of those (and
the META one) require that you inject HTML into the page to get it to
work. If you
The other is to contrive a language that is both sufficient for dynamic
web content development, and also *not* Turing-complete. I have no idea
what such a language might look like, or even whether the intersection
of these two requirements is the null set.
Nice idea, but PHP in its default
Hi there.
I found some vulnerabilities on the page of domaintools.com.
Unfortunelly I couldn't find any interesting contacts like e-mail adresses
or something else to report the vulnerability.
Is there someone who got some information on how to contact them?
Thank you for your attention.
Hi,
on (Gentoo) Linux with Firefox (same Version) it's quite similar.
Opening the page FF hangs for about 4 seconds with an CPU usage of about
20 up to 40% and than displays the page.
Clicking on the link I get the same behavior. The page source isn't
displayed correctly if you try looking at it.
On Wed, 21 Jun 2006 14:21:08 -0300, Bruno Lustosa
[EMAIL PROTECTED] said:
On 21 Jun 2006 03:39:09 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Details:
Vulnerability can be exploited by using a large value in a href tag to
create an out-of-bounds memory access.
Proof Of Concept
For the complete article read, http://blogs.hackerscenter.com/dcrab/?p=19
Amazon.com: One of the largest e-commerce websites in the world. It is
vulnerable to CR LF injection vulnerabilities, that allow an exploitable XSS
situation to exist
Screenshot:
Produce : Open Guestbook 0.5
Site: http://sourceforge.net/projects/openguestbook
Discovred by: Moroccan Security Team (Simo64)
Greetz to : And All Friends :)
Details :
=
[+]Cross Site Scripting
[-]vulnerable code in header.php on line 5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security/ http://www.openpkg.org
[EMAIL PROTECTED]
In some mail from john mullee, sie said:
--- Darren Reed [EMAIL PROTECTED] wrote:
From my own mail archives, PHP appears to make up at least 4%
of the email to bugtraq I see - or over 1000 issues since 1995,
out of the 25,000 I have saved.
People complain about applications like
Hi,
I'm releasing a tool called 'Universal Hooker'. This version is
implemented as an ollydbg plugin.
The tool is available at http://oss.coresecurity.com/projects/uhooker.htm.
Documentation is available at
http://oss.coresecurity.com/uhooker/doc/index.html.
Any feedback is very welcome.
Here's
On Fri, 23 Jun 2006, Crispin Cowan wrote:
[EMAIL PROTECTED] wrote:
Trying to make the language 'safe' won't fix it because the language
is not the problem. The real problem is the way PHP is presented to
most new developers.
* snip *
That is a fascinating perspective.
Web
Some news items showed up in the past couple of days about vulnerabilities
in wireless device drivers. These vulnerabilities were apparently found by
the use of a 802.11 Fuzzing tool called lorcon
(http://www.802.11mercenary.net/lorcon/).
Apparently, David Maynor and Jon Ellch intend to
37 matches
Mail list logo