-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1182-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
September 22nd, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0052
Package names: freetype, gnutls, gzip
Summary: Multiple vulnerabilities
Date: 2006-09-22
Hello,,
E-Vision CMS Multible Remote injections (SQL and File upload)
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
upload any file
admin/x_image.php
this file is used to upload files and it does not check the
Hello,,
Eskolar CMS Remote Sql Injection
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
Remote Sql injection :-
aushack.com - Vulnerability Advisory
---
Release Date:
22-Sep-2006
Software:
Computer Associates - eTrust Security Command Center
http://www3.ca.com/solutions/Product.aspx?ID=4351
eTrust Security Command Center helps you discover and prioritize
aushack.com - Vulnerability Advisory
---
Release Date:
22-Sep-2006
Software:
ContentKeeper Technologies - ContentKeeper
http://www.contentkeeper.com/
ContentKeeper is an industry leading Internet content filter that allows
organisations to monitor,
aushack.com - Vulnerability Advisory
---
Release Date:
22-Sep-2006
Software:
Squiz - My Source and My Source Matrix
http://www.squiz.net.au
MySource Matrix is the newest version of the popular MySource CMS,
purpose built for enterprise level
aushack.com - Vulnerability Advisory
---
Release Date:
22-Sep-2006
Software:
Google Inc - Google Mini Search Appliance
http://www.google.com.au/enterprise/mini/index.html
The Google Mini delivers cost-effective, high-quality search for
your public
/*--
[PLESK 7.5 Reload (and lower) PLESK 7.6 for M$ Windows path passing and
disclosure]
Discovered By: GuanYu
Email: [EMAIL PROTECTED]
Website: HVA (http://www.vnhacker.org)
--*/
-| Description: |-
PLESK is a
===
Ubuntu Security Notice USN-351-1 September 22, 2006
firefox vulnerabilities
CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566,
CVE-2006-4567, CVE-2006-4568, CVE-2006-4569, CVE-2006-4571
http://www.gnucitizen.org/blog/self-contained-xss-attacks
XSS attacks can be persistent and non-persistent. Persistent XSS is
more dangerous since it allow attackers to control exploited clients
for longer. On the other hand non-persistent XSS is considered less
dangerous although it has been
The entire Triton 9100, and 9700 hundred series of machines are
vulnerable to the same default password problem that's been in the news
lately in one form or another.
More details can be found on my blog, including sources for the
relevant manuals.
~
jevoncms (.inc) Path Disclosure
~
Affected Software .:
Dear Colleagues,
please find attached the Call For Papers for DIMVA 2007, the Fourth
GI International Conference on Detection of Intrusions Malware,
and Vulnerability Assessment; which is to be held in Lucerne,
Switzerland, July 12-13, 2007. Complete information is available at
-BEGIN PGP SIGNED MESSAGE-
FIRST 19th Annual Conference, June 17 - 22, 2007,
Melia Seville hotel, Seville, Spain
Private Lives and Corporate Risk:
Digital Privacy - Hazards and Responsibilities.
Call for Papers
- - - - - ---
This is a call for papers and tutorials for the
Sorry for the little error, *Unpatched.
Just imagine, you have a limited access (sql command are filtered for example)
to an sql injection, you don't know the source code of the php script. You
can't do anything with the sql injection, all your attempts conduct to an error
returned to client.
On Wed, Sep 20, 2006 at 12:47:54PM -, [EMAIL PROTECTED] wrote:
Vendor.Status.: Patched
Has this really been patched? It doesn't appear to
be a bug and the discussion has it marked as Bogus.
The POC contains two fundamental security flaws:
1. Using untrusted input to mysql_select_db()
#SolpotCrew
Community
#
# phpQuestionnaire 3.12 (GLOBALS[phpQRootDir]) Remote File Inclusion
#
# vendor : http://http://www.chumpsoft.com/products/phpq/
#
Arhont Ltd.- Information Security
Arhont Advisory by: Andrei Mikhailovsky
Advisory: RSA Keon Manager log verification bypass
Product release:Versions 6.6 and 6.5.1
Arhont ref: arh200605-1
Class: Design flaw
Model Specific: Other
Aras Russ Memisyazici,
Just saw a link to this Article on How To Defend Against IE's VML Bug
http://www.techweb.com/showArticle.jhtml?articleID=193004039
In case your interested still...
On 20/09/06, Aras Russ Memisyazici [EMAIL PROTECTED] wrote:
Does the Microsoft suggested workaround,
http://www.gnucitizen.org/blog/backdooring-mp3-files
MP3 files can be backdoored with malicious content too.
Over the past few days I have been exploring different features of
Apple's QuickTime player - key software component of iTunes and
standard part of many home and business workstations. A
if I'm reading this right, it looks like a non-logged in workstation
could be vulnerable to a local root use if an admin is running an remote
install. so the attacker would have to know that a remote operation
is going on and the attacker would need physical access. or I may
just be reading this
22 matches
Mail list logo
