Dear Sirs,
I'll try to comment some of your statements about that issue.
1. Zeus conforms that the Error response arbitrary injection method is not
applicable to Zeus Web Server.
Right. I haven't tell this at any time.
2. The Location HTTP header injection does affect Zeus Web Server, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:046
http://www.mandriva.com/security/
#Critical Status:High
#Found By: 0x90 #Download:http://www.scriptdungeon.com/script.php?ScriptID=2844
#Greetz:all my friends
#confkey-Password
#confvalue-Username
#Table:config
#http://host.com/path/?mode=viewalbum=-1%20UNION%20SELECT%20confkey%20FROM%20config/*
Hello,
A new research from Watchfire has revealed a serious vulnerability in
Google Desktop.
The attack, which is fully presented in a new Watchfire research paper
released today (available at
http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf), can
allow a malicious individual to
Well it seems you missed a few nops. The actual author is Alfredo
revenge Pesoli, as it states in the usage.
print Alfredo \revenge\ Pesoli\n;
print [EMAIL PROTECTED]\n\n;
code:
http://www.milw0rm.com/exploits/3330
/str0ke
On 19 Feb 2007 19:43:41 -, [EMAIL PROTECTED] [EMAIL
Hmm, anyone know if the release candidates on proftpd.org are vulnerable
to this?
Mark**
[EMAIL PROTECTED] wrote:
#!/usr/bin/perl -w
# Local Exploit
#
# [ Exploitation condition ]
# - proftpd must be compiled with --enable-ctrls option
# - local user needs permission to connect through
Mea culpa. A stupid little bug crept into linux-ftpd for Debian, and
some other Linux distros. Some may have fixed it, but Debian hasn't.
The effect is that ftpd now runs /bin/ls (for DIR and similar commands)
with GID=0. Does not seem terribly dangerous as I do not seem able to
trick ls into
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified IP Conference Station and IP
Phone Vulnerabilities
Advisory ID: cisco-sa-20070221-phone
http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml
Revision 1.0
For Public Release 2007 February 21 1600
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:045
http://www.mandriva.com/security/
Nate Eldredge wrote:
I have now set up a virtual Solaris 8 box to test this with root access,
and it appears you are correct. When run as root, login -f root
presents a login prompt, just like login without arguments. So it is
not supported in the sense of having the Solaris 10 documented
Nabopoll have a bug in some files, for example results.php
Line 27...31
$res_question = mysql_query(select * from nabopoll_questions where
survey=$survey order by id);
if ($res_question == FALSE || mysql_numrows($res_question) == 0)
error($row_survey,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in 802.1X Supplicant
Advisory ID: cisco-sa-20070221-supplicant
http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml
Revision 1.0
For Public Release 2007 February 21 1600 UTC
Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability
iDefense Security Advisory 02.16.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 16, 2007
I. BACKGROUND
Trend ServerProtect is an Anti-virus application designed to run on file
servers to catch viruses
===
Ubuntu Security Notice USN-424-1 February 21, 2007
php5 vulnerabilities
CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909,
CVE-2007-0910, CVE-2007-0988
===
A
Thanks for the info guys.
James - I have notified Redhat (thanks again for the contact details);
Harry - I forwarded your solution to USCERT (citing you as reference) as they
have put this vulnerability note up :
http://www.kb.cert.org/vuls/id/632656
Regards,
Ben.
15 matches
Mail list logo
