[myimei]MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS

\ORIGINAL ADVISORY<

Security advisory: Windows IME Vulnerability (MS06-009)

Hi Group. Security advisory is available at: http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html Best regards, Ryan

Kadu Remote Denial Of Service Fun

Hi all, Some little Kadu fun info: http://www.piotrbania.com/all/adv/kadu-fun.txt best regards, pb -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.p

[SECURITY] [DSA 972-1] New pdfkit.framework packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 972-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 15th, 2006

Re: Everyone's loginName variable Cross Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, The circumstance highlighted by this report has been addressed. For future reference, reports of this nature should also be sent to [EMAIL PROTECTED] Thank you. -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ

[ Secuobs - Advisory ] Another kind of DoS on Nokia cell phones

[Software affected] Bluetooth Stack on Nokia cell phones [Version] Nokia N70 and maybe other models [Impact] Remote Denial of Service, cellular phones begin to be slower and then freeze after a short period (within 30 seconds). [Credits] Pierre Betouin - [EMAIL PROTECTED] - Bug found with BSS

[SECURITY] [DSA 973-1] New OTRS packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 973-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 15th, 2006

[USN-249-1] xpdf/poppler/kpdf vulnerabilities

=== Ubuntu Security Notice USN-249-1 February 13, 2006 xpdf, poppler, kdegraphics vulnerabilities CVE-2006-0301 === A security issue affects the following Ubuntu releases: Ubun

[myimei]MyBB 1.0.3~private.php~multiple SqlInjection

\ORIGINAL ADVISORY<

Re: dotproject <= 2.0.1 remote code execution

I'm not sure I understand why this is a problem. As you have stated register_globals must be set to on before any of this can be triggered. In terms on register_globals being on by default, that hasn't been the case in PHP for quite some time. Also, I am intrigued by the claim that 'protecti

[eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities

New eVuln Advisory: M. Blom HTML::BBCode perl module XSS Vulnerabilities http://evuln.com/vulns/80/summary.html Summary eVuln ID: EV0080 Software: M. Blom HTML::BBCode Sowtware's Web Site: http://menno.b10m.net/perl/ Versions: 1.04 1.03 and earlier Critical Leve

honeyd security advisory: remote detection

Honeyd Security Advisory 2006-001 = Topic:Remote Detection Via Multiple Probe Packets Version: All versions prior to Honeyd 1.5 Severity: Identification of Honeyd installations allows an adversary to launch attacks specifically against Hon

MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS

originnal advisory< http://myimei.com/security/2006-02-10/mybb103managegroupphpmultiple-sqlinjection-xss.html ---Summary Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.3 Class: Remote Status: Unpatched Exploit: Available

Re: What can a Remote Vulnerability Scanner do in Future?

On Mon, 6 Feb 2006, Alice Bryson wrote: ... Eeye scanner could not do remote local check too. So I am consider what can Remote Vulnerability Scanner do? Will this thing disappear in the future? Scan for remote vulnerabilities. Scanning for local vulnerabilities can obviously only be done

[USN-248-1] unzip vulnerability

=== Ubuntu Security Notice USN-248-1 February 13, 2006 unzip vulnerability CVE-2005-4667 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog)

Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0

Yes. For example, a sysadmin may wish to just check a known set of used/common passwords against many machines. JTR is great for a single quick pass against a small dictionary thus to ensure people are not picking stupid passwords. Some systems also do not support password complexity checkin

[eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities

New eVuln Advisory: 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities http://evuln.com/vulns/62/summary.html Summary eVuln ID: EV0062 CVE: CVE-2006-0610 Software: 2200net Calendar system Sowtware's Web Site: http://calendar.2200net.

[SECURITY] [DSA 974-1] New gpdf packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 974-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 15th, 2006

[security bulletin] SSRT051045 rev.2 - HP-UX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00599840 Version: 2 HPSBUX02097 SSRT051045 rev.2 - HP-UX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access NOTICE: The information in this Security Bulletin should be

[eVuln] My Blog BBCode XSS Vulnerabilities

New eVuln Advisory: My Blog BBCode XSS Vulnerabilities http://evuln.com/vulns/79/summary.html Summary eVuln ID: EV0079 Software: My Blog Sowtware's Web Site: http://fuzzymonkey.net/cgi-bin/download.cgi?file=blog Versions: My Blog 1.63 Critical Level: Harmless Ty

[security bulletin] SSRT061108 rev.3 - HP Systems Insight Manager Remote Unauthorized Access via Directory Traversal

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00597967 Version: 3 HPSBMA02096 SSRT061108 rev.3 - HP Systems Insight Manager Remote Unauthorized Access via Directory Traversal NOTICE: The information in this Security Bulletin should be acte

Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0

Solar Designer wrote: Finally, often it is preferable to not spend lots of disk space and lots of time and/or bandwidth to generate or download rainbow tables, -- and also to not reveal your password hashes to a third party (such as one of the online rainbow tables based cracking services).

XMB Forums Multiple Vulnerabilities

## # GulfTech Security ResearchFebruary 12, 2006 ## # Vendor : XMB Software # URL : http://www.xmbforum.com/ # Version : XMB Forums <= 1.9.3 # Risk : Multiple Vulnerabilities

[USN-248-2] unzip regression fix

=== Ubuntu Security Notice USN-248-2 February 15, 2006 unzip regression fix https://launchpad.net/bugs/31457 === A security issue affects the following Ubuntu releases: Ubuntu

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT Found this 'bug' about 1 year n a half ago. If u drag and drop a folder containing 1 or more file from your computer into the nick of someone in your contact list it is possible to send a full directory... The possibility

[USN-250-1] Linux kernel vulnerability

=== Ubuntu Security Notice USN-250-1 February 13, 2006 linux-source-2.6.12 vulnerability CVE-2006-0454 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 (

Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution

Gallery web-based photo gallery remote file execution Digital Armaments advisory is 02.14.2006 http://www.digitalarmaments.com/2006140293402395.html I. Background Gallery is a slick Web-based photo album written using PHP. It is easy to install, includes a config wizard, and provides users with

Re: Latest wu-ftpd exploit :-s

- Original Message - From: "Mark Heiligen" <[EMAIL PROTECTED]> To: ; Sent: Monday, February 13, 2006 3:41 AM Subject: Latest wu-ftpd exploit :-s > http://www.frsirt.com/exploits/08.11.0x82-wu262-advanced.c.php > Isn't this a three year old exploit? Is this news? CVE-2003-0466. Up

Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit

Hi, I have a question: If you use an ecryption algorithm to store/get data into/from the database you will not be able to do SQL injections ? With a simple encryption algorithm, I do with php explode, transform the string into an array and run the algorithm on each member of the array.

Re: Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4).

Hi I sent him an email about his bugs and exploits. He asked me to add him in his ICQ. I told him I dont have and I gave him my msn and he added me. He asked me if I want the exploits I have to pay 500$. I said how and he gave me a site for transfring money. I told him I cant. I said if you want me

CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC

(The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf ) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Phishing Vector in SAP BC (Business Connector) Vulnerability Class: Phishing Vector / Im

Vulnerabilites in new laws on computer hacking

It'd be interesting to see if this post gets approved by the moderators of bugtraq. As all of you know, this forum (bugtraq) is constantly monitored not only by crackers and infosec professionals, but also by government and law-enforcement agencies. The reason why I'm posting this message is b

iDefense Labs Quarterly Hacking Challenge

iDefense Labs is pleased to announce the launch of our quarterly hacking challenge. Going forward, on a quarterly basis, we will select a new focus for the challenge and outline the rules for vulnerability discoveries that will qualify for the monetary rewards. For the current quarter, iDefense L

CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC

(The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf ) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Arbitrary File Read/Delete in SAP BC (Business Connector) Vulnerability Cl

[BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 --- | BuHa Security-Advisory #7 |Feb 14th, 2006 | --- | Vendor | Mantis BT | | URL | http://www.mantisbt.

[myimei]WordPress2.0.0~autorswebsite~XSS attack

original advisory< http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html#more-14 ><>>< ——-Summary—- Software: WordPress Sowtware’s Web Site: http://www.wordpress.org Versions: 2.0.0 Class: Remote Status: Unpatched Exploit: Available Solu

Cisco Security Advisory: TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products Document ID: 69073 Advisory ID: cisco-SA-20060215-guard-auth http://www.cisco.com/warp/public/707/cisco-sa-20060215-guard.shtml Revision 1.0

[SECURITY] [DSA 976-1] New libast packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 976-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 15th, 2006

PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14

PostgreSQL versions 8.1.3, 8.0.7, 7.4.12 and 7.3.14 have been released fixing two security issues. Details of vulnerability 1 -- Vulnerability type: Escalation of privileges Remotely exploitable: No (requires valid login) Affected versions: PostgreSQL 8.1.0-8.1.2 Fixed

[SECURITY] [DSA 975-1] New nfs-user-server packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 975-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff February 15th, 2006

[ GLSA 200602-07 ] Sun JDK/JRE: Applet privilege escalation

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200602-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -