Aria-Security Team
http://Aria-Security.Net
-
Lotfian.com DATABASE DRIVEN TRAVEL SITE
NewsDetails.asp?NewsID=''UPDATE gtsNews set NewsDescription='HACKED' UPDATE
gtsNews set NewsTitle='HACKED'
Destination.asp?CID=''UPDATE gtsCountry set CountyName='HACKED'
###
Autor: Brainhead
Type: XSS
Version: 4.01.02
Files: usergallery.php, calendar.php
Magic Quotes :off
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Call For Papers
The 2008 Workshop on Security and High Performance Computing Systems
(http://www.diiga.univpm.it/~spalazzi/nicosia/)
As part of The 2008 International Conference
High Performance Computing Simulation (HPCS08)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Site address: http://www.braverock.com/gpg
SquirrelMail plugin page: http://www.squirrelmail.org/plugin_view.php?id=153
1 issue - Deletion of files writable by web server user
SquirrelMail GPG plugin allows end users to delete or overwrite files
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Site address: http://roundcube.net/
Roundcube webmail does not sanitize Microsoft Internet Explorer
scripting issues reported by Yosuke Hasegawa. Author was contacted on
2007-05-11. I haven't received any response and current (2007-12-09)
code is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Source: http://www.int21.de/cve/CVE-2007-6205-s9y.html
Cross site scripting (XSS) in rss feed plugin of Serendipity 1.2
References
http://www.s9y.org/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6205
Description
The Serendipity blog system contains a plugin to display the content of
---
__ __ __
/_ | |__\_ \ _/ |_ /_ |/ |_
| |/\| | _(__ _/ ___\ __\ __ | \ __\
| | | \ | |/ \ \___| |
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Aria-Security Team
http://Aria-Security.Net
-
Discovered By: Mormoroth
Shout outs The-0utlaw for completing the vuln.
I.SQL Injection
http://site.ltd/myaccount/viewProfile.asp?member='update Members set
ProfileName='hacked';--
This Changes MemberList...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
H - Security Labs
Falt4Extreme (RC4 10.9.2007) Security
Report
ID : HSEC#20071012
General Information
--
Name
==
Secunia Research 10/12/2007
- Samba send_mailslot() Buffer Overflow Vulnerability -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
catdownload.php (line 16)
$sql = ('SELECT * FROM downloads WHERE categorie='.$categorie.'');
download.php (line 6)
mysql_query('SELECT * FROM `downloads` WHERE categorie=' . $_GET['id']);
hitcounter.php (line 15)
$requete = SELECT lien FROM downloads WHERE id=$id;
download:
squids ICAP implementation does not check mem-store size before reading from
an
ICAP-server.
If the user does not confirm browsers download-message-box, squid keeps on
reading data from the ICAP server into the memory store, whilst no more data
can be delivered to the client.
Thus the memory
December 10th, 2007
===
Summary
===
Name: Websense XSS Vulnerability
Release Date: 10 December 2007
Reference: LSD002-2007
Discover: Dave Lewis
CVE:Pending
Vendor: Websense
Product: Websense Enterprise and Websense Web Security Suite
Systems Affected: version 6.3 (as tested)
Risk: Less
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
==
==
== Subject: Boundary failure in GETDC mailslot
== processing can result in a buffer overrun
==
== CVE ID#: CVE-2007-6015
==
== Versions:Samba 3.0.0 - 3.0.27a
I wrote Monday, October 29, 2007 10:04 PM:
I wrote Sunday, October 21, 2007 2:18 PM:
Anonymous [EMAIL PROTECTED] wrote Saturday, October 20, 2007 11:55 AM:
As a workaround, one could try to manually replace zlib32.dll in a Windows
GSView 4.8 installation with the current zlib1.dll
rPath Security Advisory: 2007-0261-1
Published: 2007-12-10
Products:
rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
[EMAIL PROTECTED]:1/3.0.27a-0.1-1
[EMAIL PROTECTED]:1/3.0.27a-0.1-1
rPath Issue
Risk: Moderate
CVE: pending
Reference: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt
1. Summary
2. Detail
3. Proof of concept
4. Workaround
1. Summary
Quoting from http://wordpress.org/:
WordPress is a state-of-the-art semantic personal publishing platform
On 8 Dec 2007 01:54:52 -, [EMAIL PROTECTED] wrote:
#!/bin/perl
#
# Media Player Classic 6.4.9 MP4 Stack Overflow
Did this ever get reported to Gulverkli? Your mailing doesn't appear
to acknowledge that fact or not.
--
Rob
--
Rob
###
Luigi Auriemma
Application: BarracudaDrive Web Server
http://barracudaserver.com/products/BarracudaDrive/
http://barracudaserver.com/products/HomeServer/
Versions:
###
Luigi Auriemma
Application: BadBlue
http://www.badblue.com
Versions: = 2.72b
Platforms:Windows
Bugs: A] PassThru buffer-overflow
B] upload directory
###
Luigi Auriemma
Application: DOSBox
http://dosbox.sourceforge.net
Versions: = 0.72 and current CVS
Platforms:Windows, Linux, *BSD and Mac
Bug: access to the
===
Ubuntu Security Notice USN-550-2 December 10, 2007
libcairo regression
https://launchpad.net/bugs/NN
===
A security issue affects the following Ubuntu releases:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1427-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2007
The Web Application Security Consortium is pleased to announce the first
results
of the Script Mapping project! At this stage in the project we were able to
cover
most of the test cases for Internet Explorer 7, Firefox 2 and Safari 3.
The results can be found on the project page:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I've recently found a design flaw in the dell website regarding the
shopping cart / purchasing system and was wondering if anyone could get
me a contact to report it too?
The following source lists address 'abuse at dell.com' as handler of security
issues too:
http://osvdb.org/vendor_dict.php?section=vendorid=1756c=D
If security is important to the company they will reply to you and deliver the
message to the right person.
Juha-Matti
[EMAIL PROTECTED] [EMAIL
ZDI-07-072: Novell NetMail AntiVirus Agent Multiple Heap Overflow
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-07-072.html
December 10, 2007
-- CVE ID:
CVE-2007-6302
-- Affected Vendor:
Novell
-- Affected Products:
NetMail 3.5.2
-- TippingPoint(TM) IPS Customer Protection:
34 matches
Mail list logo