Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection

Aria-Security Team http://Aria-Security.Net - Lotfian.com DATABASE DRIVEN TRAVEL SITE NewsDetails.asp?NewsID=''UPDATE gtsNews set NewsDescription='HACKED' UPDATE gtsNews set NewsTitle='HACKED' Destination.asp?CID=''UPDATE gtsCountry set CountyName='HACKED'

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

### Autor: Brainhead Type: XSS Version: 4.01.02 Files: usergallery.php, calendar.php Magic Quotes :off

[ GLSA 200712-09 ] Ruby-GNOME2: Format string error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Call for Papers - Security and High Performance Computing System 2008

Call For Papers The 2008 Workshop on Security and High Performance Computing Systems (http://www.diiga.univpm.it/~spalazzi/nicosia/) As part of The 2008 International Conference High Performance Computing Simulation (HPCS’08)

Two vulnerabilities in SquirrelMail GPG plugin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Site address: http://www.braverock.com/gpg SquirrelMail plugin page: http://www.squirrelmail.org/plugin_view.php?id=153 1 issue - Deletion of files writable by web server user SquirrelMail GPG plugin allows end users to delete or overwrite files

Unsanitized scripting in RoundCube webmail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Site address: http://roundcube.net/ Roundcube webmail does not sanitize Microsoft Internet Explorer scripting issues reported by Yosuke Hasegawa. Author was contacted on 2007-05-11. I haven't received any response and current (2007-12-09) code is

[ GLSA 200712-06 ] Firebird: Multiple buffer overflows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

CVE-2007-6205

Source: http://www.int21.de/cve/CVE-2007-6205-s9y.html Cross site scripting (XSS) in rss feed plugin of Serendipity 1.2 References http://www.s9y.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6205 Description The Serendipity blog system contains a plugin to display the content of

Flat PHP Board = 1.2 Multiple Vulnerabilities

--- __ __ __ /_ | |__\_ \ _/ |_ /_ |/ |_ | |/\| | _(__ _/ ___\ __\ __ | \ __\ | | | \ | |/ \ \___| |

[ GLSA 200712-03 ] GNU Emacs: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

bttlxeForum Multiple SQL Injection And Cross Site Scripting

Aria-Security Team http://Aria-Security.Net - Discovered By: Mormoroth Shout outs The-0utlaw for completing the vuln. I.SQL Injection http://site.ltd/myaccount/viewProfile.asp?member='update Members set ProfileName='hacked';-- This Changes MemberList...

[ GLSA 200712-04 ] Cairo: User-assisted execution of arbitrary code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Falt4 CMS Security Report/Advisory

H - Security Labs Falt4Extreme (RC4 10.9.2007) Security Report ID : HSEC#20071012 General Information -- Name

Secunia Research: Samba send_mailslot() Buffer Overflow Vulnerability

== Secunia Research 10/12/2007 - Samba send_mailslot() Buffer Overflow Vulnerability - == Table of Contents Affected

[ GLSA 200712-05 ] PEAR::MDB2: Information disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SQL injection - GestDownV1.00Beta

catdownload.php (line 16) $sql = ('SELECT * FROM downloads WHERE categorie='.$categorie.''); download.php (line 6) mysql_query('SELECT * FROM `downloads` WHERE categorie=' . $_GET['id']); hitcounter.php (line 15) $requete = SELECT lien FROM downloads WHERE id=$id; download:

squids ICAP implementation lacks a defer check when reading from ICAP server

squids ICAP implementation does not check mem-store size before reading from an ICAP-server. If the user does not confirm browsers download-message-box, squid keeps on reading data from the ICAP server into the memory store, whilst no more data can be delivered to the client. Thus the memory

Advisory: Websense XSS Vulnerability

December 10th, 2007 === Summary === Name: Websense XSS Vulnerability Release Date: 10 December 2007 Reference: LSD002-2007 Discover: Dave Lewis CVE:Pending Vendor: Websense Product: Websense Enterprise and Websense Web Security Suite Systems Affected: version 6.3 (as tested) Risk: Less

[SECURITY] Buffer overrun in send_mailslot()

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == == == Subject: Boundary failure in GETDC mailslot == processing can result in a buffer overrun == == CVE ID#: CVE-2007-6015 == == Versions:Samba 3.0.0 - 3.0.27a

Re: Windows binary of GSview 4.8 contain vulnerable zlib (CAN-2005-2096) and vulnerable bz2lib (CAN-2005-0758 CAN-2005-0953)

I wrote Monday, October 29, 2007 10:04 PM: I wrote Sunday, October 21, 2007 2:18 PM: Anonymous [EMAIL PROTECTED] wrote Saturday, October 20, 2007 11:55 AM: As a workaround, one could try to manually replace zlib32.dll in a Windows GSView 4.8 installation with the current zlib1.dll

rPSA-2007-0261-1 samba samba-swat

rPath Security Advisory: 2007-0261-1 Published: 2007-12-10 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote Root Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/3.0.27a-0.1-1 [EMAIL PROTECTED]:1/3.0.27a-0.1-1 rPath Issue

WordPress Charset SQL injection vulnerability (re-resend)

Risk: Moderate CVE: pending Reference: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt 1. Summary 2. Detail 3. Proof of concept 4. Workaround 1. Summary Quoting from http://wordpress.org/: WordPress is a state-of-the-art semantic personal publishing platform

Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day

On 8 Dec 2007 01:54:52 -, [EMAIL PROTECTED] wrote: #!/bin/perl # # Media Player Classic 6.4.9 MP4 Stack Overflow Did this ever get reported to Gulverkli? Your mailing doesn't appear to acknowledge that fact or not. -- Rob -- Rob

Multiple vulnerabilities in BarracudaDrive 3.7.2

### Luigi Auriemma Application: BarracudaDrive Web Server http://barracudaserver.com/products/BarracudaDrive/ http://barracudaserver.com/products/HomeServer/ Versions:

Multiple vulnerabilities in BadBlue 2.72b

### Luigi Auriemma Application: BadBlue http://www.badblue.com Versions: = 2.72b Platforms:Windows Bugs: A] PassThru buffer-overflow B] upload directory

Filesystem access in DOSBox 0.72

### Luigi Auriemma Application: DOSBox http://dosbox.sourceforge.net Versions: = 0.72 and current CVS Platforms:Windows, Linux, *BSD and Mac Bug: access to the

[USN-550-2] Cairo regression

=== Ubuntu Security Notice USN-550-2 December 10, 2007 libcairo regression https://launchpad.net/bugs/NN === A security issue affects the following Ubuntu releases:

[SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1427-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff December 10, 2007

WASC Announcement: The Script Mapping Project Results and Call for Participation

The Web Application Security Consortium is pleased to announce the first results of the Script Mapping project! At this stage in the project we were able to cover most of the test cases for Internet Explorer 7, Firefox 2 and Safari 3. The results can be found on the project page:

[ GLSA 200712-10 ] Samba: Execution of arbitrary code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Dell / Dell Financial Services - Contact

I've recently found a design flaw in the dell website regarding the shopping cart / purchasing system and was wondering if anyone could get me a contact to report it too?

Re: Dell / Dell Financial Services - Contact

The following source lists address 'abuse at dell.com' as handler of security issues too: http://osvdb.org/vendor_dict.php?section=vendorid=1756c=D If security is important to the company they will reply to you and deliver the message to the right person. Juha-Matti [EMAIL PROTECTED] [EMAIL

ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities

ZDI-07-072: Novell NetMail AntiVirus Agent Multiple Heap Overflow Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-07-072.html December 10, 2007 -- CVE ID: CVE-2007-6302 -- Affected Vendor: Novell -- Affected Products: NetMail 3.5.2 -- TippingPoint(TM) IPS Customer Protection: