Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 Security Vulnerabilities

Microsoft Missed 2009 Published Article on Stuxnet-Type Attack

A security flaw affecting Microsoft’s Windows operating system that was exploited by the Stuxnet worm was publicly disclosed more than a year before the worm appeared, according to a researcher at Symantec Corp. On September 17, Symantec researcher Liam O Murchu noted on that company’s Connect...

Zendesk Cross Site Request Forgery / Cross Site Scripting

...

Zendesk - Multiple Vulnerabilities

...

Zendesk - Multiple Vulnerabilities

Zendesk - Multiple...

Zendesk Multiple Vulnerabilities

Exploit for multiple platform in category web...

Ubuntu: Security Advisory (USN-528-1)

The remote host is missing an update for...

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1

Ubuntu Update for Linux kernel vulnerabilities...

MG2 0.5.1 Remote Code Execution

...

MG2 0.5.1 (filename) Remote Code Execution Vulnerability

No description provided by...

MG2 0.5.1 - filename Remote Code Execution

MG2 0.5.1 - filename Remote Code...

MG2 0.5.1 (filename) Remote Code Execution Vulnerability

Exploit for unknown platform in category web...

MG2 0.5.1 - 'filename' Remote Code Execution

...

Debian Security Advisory DSA 094-1 (mailman)

The remote host is missing an update to mailman announced via advisory DSA...

Debian Security Advisory DSA 094-1 (mailman)

The remote host is missing an update to mailman announced via advisory DSA...

Ubuntu 5.04 / 5.10 / 6.06 LTS : mailman vulnerabilities (USN-345-1)

Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. (CVE-2006-2941) Various cross-site scripting vulnerabilities have been reported by....

Ubuntu 6.06 LTS / 6.10 / 7.04 : mysql-dfsg-5.0 vulnerabilities (USN-528-1)

Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. An authenticated user could exploit this with a crafted IF clause, leading to a denial of service. (CVE-2007-2583) Victoria Reznichenko discovered that MySQL did not always require the DROP privilege.....

[email protected], [email protected]

=========================================================== Ubuntu Security Notice USN-528-1 October 11, 2007 mysql-dfsg-5.0 vulnerabilities CVE-2007-2583, CVE-2007-2691, CVE-2007-3780, CVE-2007-3782 =========================================================== A security issue affects...

MySQL vulnerabilities

Releases Ubuntu 7.04 Ubuntu 6.10 Ubuntu 6.06 Packages mysql-dfsg-5.0 - Details Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. An authenticated user could exploit this with a crafted IF clause, leading to a denial of service....

CVE-2007-4050

Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified...

CVE-2007-4050

Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified...

Design/Logic Flaw

Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified...

CVE-2007-4050

Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified...

mailman vulnerabilities

Releases Ubuntu 6.06 Ubuntu 5.10 Ubuntu 5.04 Details Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. (CVE-2006-2941) Various...

CentOS 3 / 4 : mailman (CESA-2006:0600)

Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the...

RHEL 3 / 4 : mailman (RHSA-2006:0600)

Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the...

mailman security update

CentOS Errata and Security Advisory CESA-2006:0600 Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which...

(RHSA-2006:0600) mailman security update

Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. ....

Concurrency-related vulnerabilities in browsers - expect problems

Good morning, "Fame-hungry sociopath torches cars, finds browser flaws WARSAW, Poland (AP) -- police are on a look out for a local adolescent vandal who continues to terrorize local IT workers in what appears to be a bizzare bid for fame. Larry Seltzer reports from the scene." Well, I just had...

CMS010.txt

...

phptbInject.txt

...

PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHPTB Topic Board - Multiple PHP injection vulnerabilities Version <= 2.0 Homepage: htt://www.phptb.com/ Author: Filip Groszyсski (VXSfx) Date: 17 August 2005 -- == -- == -- == -- == -- == --...

FreeBSD : mailman -- password disclosure (ad9d2518-3471-4737-b60b-9a1f51023b28)

Barry Warsaw reports : Today I am releasing Mailman 2.1.5, a bug fix release [...] This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest...

enterasys.txt

...

[Full-disclosure] Undocumented account vulnerability in Enterasys Vertical Horizon switches

Problem Description An undocumented account with a default password exists, additionally guest users can DoS the switch. Tested systems The following versions were tested and found vulnerable: Vertical Horizon VH-2402S with firmware 02.05.00 Vertical Horizon VH-2402S with firmware 02.05.09.07...

phpmcnews13.txt

...

phpweblog053.txt

...

phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx)

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: phpWebLog Version: <= 0.5.3 Homepage: http://phpweblog.org/ Author: Filip Groszynski (VXSfx) Date: 7 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable code in include/init.inc.php:...

PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx)

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP mcNews Version: 1.3 Homepage: http://www.phpforums.net/index.php?dir=dld Author: Filip Groszynski (VXSfx) Date: 7 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable code in...

formmail23.txt

...

dcl15.txt

...

Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx)

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: Download Center Lite (DCL) Version: <= 1.5 (free/commercial) Homepage: http://www.stadtaus.com/ Author: Filip Groszynski (VXSfx) Date: 4 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == --...

PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx)

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: Form Mail Script (FS) Version: <= 2.3 (free/commercial) Homepage: http://www.stadtaus.com/ Author: Filip Groszynski (VXSfx) Date: 4 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable...

phpnews124.txt

...

PHP News <= 1.2.4 - Remote File Inclusion (VXSfx)

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP News Version: 1.2.4 (and possibly 1.2.3) Homepage: http://newsphp.sourceforge.net/ Author: Filip Groszynski (VXSfx) Date: 23 February 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable...

[Full-Disclosure] Administrivia: List Compromised due to Mailman Vulnerability

Hi On 7th February 2005 I was notified of a number of potentially - compromised Full-Disclosure subscriber accounts. Following an investigation it appears that the Mailman configuration database was obtained from lists.netsys.com on 2nd January 2005 using a remote directory traversal exploit...

Debian DSA-094-1 : mailman - XSS hole

Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been backported to version 1.1-10 in...

RHEL 2.1 : mailman (RHSA-2004:019)

Updated mailman packages that close a DoS vulnerability present in mailman versions prior to version 2.1 are now available. Mailman is a mailing list manager. Matthew Galgoci of Red Hat discovered a Denial of Service (DoS) vulnerability in versions of Mailman prior to 2.1. An attacker could send a....

mailman -- password disclosure

Barry Warsaw reports: Today I am releasing Mailman 2.1.5, a bug fix release [...] This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest...

(RHSA-2004:019) mailman security update

Mailman is a mailing list manager. Matthew Galgoci of Red Hat discovered a Denial of Service (DoS) vulnerability in versions of Mailman prior to 2.1. An attacker could send a carefully-crafted message causing mailman to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has...

Denial of service in Cajun P13x/P33x switch family firmware 3.x

Problem Description There exists a denial of service attack in the AVAYA Cajun P33x and P13x switch family with firmware versions 3.x. It is possible to stop the switch for 30 seconds. By repeating the attack access can be denied for arbitrarily long periods of time. Tested systems The...