Berkeley-AL20, Berkeley-BD Security Vulnerabilities

Microsoft Security Bulletin MS08-071 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

Microsoft Security Bulletin MS08-071 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (956802) Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of...

[SECURITY] Fedora 8 Update: cups-1.3.9-2.fc8

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

[SECURITY] Fedora 9 Update: cups-1.3.9-2.fc9

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

[SECURITY] Fedora 10 Update: cups-1.3.9-4.fc10

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

SecurityReason : PHP 5.2.6 dba_replace() destroying file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ] Author: Maksymilian Arciemowicz http://securityreason.com Date: - - Written: 10.11.2008 - - Public: 28.11.2008 SecurityReason Research SecurityAlert Id: 58 SecurityRisk: Medium Affected...

php526-destroy.txt

...

Discuz! 6.1 xss2webshell Exploit-vulnerability warning-the black bar safety net

/* ####################################### Discuz! 6.1 xss2webshell[SODB-2 0 0 8-1 0] Exploit by 80vul-A team: http://www.80vul.com ####################################### */ //Target url var siteurl='http://www.80vul.com/Discuz_6.1.0/'; var request = false; if(window. XMLHttpRequest) { ...

Discuz! 6.1 xss2webshell Exploit

No description provided by...

Fwd: Deny Of Service and infinite loop in BitDefender (module pdf.xmd)

Deny Of Service and infinite loop in BitDefender (module pdf.xmd) / ProTeuS @ cih.ms / tested on pdf.xmd BitDefender's pdf engine by Alexandru Matei (0.1,Oct 8 2008), CRC32=A393F805 and on pdf.xmd last update by the moment of publication Deny of service occurs during parsing of included compressed....

Discuz! admin\runwizard.inc.php get-webshell bug

由于Discuz!的admin\runwizard.inc.php里saverunwizardhistory()写文件操作没有限制导致执行代码漏洞. 在文件admin\runwizard.inc.php里代码: $runwizardhistory = array(); $runwizardfile = DISCUZ_ROOT.'./forumdata/logs/runwizardlog.php'; if($fp = @fopen($runwizardfile, 'r')) { $runwizardhistory = @unserialize(fread($fp,...

[SECURITY] Fedora 9 Update: cups-1.3.9-1.fc9

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

[SECURITY] Fedora 8 Update: cups-1.3.9-1.fc8

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

Unfixed XSS vulnerability at www.teikav.edu.gr

Security researcher Ic3Drag0n, has submitted on 10/12/2008 a cross-site-scripting (XSS) vulnerability affecting www.teikav.edu.gr, which at the time of submission ranked 233523 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/01/2009. It is...

rianxosencabos-sql.txt

...

Rianxosencabos CMS 0.9 Remote Blind SQL Injection Vulnerability

No description provided by...

Rianxosencabos CMS 0.9 - Blind SQL Injection

...

Rianxosencabos CMS 0.9 - Blind SQL Injection

Rianxosencabos CMS 0.9 - Blind SQL...

Rianxosencabos CMS 0.9 Remote Blind SQL Injection Vulnerability

Exploit for unknown platform in category web...

Unfixed XSS vulnerability at www.chansol.com

Security researcher Milisx, has submitted on 25/09/2008 a cross-site-scripting (XSS) vulnerability affecting www.chansol.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2008. It is currently...

Unfixed XSS vulnerability at www.uouo.cn

Security researcher Milisx, has submitted on 25/09/2008 a cross-site-scripting (XSS) vulnerability affecting www.uouo.cn, which at the time of submission ranked 2786244 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2008. It is currently.....

Unfixed XSS vulnerability at www.kwms.co.kr

Security researcher Milisx, has submitted on 25/09/2008 a cross-site-scripting (XSS) vulnerability affecting www.kwms.co.kr, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2008. It is currently...

Unfixed XSS vulnerability at www.noche.co.kr

Security researcher Milisx, has submitted on 25/09/2008 a cross-site-scripting (XSS) vulnerability affecting www.noche.co.kr, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2008. It is currently...

Unfixed XSS vulnerability at www.asflower.net

Security researcher Milisx, has submitted on 25/09/2008 a cross-site-scripting (XSS) vulnerability affecting www.asflower.net, which at the time of submission ranked 4510631 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2008. It is...

Gentoo Security Advisory GLSA 200510-02 (MPEG Tools)

The remote host is missing updates announced in advisory GLSA...

Gentoo Security Advisory GLSA 200510-02 (MPEG Tools)

The remote host is missing updates announced in advisory GLSA...

Microworld Mailscan 5.6.a Password Reveal Exploit

No description provided by...

Microworld Mailscan 5.6.a - Password Reveal

...

Microworld Mailscan 5.6.a Password Reveal Exploit

Exploit for unknown platform in category remote...

microworld-password.txt

...

Microworld Mailscan 5.6.a - Password Reveal

Microworld Mailscan 5.6.a - Password...

Berkeley Yacc (byacc) 'skeleton.c'本地拒绝服务漏洞

BUGTRAQ ID: 30233 CNCAN ID：CNCAN-2008071604 Berkeley Yacc是一款用于生成编译器的编译器。 Berkeley Yacc (byacc) 'skeleton.c'存在越界访问，本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 在减少规则和yacc堆栈指针指向分配栈中很后面的位置时，通过$$ = $1行为可导致内存越界访问而造成应用程序崩溃。 Robert Corbett Berkeley Yacc (byacc) 20070509 OpenBSD OpenBSD 2.9 OpenBSD OpenBSD 2.8 OpenBSD...

CentOS 3 / 4 / 5 : bind / selinux-policy (CESA-2008:0533)

Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample...

RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2008:0533)

Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample...

[SECURITY] Fedora 8 Update: bind-9.5.0-28.P1.fc8

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

[SECURITY] Fedora 9 Update: bind-9.5.0-33.P1.fc9

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

bind security update

CentOS Errata and Security Advisory CESA-2008:0533-03 ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a....

bind, caching, selinux security update

CentOS Errata and Security Advisory CESA-2008:0533 ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a...

Preemptive Protection against Multiple Vendor DNS Insufficient Socket Entropy Vulnerability

A Spoofing vulnerability has been reported in major DNS implementations, including Microsoft Windows DNS service and Berkeley Internet Name Domain (BIND). DNS Spoofing allows an attacker to change a DNS entry so it would point to an IP of his own choice. This vulnerability could allow an attacker.....

(RHSA-2008:0533) Important: bind security update

ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have...

phpBB <= 2.0.15 Register Multiple Users Denial of Service (perl code)

No description provided by...

Unfixed XSS vulnerability at www.youngwave.org

Security researcher Milisx, has submitted on 22/06/2008 a cross-site-scripting (XSS) vulnerability affecting www.youngwave.org, which at the time of submission ranked 6088838 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2008. It is...

Unfixed XSS vulnerability at www.ycec.co.kr

Security researcher Milisx, has submitted on 22/06/2008 a cross-site-scripting (XSS) vulnerability affecting www.ycec.co.kr, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2008. It is currently...

PHP168 X-Forwarded-For exploit-vulnerability warning-the black bar safety net

amxku's blog ( http://www.amxku.net/ ) author: amxku The vulnerability itself is the cause of nothing to say, old X-Forwarded-For problem, I think this loophole a lot of people have found it. Because of this vulnerability for some time, and was just on the pc to test it, may be some error,...

solaris/x86 add services and execve inetd 201 bytes

No description provided by...

Unfixed XSS vulnerability at corp-gov.ru

Security researcher Azat Harutyunyan, has submitted on 29/05/2008 a cross-site-scripting (XSS) vulnerability affecting corp-gov.ru, which at the time of submission ranked 1255383 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/06/2008. It is.....

RHEL 5 : bind (RHSA-2008:0300)

Updated bind packages that fix two security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an...

(RHSA-2008:0300) Moderate: bind security, bug fix, and enhancement update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was...

[SECURITY] Fedora 9 Update: cups-1.3.7-2.fc9

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

Create New Admin Exploit FOR php168 v4.0SP

No description provided by...

[SECURITY] Fedora 7 Update: cups-1.2.12-11.fc7

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...