MDKA-2006:065 : hal

A bug in partition detection for some SD/MMC card readers those using the sdhci driver was preventing correct detection by HAL, breaking automatic mounting/unmounting on card insertion/removal. Another bug was preventing correct mounting of LUKS-encrypted removable media. This update fixes these...

Microsoft Word fails to properly handle malformed strings

Overview A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens...

Microsoft Antivirus Engine Integer Overflow Vulnerability

Description Microsoft Antivirus Engine is prone to an integer-overflow vulnerability when the application processes maliciously crafted files. This issue is currently being exploited via Portable Document Files PDF, but other Microsoft applications are also reported vulnerable. An attacker could...

Don't worry about activation and updates create your own OEM system-vulnerability warning-the black bar safety net

Microsoft is now on pirated Windows speed up ban pace, but through the BIOS character to activate the OEM system for sure is absolutely safe, so today teach you to make one for your own computer of the OEM system install disc, no longer have to worry about activation and automatic update of the...

Cross site scripting

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

Backup implementation

Organization Backup I. Intro Let's start by cramming terms and definitions. Backup backup, b4kup or in the common folk backup we will call an asynchronous, in relation to modification, process of creating a copy of stored information data, which allows you to restore the previous state of the dat...

AntiAntivirus (Internet can be ruined by antivrus)

Will AntiVirus ruin the Internet? 3APA3A security.nnov.ru Dmitry Leonov bugtraq.ru Alex Exler exler.ru Alexander Dilevsky yandex.ru Alexander Antipov securitylab.ru Ilya Medvedovsky dsec.ru Vladislav Myasnyankin BugTraq.Ru The seemingly uncomplicated mail worm Sobig.f broke all distribution...

DEBIAN-CVE-2006-6614

The saveloglocal function in Fully Automatic Installation FAI 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to...

CVE-2006-6614

The saveloglocal function in Fully Automatic Installation FAI 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to...

CVE-2006-6614

The CVE-2006-6614 issue affects Fully Automatic Installation (FAI) 2.10.1 (and possibly 3.1.2). When verbose mode is enabled, the save_log_local function writes the root password hash to /var/log/fai/current/fai.log, and the log file’s permissions permit copying to other hosts when fai-savelog is...

CVE-2006-6614

The saveloglocal function in Fully Automatic Installation FAI 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to...

CVE-2006-6375

Cross-site scripting XSS vulnerability in display.php in Simple Machines Forum SMF 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer...

CVE-2006-6375

CVE-2006-6375 is a cross-site scripting (XSS) flaw in display.php of Simple Machines Forum (SMF) 1.1 Final and earlier. The vulnerability allows remote attackers to inject arbitrary script/HTML via the contents of a file uploaded with the image parameter, which can be interpreted as script by Int...

Hacking quest dove gray is not on-line analysis summary-vulnerability warning-the black bar safety net

Not automatically on-line of reason: 1. You do not have public IP or you are within the network did not do the appropriate port mapping; 2. You opened the firewall closes the Dove gray to use to the port; 3. You do not have to update the IP to your domain name; 4. Your service-side configuration...

/sbin/restore exploit (rh6.2)

No description provided by source. !/bin/sh /sbin/restore exploit for rh6.2 I did not find this weakness my self, all i did was writing this script and some more to make it automatic and easy to use. This exploit should work on all redhat 6.2 systems with /sbin/restore not "fucked up". May work o...

OpenBSD 2.6 / 2.7ftpd Remote Exploit

No description provided by source. / h0h0h0 0-day k0d3z Exploit by Scrippie, help by dvorak and jimjones greets to sk8 Not fully developt exploit but it works most of the time ; Things to add: - automatic writeable directory finding - syn-scan option to do mass-scanning - worm capabilities? shoul...

On mcafee the process of learn-vulnerabilities and early warning-the black bar safety net

mcafee in total there are 7 processes 1:frameworkservice.exe: this process can be in the system services found in the Corresponding to the service"mcafee framework" It is used to do what? In fact, it is mcafee's background framework of the process,mcafee product of the shared components of the...

Microsoft Office fails to properly parse malformed records

Overview A vulnerability in the way Microsoft Office parses files containing malformed records may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when Office attempts to parse specially crafted records. According to Microsoft...

Microsoft Excel fails to properly process malformed STYLE records

Overview Microsoft Excel contains a vulnerability in the handling of malformed STYLE records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

Microsoft Excel fails to properly process malformed DATETIME records

Overview Microsoft Excel contains a vulnerability in the handling of malformed DATETIME records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...