[SECURITY] Fedora 9 Update: squidGuard-1.2.1-2.fc9

squidGuard can be used to - limit the web access for some users to a list of accepted/well known web servers and/or URLs only. - block access to some listed or blacklisted web servers and/or URLs for some users. - block access to URLs matching a list of regular expressions or words for some users...

SA-CONTRIB-2009-006 - Troll - Cross site request forgeries

The Troll module provides management tools for community sites to deal with badly behaved users, known as "trolls", including banning users by IP address, advanced user searching, and blocking users by role. The module does not properly implement the Drupal Form API which makes it vulnerable to...

[NT] Microsoft Windows Active Directory LDAP Server Information Disclosure Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Design/Logic Flaw

Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many Non-Blocking Space character sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025...

CVE-2008-4787

Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many Non-Blocking Space character sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025...

CVE-2008-4698

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...

D-Link DIR-100 1.12 - Security Bypass

source: https://www.securityfocus.com/bid/31050/info D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator. D-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected ...

linux/x86 rm -rf / attempts to block the process from being stopped

Exploit for linux/x86 platform in category shellcode =================================================================== linux/x86 rm -rf / attempts to block the process from being stopped =================================================================== / x86 linux rm -rf / which attempts to...

linux/x86 - rm -rf / attempts to block the process from being stopped

linux/x86 rm -rf / attempts to block the process from being stopped. Shellcode exploit for linx86 platform / x86 linux rm -rf / which attempts to block the process from being stopped 132 bytes written by onionring / main char shellcode = "\x31\xC0" // xor eax, eax "\x89\xC3" // mov ebx, eax...

[SECURITY] Fedora 9 Update: squid-3.0.STABLE7-1.fc9

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

Microsoft Office单元格标注解析内存破坏漏洞（MS08-016）

BUGTRAQ ID: 28146 CVECAN ID: CVE-2008-0118 Microsoft Office是非常流行的办公软件套件。 Office处理特制Office文件的方式存在内存分配错误，如果用户受骗打开了畸形文件的话，就可能导致执行任意指令。 Microsoft Office XP SP3 Microsoft Office 2004 for Mac Microsoft Office 2003 Service Pack 2 Microsoft Office 2000 SP3 临时解决方法： 在打开未知或不可信任来源的文件时，使用Microsoft...

Microsoft Excel富文本值堆溢出漏洞（MS08-014）

BUGTRAQ ID: 28168 CVECAN ID: CVE-2008-0116 Excel是微软Office办公软件家族中的电子表格工具。 Excel在解析BIFF文件格式时存在堆溢出漏洞，成功利用这个漏洞的攻击者可能以当前登录用户的权限执行任意指令。 如果处理了畸形的标签，就可能由用户控制堆分配，在将用户提供的数据拷贝到堆缓冲区时就可以触发这个溢出，覆盖任意内存。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3...

FreeBSD : dovecot -- security hole in blocking passdbs (b39bdc06-ee42-11dc-8678-00a0cce0781e)

Dovecot reports : Security hole in blocking passdbs MySQL always. PAM, passwd and shadow if blocking=yes where user could specify extra fields in the password. The main problem here is when specifying 'skippasswordcheck' introduced in v1.0.11 for fixing master user logins, allowing the user to lo...

DEBIAN-CVE-2008-1218

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skippasswordcheck field t...

CVE-2008-1218

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skippasswordcheck field t...

dovecot -- security hole in blocking passdbs

Dovecot reports: Security hole in blocking passdbs MySQL always. PAM, passwd and shadow if blocking=yes where user could specify extra fields in the password. The main problem here is when specifying "skippasswordcheck" introduced in v1.0.11 for fixing master user logins, allowing the user to log...

Debian Security Advisory DSA 1157-1 (ruby1.8)

The remote host is missing an update to ruby1.8 announced via advisory DSA 1157-1. Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service. The Common Vulnerabilities and Exposures project...

FortiGuard: URL Filtering Application Bypass Vulnerability

I dont know if its new but i code it during a PentTest and i would like to share it with you. It is based on code developed By sinhack research labs: http://sinhack.net/URLFilteringEvasion/sakeru.tx Description: "Fortinet's URL blocking functionality can be bypassed by specially-crafted HTTP...

CVE-2007-5715

DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as...

CVE-2002-2337

CVE-2002-2337 affects Kaspersky Anti-Hacker 1.0. When configured to automatically block attacks, the product allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. The provided sources describe the affected product and impact but do not offer concrete rem...