samba security update

CentOS Errata and Security Advisory CESA-2007:0354-01 Updated samba packages that fix several security flaws are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients...

JC URLShrink 1.3.1 - Remote Code Execution

.-""""""""-. / Dj7xpl \ | | |, .-. .-. ,| | o/ \o | |/ /\ | @ ^^ \|IIIIII|/ @8@8 / \ / @ +Iranian Are The Best In World+ + + /I N F O\ + | | + | U R L S H R I N K | +...

Update: ViewCVS and ViewVC 'checkout view' content type fixation issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi! Moritz Naumann wrote: This does not impact how much the rest of my report applies. My findings are now being discussed on the ViewVC developers mailing list 1. They apparently also impact ViewVC. Whether and to which degree what I am reporting c...

PHP import_request_variables() arbitrary variable overwrite

PHP importrequestvariables arbitrary variable overwrite Name Using importrequestvariables you can overwrite $ and $ any php variable. Systems Affected PHP =4.0.7 =5.2.1 Severity High Vendor http://www.php.net/ Advisory http://www.wisec.it/vulns.php?id=10 http://www.wisec.it/vuln10.txt Authors...

Microsoft Visual Studio WmiScriptUtils.dll跨域脚本漏洞

Microsoft Visual Studio是一套微软公司的开发工具套件系列产品。 Microsoft Visual Studio WMIScriptUtils.WMIObjectBroker2 ActiveX控件处理存在问题，远程攻击者可利用漏洞以应用程序进程权限执行任意指令。 Microsoft WMIScriptUtils.WMIObjectBroker2 ActiveX控件存在安全问题，攻击者可以构建恶意页面，诱使用户访问，导致绕过Internet域安全限制，并实例化其他危险的对象，造成 任意指令执行。 Visual Studio 2005 Standard Edition...

JavaScript code can cause the browser attack-vulnerability warning-the black bar safety net

Security researchers have found a Use JavaScript to scan the family and the enterprise network, and attacks on the network server, and the router and printer and other equipment of the method. Researchers say the malicious JavaScript code can be embedded in a Web page, use the browser to browse t...

Code injection

Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers...

CVE-2006-2540

Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers...

IDS evasion techniques and countermeasures detailed description-vulnerability warning-the black bar safety net

In the network thriving for a few days, the network security issues become increasingly prominent. Network on the Black, White two in the network security of the various fields are engaged in a fierce competition. The black hat community and constantly launch Dodge or across the networkintrusion...

[ MDKSA-2006:051 ] - Updated gettext packages fix temporary file vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:051 http://www.mandriva.com/security/ Package : gettext Date : February 28, 2006 Affected: Corporate 3.0, Multi Network Firewall 2.0 Problem Description: The Trustix developers discovered temporary file...

phpRPC Library Remote Code Execution

GulfTech Security Research February 26, 2006 Vendor : Robert Hoffman URL : http://sourceforge.net/projects/phprpc/ Version : phpRPC = 0.7 Risk : Remote Code Execution Description: phpRPC is meant to be an easy to use xmlrpc library. phpRPC is greatly simplified with the use of database/rpc-protoc...

Windows Access Control Demystified

Hello everybody, We have constructed a logical model of Windows XP access control, in a declarative but executable Datalog format. We have built a scanner that reads access-control configuration information from the Windows registry, file system, and service control manager database, and feeds ra...

EasyCMS vulnerable to XSS injection.

The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...

Oracle DBMS_ASSERT and the October 2005 CPU

Whilst there are problems with the Oracle October 2005 Critical Patch Update, it's not all bad news.... There is a great deal of evidence in this patch that Oracle are beginning to treat security properly. They've introduced a new package PL/SQL package DBMSASSERT into the RDBMS. Whilst DBMSASSER...

Debian DSA-801-1 : ntp - programming error

SuSE developers discovered that ntp confuses the given group id with the group id of the given user when called with a group id on the commandline that is specified as a string and not as a numeric gid, which causes ntpd to run with different privileges than intended. %NASLMINLEVEL 70300 C Tenabl...

[SECURITY] [DSA 801-1] New ntp packages fix group id confusion

-------------------------------------------------------------------------- Debian Security Advisory DSA 801-1 [email protected] http://www.debian.org/security/ Martin Schulze September 5th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 801-1] New ntp packages fix group id confusion

-------------------------------------------------------------------------- Debian Security Advisory DSA 801-1 [email protected] http://www.debian.org/security/ Martin Schulze September 5th, 2005 http://www.debian.org/security/faq -...

postnuke0750.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.750=x cXIb8O3.5 Author: cXIb8O3 Date: 2.3.2005 from SecurityReason.Com - --- 0.Description --- PostNuke: The Phoenix Release 0.750 PostNuke is an open source, open developement content management system CMS. PostNuke started a...

[SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 751-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...

Various Buffer Overflows in Oracle 10g Tools

--------------------------------------------------------------------------- Various Buffer Overflows in Oracle 10g Tools --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004, 2005 Location: Basque Country...