No consensus yet on partial disclosure

Five of the brighter minds in the security industry spent two hours Thursday afternoon arguing, needling each other and generally disagreeing about everything under the sun and at the end of it all settled absolutely nothing on the topic of partial disclosure. The panel was meant to generate some...

Denial of Service using Partial GET Request in Mozilla Firefox 3.06

No description provided by source. [email protected] wrote: It's been confirmed that this is not problem in IE. Sorry I didn't mention that. \ Microsoft uses Silverlight: GET /index.php?page=Poem/Poem.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, ...

Denial of Service using Partial GET Request in Mozilla Firefox 3.06

============================================================ !vuln Mozilla Firefox 3.06 Previous versions may also be affected. ============================================================ ============================================================ !risk Medium There are currently many users usi...

php htmlentities/htmlspecialchars multibyte sequences

The 1 htmlentities and 2 htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465...

php htmlentities/htmlspecialchars multibyte sequences

The 1 htmlentities and 2 htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465...

CVE-2008-2953

Linux DC++ linuxdcpp before 0.707 allows remote attackers to cause a denial of service crash via "partial file list requests" that trigger a NULL pointer dereference...

CVE-2008-2953

Linux DC++ linuxdcpp before 0.707 allows remote attackers to cause a denial of service crash via "partial file list requests" that trigger a NULL pointer dereference...

CVE-2008-2953

Removed by vendor...

faname10-sql.txt

netVigilance Security Advisory 42 Fa Name version 1.0 SQL Injection Vulnerability Description: Fa Name http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html is useful portal CMS for .name websites. You can have a simple portal but useful one for you domain names and by usei...

CVE-2008-1543

The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262...

netwin-list.txt

!/usr/bin/python NetWin Surgemail 0DAY IMAP POST AUTH Remote LIST Universal Exploit Discovered and coded by Matteo Memelli aka ryujin http://www.gray-world.net http://www.be4mind.com Affected Versions : Version 3.8k4-4 Windows Platform Tested on OS : Windows 2000 SP4 English Windows XP Sp2 Englis...

CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

Calendarix version 0.7. 20070307 Multiple XSS Attacks

netVigilance Security Advisory 37 Calendarix version 0.7. 20070307 Multiple XSS Attacks Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user with the quickest...

MyNews version 0.10 SQL Injection Vulnerability

netVigilance Security Advisory 25 MyNews version 0.10 SQL Injection Vulnerability Description: MyNews is very easy to include into any website news publishing, just as simple as using the include tag and calling the function to display the news. BBCode has been added to this feature, so now you d...

[Full-disclosure] WSPortal version 1.0 SQL Injection Vulnerability

netVigilance Security Advisory 33 WSPortal version 1.0 SQL Injection Vulnerability Description: WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the site or a specific ip address, private messagi...

[Full-disclosure] Utopia News Pro version 1.4.0 XSS Attack Vulnerability

netVigilance Security Advisory 34 Utopia News Pro version 1.4.0 XSS Attack Vulnerability Description: Utopia News Pro is a powerful and scalable news management system for any web site. News Pro, written in PHP and backed by the renowned MySQL database system, Utopia Software's News Pro is an ide...

DEBIAN-CVE-2007-2448

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information revision properties via svn 1 propget, 2 proplist, or 3 propedit...

CVE-2007-2448

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information revision properties via svn 1 propget, 2 proplist, or 3 propedit...

CVE-2007-2448

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information revision properties via svn 1 propget, 2 proplist, or 3 propedit...