Important: Red Hat Security Advisory: mysql security update

Updated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a serve...

CVE-2006-2511

The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog...

CVE-2006-2511

CVE-2006-2511 concerns the ActiveX version of FrontRange iHEAT. The vulnerability arises when an authenticated user uploads a file with an extension not associated with an application and selects it via the Open With dialog, potentially allowing execution of arbitrary programs or access to arbitr...

90% of programs made in PHP5 and prior Full Path Disclosure vuln.

:Introduction: Normally one of the last steps when accessing to a web-server is to find the url where the web is installed more common in RFD. This may be a hard step, if the RPD is the only bug in that server, but PHP programs have functions that unexpectedly can return lots of errors. ATTENTION...

CVE-2006-0015

Cross-site scripting XSS vulnerability in vtibin/vtiadm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the 1...

Information disclosure

gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1485

gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1476

Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" with no characters before the ".", which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious...

CVE-2006-1485

gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Code injection

Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as 1 tmntsrv.exe and 2 tmproxy.exe...

CVE-2005-2711

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to...

Mini-Nuke<=1.8.2 SQL injection (6)

//mini-nuke board turk have many sql injection founded by Moroccan Security Team //Creetz to: Moroccan Security Team Dr.E-vil,Dr.Erase,H0550N,|ucifer,DaBDouB-MoSiKaR OverclockiX,ki11er ,Dranzelz,Esp!onLeRaVaGe,ameer,www.lezr.com and all muslim morocco 1...

RHEL 3 : vixie-cron (RHSA-2006:0117)

An updated vixie-cron package that fixes a bug and security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified program...

Design/Logic Flaw

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...

CVE-2006-1166

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...

CVE-2006-1166

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...

CVE-2006-0845

CVE-2006-0845 affects Leif M. Wright's Blog 3.5. The vulnerability arises when an administrator can configure the sendmail path to a malicious pathname, allowing remote authenticated users with admin privileges to execute arbitrary shell commands. The EVULN/SECURITYVULNS records indicate a shell ...

[Full-disclosure] [INetCop Security Advisory] Global Hauri Virobot cookie exploit

======================================== INetCop Security Advisory 2006-0x82-028 ======================================== Title: Global Hauri Virobot cookie exploit 0x01. Description Virobot Unix/Linux Server is anti virus program that develop in Global Hauri. Product in Unix of SUN Sparc, HP, IB...

Design/Logic Flaw

GUI display truncation vulnerability in ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...

gnupg -- false positive signature verification

Werner Koch reports: The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification e.g. by scripts and mail programs, false positive signature verification of detached signatures may occur. This problem affects the too...