Assorted[chips] Security Vulnerabilities

Mandrake Linux Security Advisory : kernel (MDKSA-2007:047)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem (CVE-2006-5701). The zlib_inflate function allows local users to cause a...

fcCMS10-xss.txt

...

CVE-2007-0146

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6).....

CVE-2007-0146

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6).....

Cross site scripting

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6).....

CVE-2007-0146

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6).....

Fix & Chips CMS v1.0

Fix & Chips CMS v1.0 http://software.fixnchipsit.com/ Vulnerable files: staff.php delete-announce.php new-customer.php search.php client-results.php staff.php XSS User input in the Announcement box isn't properly sanatized before being generated. A few PoC's that work: <SCRIPT...

Do-it-yourself unlock phone password-vulnerability warning-the black bar safety net

Crash This bar is estimated to be debugging the used,with caution,some crashes only under the battery. #9 9 9 89 2 6 6# display the receiving channel number and received signal strength; #9 9 9 87 8 6# display the contents of the boot time and the boot to the current a long time. Press-after...

Ubuntu 5.04 / 5.10 : xorg vulnerability (USN-280-1)

The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding....

[Full-disclosure] [HV-INFO] Enova hardware encryption: false sense of security

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Enova hardware encryption: False sense of security Classification: Level: Informational ID: HEXVIEW200603281 URL: http://www.hexview.com/docs/20060328-1.txt Overview: Enova Technology is a manufacturer of the X-Wall ASIC that provides transparent...

CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow

The security flaw When sending a large amount of data to the SentinelLM service, it will result in a buffer overflow where the Extended Instruction Pointer are overwritten, allowing arbitrary code being run on the server, with the rights of the service. About SafeNet inc. SafeNet provides...

OpteronMicrocode.txt

...

[RHSA-2003:067-00] Updated XFree86 packages provide security and bug fixes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Red Hat Security Advisory Synopsis: Updated XFree86 packages provide security and bug fixes Advisory ID: RHSA-2003:067-00 Issue date: 2003-06-25 Updated on: 2003-06-25 Product: Red Hat Linux...

Network device drivers reuse old frame buffer data to pad packets

Overview Many network device drivers reuse old frame buffer data to pad packets, resulting in an information leakage vulnerability that may allow remote attackers to harvest sensitive information from affected devices. Description The Ethernet standard (IEEE 802.3) specifies a minimum data field...

[CLA-2002:529] Conectiva Linux Security Announcement - XFree86

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : XFree86 SUMMARY : Local vulnerabilities DATE : 2002-10-03 14:17:00 ID : CLA-2002:529 RELEVANT RELEASES : 8 DESCRIPTION XFree86 is a freely redistributable open-source implementation...

Multiple vulnerabilities exist within credit card chips thereby allowing malicious user to bypass authentication mechanism

Overview French smart card reader terminals can be fooled into accepting imposter smart cards for payment. Description French smart cards are credit cards with an embedded chip containing certain cardholder, account, and authentication information. These cards are read by automated terminals...

Wireless Access Point Detection

Nessus has determined that the remote host is a wireless access point (AP). Ensure that proper physical and logical controls are in place for its use. A misconfigured access point may allow an attacker to gain access to an internal network without being physically present on the premises. If the...