Next Page >>
Hello Bugtraq
Hello Bugtraq!
As I checked this DoS vulnerability today, it also works in IE7, besides
IE6.
Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous
versions (and potentially next versions).
P.S.
If I were a customer of theirs I'd be cutting them some slack. I'm just
sayin'.
MustLive wrote:
> Hello Bugtraq!
>
> I want to warn you about security vulnerabilities in system phpCOIN.
>
> -----------------------------
> Advisory: Vulnerabilities in phpCOIN
Hello Bugtraq!
I want to warn you about security vulnerabilities in CMS SiteLogic. It's
Ukrainian commercial CMS. In addition to previously reported vulnerabilities
(disclosed this year), I will report about vulnerabilities in this CMS,
which I disclosed in 2009.
-----------------------------
Advisory: Vulnerabilities in CMS SiteLogic
-----------------------------
> Honest question -- are you going to post about every site that has lousy
> captcha? Would it be faster if us admins that have lousy captcha just
> outted ourselves first?
>
> MustLive wrote:
>> Hello Bugtraq!
>>
>> I want to warn you about security vulnerability in plugin CB Captcha
>> (plug_cbcaptcha) for component Community Builder (com_comprofiler) for
>> Joomla and Mambo. The posting of this advisory to mailing lists was
>> delayed,
Hello Bugtraq!
I want to warn you about security vulnerabilities in system NovaBoard.
In this advisory I'm continue to inform readers of mailing lists about
vulnerable web applications which are using CaptchaSecurityImages.php. If
you read Bugtraq you can saw the letter which was posted last week by one
developer of one such vulnerable web application (which I posted to the
list before). And from that letter it's clearly seen, that web developers
ignore advisory about holes in CaptchaSecurityImages.php itself, and only
Hello Bugtraq!
I want to warn you about security vulnerability in Referer module for
DataLife Engine (DLE).
-----------------------------
Advisory: Vulnerability in Referer for DataLife Engine
-----------------------------
URL: http://websecurity.com.ua/3942/
-----------------------------
Hello Bugtraq!
I want to warn you about security vulnerabilities in system CCMS - Clan
Content Management System.
In this advisory I'm continue to inform readers of mailing lists about
vulnerable web applications which are using CaptchaSecurityImages.php. If
you read Bugtraq you can saw the letter, from which it's clearly seen, that
web developers ignore advisory about holes in CaptchaSecurityImages.php
itself, and only draw attention on advisories about their specific web
Hello Bugtraq!
I want to warn you about security vulnerabilities in plugin Belavir for
WordPress. It's security plugin.
-----------------------------
Advisory: Vulnerabilities in Belavir for WordPress
-----------------------------
URL: http://websecurity.com.ua/4160/
-----------------------------
Sent: Monday, May 10, 2010 10:13 PM
Subject: Re: Vulnerabilities in Sebo - webstore
> 2010/5/8 MustLive <mustlive@websecurity.com.ua>:
>> Hello Bugtraq!
>>
>> I want to warn you about security vulnerabilities in e-commerce system
>> Sebo - webstore.
>>
>> In this advisory I'm continue to inform readers of mailing lists about
Hello Bugtraq!
I am continue informing you about multiple vulnerabilities in XAMPP.
-----------------------------
Advisory #7
-----------------------------
CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP
-----------------------------
URL: http://websecurity.com.ua/3285/
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Bugtraq,
The call for papers for the yStS (you Sh0t the Sheriff) conference is now
open!
The 4th edition will be, once again, held in Sao Paulo, Brazil, on May
17th, 2010.
Hello Bugtraq and Xacker!
As I mentioned at my site (http://websecurity.com.ua/3762/), where I posted
about this XSS vulnerability in Invision Power Board, the fix offered by
Xacker is not effective. And better to use another method of fixing offered
by me.
Author of this advisory said, that in IPB a MIME-type application/x-dirview
is set for txt files. But at my forum (on IPB 2.2.2) for txt files a
MIME-type text/plain was set by default and the attack was worked. So
Hello Bugtraq!
I want to warn you about new vulnerabilities in Invision Power Board.
These are Cross-Site Scripting vulnerabilities. Attack is going via
attachment (at click on the attachment in the post at forum or on the link
to this attachment). These are persistent XSS vulnerabilities.
I know for a long time about possibility of attacks via swf-files. So many
years ago I turned off support of swf-files in attachments (and in avatars
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Joomulus
(mod_joomulus) plugin for Joomla. Which I found at 23.12.2009.
It is similar to XSS vulnerability in WP-Cumulus
(http://websecurity.com.ua/3665/), because it's using tagcloud.swf made by
author of WP-Cumulus. About millions of flash files tagcloud.swf which are
vulnerable to XSS attacks I mentioned in my article XSS vulnerabilities in 8
millions flash files (http://websecurity.com.ua/3789/).
Hello Bugtraq!
I want to warn you about Denial of Service vulnerability in Internet
Explorer. Yesterday I already informed Microsoft.
This attack I called DoS via homepage.
DoS:
http://websecurity.com.ua/uploads/2009/IE%20DoS%20Exploit10.html
From: MustLive
To: bugtraq@securityfocus.com
Sent: Nov 8, 2009 8:54 AM
Subject: DoS vulnerability in Internet Explorer
Hello Bugtraq!
I want to warn you about Denial of Service vulnerability in Internet
Explorer. Yesterday I already informed Microsoft.
This attack I called DoS via homepage.
Hello Bugtraq!
I want to warn you about security vulnerabilities in system phpCOIN.
-----------------------------
Advisory: Vulnerabilities in phpCOIN
-----------------------------
URL: http://websecurity.com.ua/4090/
-----------------------------
Affected products: phpCOIN 1.6.5 and previous versions.
Hello Bugtraq!
I want to warn you about security vulnerabilities in plugin Gigya Socialize
for WordPress.
-----------------------------
Advisory: Vulnerabilities in Gigya Socialize for WordPress
-----------------------------
URL: http://websecurity.com.ua/4153/
-----------------------------
Hello Bugtraq!
I want to warn you about security vulnerability in different browsers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/
-----------------------------
Thank you. Now if you could wait for patches before disclosing I'd be
even happier.
MustLive wrote:
> Hello Bugtraq!
>
> I want to warn you about security vulnerability in different browsers.
>
> -----------------------------
> Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
> spam?
>
> Why not give the admin of the site a chance?
>
> MustLive wrote:
>> Hello Bugtraq!
>>
>> I want to warn you about security vulnerabilities in system Dunia Soccer.
>>
>> -----------------------------
>> Advisory: Vulnerabilities in Dunia Soccer
Hello Bugtraq!
I want to warn you about security vulnerability in Flash Tag Cloud control
for ASP.NET.
-----------------------------
Advisory: Vulnerability in widget Flash Tag Cloud for Blogsa and other
ASP.NET engines
-----------------------------
URL: http://websecurity.com.ua/4213/
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
Hello Bugtraq!
I want to warn you about security vulnerabilities in Firebook.
-----------------------------
Advisory: Vulnerabilities in Firebook
-----------------------------
URL: http://websecurity.com.ua/4124/
-----------------------------
Affected products: all versions of Firebook.
Hello Bugtraq!
I want to warn you about security vulnerabilities in HoloCMS.
-----------------------------
Advisory: Vulnerabilities in HoloCMS
-----------------------------
URL: http://websecurity.com.ua/4068/
-----------------------------
Timeline:
Hello Bugtraq!
I want to warn you about security vulnerabilities in WeBAM.
-----------------------------
Advisory: Vulnerabilities in WeBAM
-----------------------------
URL: http://websecurity.com.ua/4046/
-----------------------------
Timeline:
Hello Bugtraq!
I want to warn you about security vulnerabilities in TooFAST.
-----------------------------
Advisory: Vulnerabilities in TooFAST
-----------------------------
URL: http://websecurity.com.ua/4053/
-----------------------------
Timeline:
Hello Bugtraq!
I want to warn you about security vulnerabilities in ArcManager.
-----------------------------
Advisory: Vulnerabilities in ArcManager
-----------------------------
URL: http://websecurity.com.ua/4057/
-----------------------------
Timeline:
Hello Bugtraq!
I want to warn you about multiple vulnerabilities in eSitesBuilder. After
previous vulnerabilities in eSitesBuilder (SecurityVulns ID:10940), which I
wrote earlier in June, there are Insufficient Anti-automation, Cross-Site
Scripting, SQL Injection and Full path disclosure vulnerabilities in
eSitesBuilder. It's Ukrainian commercial CMS (which is used particularly for
online shops). Both previous and these vulnerabilities were ignored and not
fixed by developers.
Hello Bugtraq!
I want to warn you about security vulnerabilities in MiniManager for Project
MANGOS.
-----------------------------
Advisory: Vulnerabilities in MiniManager for Project MANGOS
-----------------------------
URL: http://websecurity.com.ua/4061/
-----------------------------
Next Page>>
|
