SecurityFocus

[ MDKSA-2006:222 ] - Updated koffice packages fixes integer overflow vulnerability 2006-12-01
security mandriva com

PHPNews 1.3.0 XSS 2006-12-01
emulamex hotmail com

PHP Script: PHPNews 1.3.0
Class: XSS
Website: http://newsphp.sourceforge.net
Found by: Detefix
dork: inurl:phpnews

-----

- Vulnerable Code:

<?php
print<<<EOT
<a href="$url?action=fullnews&showcomments=1&id=$id">$subject</a> by $username on $time<br />

-----

- Exploits:

http://[target]/

[ more ] [ reply ]

[Aria-Security Team] DuWare DuClassMate SQL Injection Vuln 2006-12-02
Advisory Aria-Security Net

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=59
#-----------------------------------------------------------
#Software: DuClassmate
#Method: SQL Injection
#Vendor: htt

[ more ] [ reply ]

[Aria-Security Team] DuWare DuNews SQL Injection Vuln 2006-12-02
Advisory Aria-Security Net

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=61
#-----------------------------------------------------------
#Software: DuNews
#Method: SQL Injection
#Vendor: http://w

[ more ] [ reply ]

[Aria-Security Team] DuWare DuPortal SQL Injection Vuln 2006-12-02
Advisory Aria-Security Net

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=63
#-----------------------------------------------------------
#Software: DuPortal Pro 3.4
#Method: SQL Injection
#Vendo

[ more ] [ reply ]

[ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability 2006-12-02
security mandriva com

CuteNews 1.3.6 XSS 2006-12-01
emulamex hotmail com

PHP Script: CuteNews 1.3.6
Class: XSS
Website: http://cutephp.com/cutenews
Found by: Detefix
dork: inurl:cutenews

-----

- Vulnerable Code:

<td align=center colspan=4 style='text-align:left;'>$result</td>

-----

- Exploit:

http://[target]/[path-to-cutenews]/?result=[XSS]

[ more ] [ reply ]

freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability 2006-12-01
-= SHELL =- -= SHELL =- (she1l hotmail com)

##################################################
#
#
# freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability
#
#

[ more ] [ reply ]

rPSA-2006-0222-1 tar 2006-12-01
rPath Update Announcements (announce-noreply rpath com)

rPath Security Advisory: 2006-0222-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect User Deterministic Vulnerability
Updated Versions:
tar=/conary.rpath.com@rpl:devel//1/1.15.1-7.1-1

References:
http://www.cve.mitre.org/cgi-bin/cvena

[ more ] [ reply ]

TSLSA-2006-0068 - multi 2006-12-01
Trustix Security Advisor (tsl trustix org)

rPSA-2006-0224-1 gnupg 2006-12-01
rPath Update Announcements (announce-noreply rpath com)

rPath Security Advisory: 2006-0224-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect Non-deterministic Unauthorized Access
Updated Versions:
gnupg=/conary.rpath.com@rpl:devel//1/1.4.5-1.1-1

References:
http://www.cve.mitre.org/cgi-bin/

[ more ] [ reply ]

iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability 2006-12-01
iDefense Labs (labs-no-reply idefense com)

Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability

iDefense Security Advisory 12.01.06
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 01, 2006

I. BACKGROUND

Novell Inc's ZENworks is a set of tools used to automate IT management and
business processes across the vario

[ more ] [ reply ]

Aspee Ziyaretçi Defteri (tr) Sql injection Vuln. 2006-12-01
ShaFuq31 HoTMaiL CoM

# LiderHack.Org

# Script name : Aspee Ziyaretçi Defteri (tr)

# Script Download : http://aspindir.com/goster/4575

# Risk : High

# Found By : ShaFuck31

# Thanks : Dekolax , DesquneR , ST@ReXT , SaboTaqe

# Vulnerable file : giris.asp

Manual connect :

Go to Admin Panel Login -----> http://victim

[ more ] [ reply ]

iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability 2006-12-01
iDefense Labs (labs-no-reply idefense com)

Novell ZENworks Asset Management Collection Client Heap Overflow
Vulnerability

iDefense Security Advisory 12.01.06
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 01, 2006

I. BACKGROUND

Novell Inc's ZENworks is a set of tools used to automate IT management and
business processes across

[ more ] [ reply ]

[SECURITY] [DSA 1222-2] New proftpd packages fix several vulnerabilities 2006-12-01
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1222-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 1st, 2006

[ more ] [ reply ]

Outpost Bypassing Self-Protection via Advanced DLL injection with handle stealing Vulnerability 2006-12-01
Matousec - Transparent security Research (research matousec com)

Hello,

We would like to inform you about a vulnerability in Outpost Firewall PRO 4.0.

Description:

The system process services.exe cares about system services. It runs them during the system boot and thus owns full
access handles to all system services. Outpost protects all processes against co

[ more ] [ reply ]

deV!L`z Clanportal - SQL Injection [061124a] 2006-12-01
Tim Weber (scy-adv scytale de)

/ -[061124a]- | deV!L`z Clanportal - SQL Injection |
\ /

S Y N O P S I S /
================='

-( access: remote severity: high )-

An SQL injection has been found in deV!L`z Clanportal, which allows

[ more ] [ reply ]

deV!L`z Clanportal - Arbitrary File Upload [061124b] 2006-12-01
Tim Weber (scy-adv scytale de)

/ -[061124b]- | deV!L`z Clanportal - Arbitrary File Upload |
\ /

S Y N O P S I S /
================='

-( access: remote severity: high )-

deV!L`z Clanportal allows nearly arbitrary

[ more ] [ reply ]

[ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability 2006-12-01
security mandriva com

Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability 2006-12-01
dh layereddefense com

==================================================
Layered Defense Advisory 1 December 2006
==================================================
1) Affected Software
Novell Client 4.91 SP2
Novell Client 4.91 SP2 Patch Kit
Novell Client 4.91 SP3
Earlier versions may also be vulnerable
===============

[ more ] [ reply ]

[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite 2006-12-01
Noah Meyerhans (noahm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1223-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Noah Meyerhans
December 01, 2006
- ------------

[ more ] [ reply ]

rPSA-2006-0220-1 dovecot 2006-12-01
rPath Update Announcements (announce-noreply rpath com)

rPath Security Advisory: 2006-0220-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local Deterministic Denial of Service
Updated Versions:
dovecot=/conary.rpath.com@rpl:devel//1/1.0.beta8-4.2-1

References:
http://www.cve.mitre.org/cgi-bin/cve

[ more ] [ reply ]

rPSA-2006-0221-1 openldap openldap-clients openldap-servers 2006-12-01
rPath Update Announcements (announce-noreply rpath com)

rPath Security Advisory: 2006-0221-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
openldap=/conary.rpath.com@rpl:devel//1/2.2.26-8.5-1
openldap-clients=/conary.rpath.com@rpl:devel//1/2.

[ more ] [ reply ]

[Aria-Security.Net] Web Hosting Control Panel - cPanel 11 Multiple Cross-Site Scripting Vulnerabilites 2006-12-01
Advisory Aria-Security Net

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=57
#-----------------------------------------------------------
#Software: CPanel
#Tested On CPanel 11 Beta at cpanel.net

[ more ] [ reply ]

Invision Gallery 2.0.7 SQL Injection Vulnerability 2006-12-01
infection mail kz

Invision Gallery 2.0.7

DOS attak can be performed

index.php?automodule=gallery&cmd=postcomment&op=doaddcomment&Post=test&i
mg=111 OR id IN (SELECT BENCHMARK(10000000,BENCHMARK(10000000,md5(current_date))) FROM ipb_gallery_images )

[ more ] [ reply ]

[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation 2006-12-01
Steve Kemp (skx debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1205-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
December 1sd, 2006

[ more ] [ reply ]

[ MDKSA-2006:220 ] - Updated libgsf packages fix heap buffer overflow vulnerability 2006-12-01
security mandriva com

Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability 2006-12-01
emin hasanov com

Thanks for sharing!

Quick fix is to edit file forum/modules/blog/lib/entry_reply_entry.php

and change the following code (line 52 for me)
'where' => "entry_id = {$this->ipsclass->input['eid']}"
to
'where' => "entry_id = '".intval($this->ipsclass->input['eid'])."'"

[ more ] [ reply ]