SecurityFocus

LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues 2007-10-09
Chris Travers (chris travers gmail com)

Severity: Critical
Effect: Compromise of FInancial Data, deletion of audit trails,
alteration of system settings, disclosure of confidential information
possible in some setups.
Affected products: LedgerSMB 1.0.0-1.2.7 , SQL-Ledger 2.x (all versions).

1: SQL injection issue in invoice quantity

[ more ] [ reply ]

DNewsWeb Softwares Cross Site Scripting Vulrnability 2007-10-09
DoZ HackersCenter com

[HSC] DNewsWeb Softwares Cross Site Scripting Vulrnability

The DNews News Server is advanced news server software that makes it easy for you to

provide users with fast access to Internet (Usenet) news groups. Installing your own l

ocal news server software also gives you complete control to

[ more ] [ reply ]

rPSA-2007-0212-1 util-linux 2007-10-09
rPath Update Announcements (announce-noreply rpath com)

rPath Security Advisory: 2007-0212-1
Published: 2007-10-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:
util-linux=/conary.rpath.com@rpl:devel//1/2.12r-1.5-1

rPath Issue Tracking System:
https://issu

[ more ] [ reply ]

Viart Shopping Cart Directory Transversal Vuln 2007-10-09
Advisory Aria-Security Net, "[ NO REPLY ]" securityfocus com

Aria-Security Team

----------------------

Viart Shopping Cart Directory Transversal Vuln

Vendor:

http://www.viart.com/

POC:

function createCertFingerprint($filename) {

$fp = fopen($filename, "r");

http://target/path/payments/ideal_process.php

Credits Goes To Aria-Security

[ more ] [ reply ]

Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype 2007-10-08
Geo. (geoincidents nls net)

----- Original Message -----
From: "Glynn Clements" <glynn (at) gclements.plus (dot) com [email concealed]>

> URIs which it passes to an external handler (e.g. mailto:), it only
> needs to identify the scheme (to select the correct handler); it is
> the handler's responsibility to validate its own URIs (i.e. mail
> programs n

[ more ] [ reply ]

[security bulletin] HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) 2007-10-08
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01183597
Version: 1

HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)

NOTICE: The information in this Security Bulletin

[ more ] [ reply ]

Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype 2007-10-08
KJK::Hyperion (hackbunny s0ftpj org)

Geo. ha scritto:
> I don't agree. Whatever program takes input from an untrusted source, it's
> that programs duty to sanitize the input before passing it on to internal
> components. It's like a firewall, you filter before it gets inside the
> system.

NO! wrong! stop the "input sanitization" fa

[ more ] [ reply ]

Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype 2007-10-07
Thierry Zoller (Thierry Zoller lu)

Dear Geo,

Thank you for the challenge, Geo. Your trying to get the discussion in
a direction that doesn't serve the purpose of the finding, nor would
it "proof" anything. I welcome your task though I'd like you to know
that I don't think I have to proof anything to you. However if you pay
enough I

[ more ] [ reply ]

[security bulletin] HPSBMA02274 SSRT071445 rev.1 - HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS) 2007-10-08
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01183265
Version: 1

HPSBMA02274 SSRT071445 rev.1 - HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be ac

[ more ] [ reply ]

[security bulletin] HPSBUX02181 SSRT061289 rev.3 - HP-UX Running IPFilter, Remote Denial of Service (DoS) 2007-10-08
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00837319
Version: 3

HPSBUX02181 SSRT061289 rev.3 - HP-UX Running IPFilter, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possib

[ more ] [ reply ]

BT Home Flub: Pwnin the BT Home Hub 2007-10-08
Adrian P (unknown pentester gmail com)

http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub

The BT Home Hub, which is probably the most popular home router in the
UK, is susceptible to critical vulnerabilities.

BT's plan is to sneak one of this boxes into every UK home. Not only
does the BT Home Hub support broadband but a

[ more ] [ reply ]

Black Hat Tokyo + DC and Europe CfPs now open. 2007-10-09
Jeff Moss (jmoss blackhat com)

We've finalized the speaker lineup for Black Hat Japan 2007, and we're looking forward to a great show. Attendees will be treated to a roster with more variety and depth than ever.
The schedule and speaker bios are available on-line at:

http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedu

[ more ] [ reply ]

[security bulletin] HPSBUX01137 SSRT5954 rev.11 - HP-UX Running TCP/IP (IPv4), Remote Denial of Service (DoS) 2007-10-08
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00571568
Version: 11

HPSBUX01137 SSRT5954 rev.11 - HP-UX Running TCP/IP (IPv4), Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as p

[ more ] [ reply ]

[security bulletin] HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) 2007-10-08
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01178795
Version: 1

HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be

[ more ] [ reply ]

rPSA-2007-0210-1 xen 2007-10-08
rPath Update Announcements (announce-noreply rpath com)

rPath Security Advisory: 2007-0210-1
Published: 2007-10-08
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect Root Deterministic Unauthorized Access
Updated Versions:
xen=/conary.rpath.com@rpl:devel//1/3.0.3_0-1.6-1

rPath Issue Tracking System:
https://issues

[ more ] [ reply ]

TorrentTrader Classic Mutiple Remote vulnerabilities 2007-10-08
security soqor net

Hello,,

TorrentTrader Classic Mutiple Remote vulnerabilities

Discovered By : HACKERS PAL

Copy rights : HACKERS PAL

Website : http://www.soqor.net

Email Address : security (at) soqor (dot) net [email concealed]

Tested on TorrentTrader Classic v1.07

local file inclusion

backend/admin-functions.php?ss_uri=dd

[ more ] [ reply ]

[ GLSA 200710-03 ] libvorbis: Multiple vulnerabilities 2007-10-07
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200710-07 ] Tk: Buffer overflow 2007-10-07
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200710-05 ] QGit: Insecure temporary file creation 2007-10-07
Pierre-Yves Rofes (py gentoo org)

new vuln in snewscms.net.ru in lang file 2007-10-08
info medconsultation ru

New Advisory:

Snewscms Rus

http://www.medconsultation.ru

--------------------Summary----------------

Software: SnewsCMS Rus v. 2.1

Sowtware's Web Site: http://www.snewscms.net.ru

Versions: 2.1

Critical Level: Moderate

Type: XSS

Class: Remote

Status: Unpatched

PoC/Exploit: Not

[ more ] [ reply ]

[ GLSA 200710-04 ] libsndfile: Buffer overflow 2007-10-07
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200710-06 ] OpenSSL: Multiple vulnerabilities 2007-10-07
Pierre-Yves Rofes (py gentoo org)

[SECURITY] [DSA 1362-2] New lighttpd packages fix buffer overflow 2007-10-07
Steve Kemp (skx debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory 1362-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
October 7th, 2007

[ more ] [ reply ]

[ GLSA 200710-02 ] PHP: Multiple vulnerabilities 2007-10-07
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]