SecurityFocus

ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow 2006-09-07
zdi-disclosures 3com com

ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow
http://www.zerodayinitiative.com/advisories/ZDI-06-028.html
September 7, 2006

-- CVE ID:
CVE-2006-4379

-- Affected Vendor:
Ipswitch

-- Affected Products:
ICS/IMail Server 2006

-- TippingPoint(TM) IPS Customer Protection:
Tippi

[ more ] [ reply ]

SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability 2006-09-07
ciriboflacs yahoo com

------------------------------------------------------------------------
---

SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability

------------------------------------------------------------------------
---

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :

Remot

[ more ] [ reply ]

Shadow Prémod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability 2006-09-07
ciriboflacs yahoo com

------------------------------------------------------------------------
---

Shadow Prémod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability

------------------------------------------------------------------------
---

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CRE

[ more ] [ reply ]

Re: [Full-disclosure] Linux kernel source archive vulnerable 2006-09-07
Raj Mathur (raju linux-delhi org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Hadmut" == Hadmut Danisch <hadmut (at) danisch (dot) de [email concealed]> writes:

Hadmut> [snip]

Hadmut> When unpacking such an archive, tar also sets the uid,
Hadmut> gid, and file permissions given in the tar
Hadmut> archive. Unfortunately, plenty of fil

[ more ] [ reply ]

DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution 2006-09-07
rgod autistici org

#!/usr/bin/php -q -d short_open_tag=on

<?

print_r('

------------------------------------------------------------------------
--------

DokuWiki <= 2006-03-09b release /bin/dwpage.php remote commands execution xploit

by rgod rgod (at) autistici (dot) org [email concealed]

site: http://retrogod.altervista.org

dork: "Driven b

[ more ] [ reply ]

CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer 2006-09-07
CORE Security Technologies Advisories (advisories coresecurity com)

Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/

Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer

Date Published: 2006-09-07

Last Update: 2006-09-06

Advisory ID: CORE-2006-0322

Bugtraq ID: None currently assigned

[ more ] [ reply ]

CORE-2006-0321: AOL ICQ Pro 2003b heap overflow vulnerability 2006-09-07
CORE Security Technologies Advisories (advisories coresecurity com)

Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/

AOL ICQ Pro 2003b heap overflow vulnerability

Date Published: 2006-09-07

Last Update: 2006-09-06

Advisory ID: CORE-2006-0321

Bugtraq ID: None currently assigned

CVE Name: N

[ more ] [ reply ]

Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244 2006-09-07
Chris Travers (chris metatrontech com)

Hi all;

I have received many requests from security professions responsible for the
security of Linux distros to move the full disclosure ahead. Now that I am
reasonably sure that the full scope of the problem is known and fixed in
the fix that Chris Murtagh and myself put together, it has been re

[ more ] [ reply ]

xxs in MKPortal M1.1 2006-09-07
exe_crack hotmail com

xxs in MKPortal M1.1 Rc1

info:

file:index.php

google======>MKPortal M1.1 Rc1 ©2003-2005

Exp:

http://www.sitename.com/index.php?ind="><script>alert(1);</script>

--------------------------------------

By Crack_man

Thank to all friend in www.lezr.com/vb

[ more ] [ reply ]

[ MDKSA-2006:162 ] - Updated php packages fix vulnerabilities 2006-09-07
security mandriva com

Re: PasswordSafe 3.0 weak random number generator allows key recovery attack 2006-09-07
ronys users sourceforge net

Just for the record, since this item is still being quoted:

- The reported weakness was a flaw in the *First Beta Release* of PasswordSafe 3.0

- The flaw has been fixed since the second beta, released in April 2006.

Rony

[ more ] [ reply ]

BinGoPHP News <= 3.01 [bnrep] Remote File Include Vulnerability 2006-09-07
ciriboflacs yahoo com

------------------------------------------------------------------------
---

BinGoPHP News <= 3.01 [bnrep] Remote File Include Vulnerability

------------------------------------------------------------------------
---

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :

Re

[ more ] [ reply ]

[ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery 2006-09-07
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Host header cannot be trusted as an anti anti DNS-pinning measure 2006-09-07
Amit Klein (AKsecurity) (aksecurity hotpop com)

Host header cannot be trusted as an anti anti
DNS-pinning measure

Anti DNS-pinning texts ([1], [2], [3]) typically
mention that the Host header of the HTTP request is
different than the "real" domain name/host name of the
site. As such, a suggested security measure against
anti DNS-pinning describe

[ more ] [ reply ]

PHPFusion <= 6.01.4 extract()/_SERVER[REMOTE_ADDR] sql injection exploit 2006-09-07
rgod autistici org

#!/usr/bin/php -q -d short_open_tag=on

<?

print_r('

------------------------------------------------------------------------
--------

PHPFusion <= 6.01.4 extract()/_SERVER[REMOTE_ADDR] sql injection exploit

by rgod rgod (at) autistici (dot) org [email concealed]

site: http://retrogod.altervista.org

-----------------------

[ more ] [ reply ]

SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities 2006-09-07
3APA3A (3APA3A SECURITY NNOV RU)

Noise:

We have more and more application to secure our networks. Does it means
network becomes more and more secure? No, there is a limit. Because
_any_ application has vulnerabilities. For in much security is much
grief: and he that increaseth code increaseth bugs [1].

Title: P

[ more ] [ reply ]

[USN-342-1] PHP vulnerabilities 2006-09-07
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-342-1 September 07, 2006
php4, php5 vulnerabilities
CVE-2006-4020, CVE-2006-4481, CVE-2006-4482, CVE-2006-4484
===========================================================

A security issue affects the fol

[ more ] [ reply ]

XSS in AckerTodo v4.0 2006-09-07
viz security gmail com

index.php?cmd=edit_task&task_id="><script>document.write(document.cookie
);</script>

AckerTodo use Cookies! You can Get!!

Greetings: Securitydot, WarezWorld, Under-Attack, Opensource and all my friends

[ more ] [ reply ]

NDSS CFP Due September 10th 2006-09-06
Crispin Cowan (crispin novell com)

Security researchers with new results may be interested to know that the
CFP deadline for NDSS is this Sunday September 10th
http://www.isoc.org/isoc/conferences/ndss/07/cfp.shtml

NDSS is a high quality academic peer reviewed conference in computer
security. Traditionally focused on network securit

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-06:20.bind 2006-09-06
FreeBSD Security Advisories (security-advisories freebsd org)

[OpenPKG-SA-2006.019] OpenPKG Security Advisory (bind) 2006-09-07
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security/ http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability 2006-09-06
Steven M. Christey (coley mitre org) (1 replies)

>This vulnerability is not that dangerous because, firstly, if you want
>to exploit it, you must have exact file tree and correct name of the
>malicious script because that variable is never used alone but always
>in concatanation with script name and generic extension

In a typical PHP exploit sce

[ more ] [ reply ]

Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability 2006-09-07
str0ke (str0ke milw0rm com)

[ MDKSA-2006:161 ] - Updated openssl packages fix vulnerability 2006-09-07
security mandriva com

FreeBSD Security Advisory FreeBSD-SA-06:19.openssl 2006-09-06
FreeBSD Security Advisories (security-advisories freebsd org)

[USN-341-1] libxfont vulnerability 2006-09-06
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-341-1 September 06, 2006
libxfont, xorg vulnerability
CVE-2006-3467
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu

[ more ] [ reply ]

WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit 2006-09-06
stormhacker hotmail com (1 replies)

[W]orld [D]efacers Team

--------------------Summary----------------

eVuln ID: WD23

Vendor: phpopenchat-3.0.*

Vendor's Web Site: http://phpopenchat.org

Class: Remote

PoC/Exploit: Available

Solution: Not Available

Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de )

----

[ more ] [ reply ]

Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit 2006-09-07
Carsten Eilers (ceilers-lists gmx de)