SecurityFocus

Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ) 2006-08-29
h4ck3riran yahoo com

************************************************************************
*******

*** ***

***

[ more ] [ reply ]

e107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution 2006-08-29
rgod autistici org

#!/usr/bin/php -q -d short_open_tag=on

<?

print_r('

------------------------------------------------------------------------
--------

e107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands

execution exploit

by rgod rgod (at) autistici (dot) org [email concealed]

site: http://retrogod.altervista.org

d

[ more ] [ reply ]

[SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities 2006-08-29
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1160-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 29th, 2006

[ more ] [ reply ]

LinksCaffe no checker at admin 2006-08-29
hoangyenxinhdep yahoo com

Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username.

Proof of exploit:

http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php

Or the images of mirro

[ more ] [ reply ]

[ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability 2006-08-29
security mandriva com

CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow 2006-08-29
Mariano Nuñez Di Croce (mnunez cybsec com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Window
s_DHCP_Client_Service_Remote_Buffer_Overflow.pdf)

This advisory contains the full-detailed information rega

[ more ] [ reply ]

[ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities 2006-08-29
security mandriva com

[ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities 2006-08-29
security mandriva com

rPSA-2006-0159-1 ImageMagick 2006-08-29
Justin M. Forbes (jmforbes rpath com)

rPath Security Advisory: 2006-0159-1
Published: 2006-08-29
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.2-1

References:
http://www.cve.mitre.org

[ more ] [ reply ]

[ GLSA 200608-28 ] PHP: Arbitary code execution 2006-08-29
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200608-26 ] Wireshark: Multiple vulnerabilities 2006-08-29
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200608-27 ] Motor: Execution of arbitrary code 2006-08-29
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

SYMSA-2006-009 2006-08-28
research symantec com

Possible Myspace Worm 2006-08-27
mjw cyberwart com

There appears to be a new myspace worm propagating on their pages. The worm

infects a user's profile page and then attempts to phish for usernames

(emails) and passwords. The page looks almost identical to a regular myspace

login and the url looks like a valid myspace page. However, the form

att

[ more ] [ reply ]

Re: Another YabbSE Remote Code Execution Vulnerability 2006-08-26
wiziwig comcast net

I am the author of a package that continued development of the YABBSE code base after it was abandoned by Lewis Media. I believe we have corrected this security hole and I invite security explorers to assist in validating this. Please email me in reply and discuss your terms for this service.

Tha

[ more ] [ reply ]

JetBox cms (search_function.php) Remote File Include 2006-08-28
carcabotx yahoo com (1 replies)

############################################

Found by : CarcaBot

--

E-mail : CarcaBotx [at] Yahoo [dot] com

--

$relative_script_path.'/libs/htmlheader.php

--

Exploit

--

# Google Dork: powered by Jetbox CMS

--

http://www.sitename.com/path/includes/phpdig/libs/search_function.php?re
lative

[ more ] [ reply ]

AW: JetBox cms (search_function.php) Remote File Include 2006-08-29
Frank Reißner (mail frank-reissner de)

interact <= 2.2 (CONFIG[BASE_PATH]) Remote File Include Vulnerability 2006-08-28
carcabotx yahoo com

/*

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

- - - [Romanian Electronic Network Security Lab Team ThE Best Romanian Hacking Team] - -

+

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

- Cce-interact <= 2.2.0 (CONFIG[BASE_PATH]) Remote File Include Vulnerability

+

+~~~~~~~~~~

[ more ] [ reply ]

[ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations 2006-08-28
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA 1158-1] New streamripper packages fix arbitrary code execution 2006-08-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1158-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 25th, 2006

[ more ] [ reply ]

[SECURITY] [DSA 1159-1] New Mozilla Thunderbird packages fix several problems 2006-08-28
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1159-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 28th, 2006

[ more ] [ reply ]

[SECURITY] [DSA 1157-1] New ruby1.8 packages fix several vulnerabilities 2006-08-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1157-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 27th, 2006

[ more ] [ reply ]

[XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability 2006-08-27
nop (nop xsec org)

Advisory ID:
XSec-06-10

Advisory Name:
Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability

Release Date:
08/28/2006

Tested on:
Windows 2000/XP/2003 Internet Explorer 6.0 SP1

Affected version:
Windows 2000
Windows XP
Windows 2003

Author:
nop <nop#xsec.org>
http://www.xsec.org

Overview:

[ more ] [ reply ]

[SECURITY] [DSA 1156-1] New kdebase packages fix information disclosure 2006-08-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1156-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 27th, 2006

[ more ] [ reply ]

Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities 2006-08-26
matdhule gmail com

------------------------------------------------------------------------
---

Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities

------------------------------------------------------------------------
---

Author : Matdhule

Date

[ more ] [ reply ]

Cisco NAC Appliance Agent Installation Bypass Vulnerability 2006-08-26
Andreas Gal (gal uci edu) (2 replies)

Description:
Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed
Network Admission Control (NAC) product that uses the network
infrastructure to enforce security policy compliance on all devices
seeking to access network computing resources. With NAC Appliance, network
admini

[ more ] [ reply ]

Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability 2006-08-26
Udo Sprotte (USprotte web de)

Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability 2006-08-26
Eloy Paris (elparis cisco com)

Suggested Fix for CVE-2006-4299 2006-08-26
Michael Jennings (mej kainx org)

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4299
http://www.securityfocus.com/bid/19654

Since the vendor appears to be asleep at the wheel, and Google turned
up nothing helpful, I've attempted my own fix for this vulnerability.
As I've found no exploit code to speak of,

[ more ] [ reply ]

Jetbox CMS search_function.php Remote File 2006-08-25
D3nGeR Gmail CoM

########################################################################
##########

#Jetbox CMS search_function.php Remote File Include

#

#F0und by : D3nGeR

#E-mail : D3nGeR (at) Gmail (dot) CoM [email concealed]

########################################################################
##########

#

[ more ] [ reply ]