SecurityFocus

Jupiter CMS 1.1.5 index.php Remote File Include 2006-08-25
D3nGeR Gmail CoM

########################################################################
##########

#Jupiter CMS 1.1.5 index.php Remote File Include

#

#F0und by : D3nGeR

#E-mail : D3nGeR (at) Gmail (dot) CoM [email concealed]

########################################################################
##########

#

[ more ] [ reply ]

Sql injection in Xoops 2006-08-25
Omid (omid hackers ir)

Hi,
There is a sql injection in Xoops 2.0.14 (and maybe before versions) .
One of the user inputs, is used in the sql query without proper checking :

File /edituser.php, Line 347 :
:: if (!empty($_POST['user_avatar'])) {
>> $user_avatar = trim($_POST['user_avatar']);
:: $criteri

[ more ] [ reply ]

Sql injection in Mambo & Joomla 2006-08-25
Omid (omid hackers ir)

Hi,
There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe
other versions) :
[The codes are from Mambo 4.6 RC2 & some may be different in Joomla]

*) When a user edits a content, the "id" parameter is not checked properly
in /components/com_content/content.php, which can cause

[ more ] [ reply ]

[ GLSA 200608-24 ] AlsaPlayer: Multiple buffer overflows 2006-08-26
Raphael Marichez (falco gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

AlstraSoft Video Share Enterprise Remote File Include Vulnerability 2006-08-26
night_warrior- hotmail com

##Night_Warrior<Kurdish Hacker>

##night_warrior-[at]hotmail.com

##AlstraSoft Video Share Enterprise Remote File Include Vulnerability

##Contact : night_warrior-[at]hotmail.com

##hompage : www.alstrasoft.com

##vuln code :

myajaxphp.php line 11

require_once($config['BASE_DIR'] . "/ajax/cpain

[ more ] [ reply ]

Bigace 1.8.2 (GLOBALS) Remote File Inclusion 2006-08-26
vampire_chiristof yahoo com

Author : Vampire

Location : Iran - Tehran

HomePage : http://www.hackerz.ir

Email : Vampire_chiristof[at]yahoo[dot]com

Critical Level : Dangerous

------------------------------------------------------------------------

---------------

Affected Software Description:

~~~~~~~~~~~~

[ more ] [ reply ]

MyBB Html Injection ( XSS ) 2006-08-25
Redworm MaiL Com

Hi

################################################

MyBB Have Xss In Avatar And Attachment.php

################################################

HEX editor With GIF picture Open , JS code are writing.

~~~~~~ GIF89ajscode ~~~~~~

Js Code:Hex:

&3c%73%63%72%69%70%74%3e%69%6d%67%20%

[ more ] [ reply ]

[ MDKSA-2006:152 ] - Updated wireshark packages fix multiple vulnerabilities 2006-08-25
security mandriva com

CuteNews 1.3.* Remote File Include Vulnerability 2006-08-25
stormhacker hotmail com

Welcome people In World Defacers Team

[W]orld [D]efacers Team

======================================

--------------------Summary----------------

eVuln ID: WD22

Vendor: CuteNews 1.3.*

Vendor's Web Site: http://cutephp.com/

Software: Live Customer Support Solution :- http://www.p

[ more ] [ reply ]

[ MDKSA-2006:151 ] - Updated kernel packages fix multiple vulnerabilities 2006-08-25
security mandriva com

[ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities 2006-08-25
security mandriva com

Re: Symantec Gateway Security DNS exploit 2006-08-24
axel seedig org

The SGS will refuse any external query unless you explizit allow external recursion. By default the DNS from the SGS will only answer queries for domains the SGS DNS is authoritative for.

[ more ] [ reply ]

YaPiG thanks_comment.php Cross-Site Scripting Vulnerability 2006-08-25
Kuon_at_Armorize_dot_com no this domain

/*

Kuon <Armorize Security Team>

Kuon-[at]-Armorize.com

YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

Contact : Kuon-[at]-Armorize.com

Link : www.Armorize.com

*/

Armorize Technologies Security Advisory

Advisory No: 20061001

Date: 2006/08/25

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-06:18.ppp [REVISED] 2006-08-25
FreeBSD Security Advisories (security-advisories freebsd org)

TSLSA-2006-0048 - multi 2006-08-25
Trustix Security Advisor (tsl trustix org)

rPSA-2006-0158-1 tshark wireshark 2006-08-25
Justin M. Forbes (jmforbes rpath com)

rPath Security Advisory: 2006-0158-1
Published: 2006-08-25
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote Root Non-deterministic Vulnerability
Updated Versions:
wireshark=/conary.rpath.com@rpl:devel//1/0.99.3a-0.1-1
tshark=/conary.rpath.com@rpl:devel//1/0.99

[ more ] [ reply ]

Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11) 2006-08-25
Matt Riddell (IT) (matt riddell sineapps com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mu Security ( http://www.musecurity.com/ ) posted details of multiple
vulnerabilities in Asterisk which have been fixed in the latest version.

You can find more information at the Daily Asterisk News Site:

http://www.sineapps.com/news.php?rssid=1448

[ more ] [ reply ]

Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities 2006-08-25
Krulewitch, Sean V (krulewit iu edu)

Re: [eVuln] B-net Software Multiple XSS Vulnerabilities 2006-08-25
anon anon net

The security vulnerabilities have been fixed in this software, users are

advised to upgrade to version 1.1 of the software

http://sourceforge.net/project/showfiles.php?group_id=117067&package_id=
162975&release_id=442067

[ more ] [ reply ]

NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability 2006-08-25
NSFOCUS Security Team (security nsfocus com)

NSFOCUS Security Advisory (SA2006-08)

Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability

Release Date: 2006-08-25

CVE ID: CVE-2006-3869

http://www.nsfocus.com/english/homepage/research/0608.htm

Affected systems & software
===================

Internet Explorer 6 SP1 with MS06-042

[ more ] [ reply ]

rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs 2006-08-25
Justin M. Forbes (jmforbes rpath com)

rPath Security Advisory: 2006-0157-1
Published: 2006-08-25
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Local Deterministic Vulnerability
Updated Versions:
xorg-x11=/conary.rpath.com@rpl:devel//1/6.8.2-30.1-1
xorg-x11-fonts=/conary.rpath.com@rpl:devel//1/6.8.2-30

[ more ] [ reply ]

[ MDKSA-2006:148 ] - Updated xorg-x11 packages fix vulnerabilities 2006-08-24
security mandriva com

Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities 2006-08-24
Stefan Esser (sesser hardened-php net)

[ MDKSA-2006:149 ] - Updated MySQL packages fix user privilege vulnerabilities 2006-08-24
security mandriva com

EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability 2006-08-24
Marc Maiffret (mmaiffret eeye com)

Internet Explorer Compressed Content URL Heap Overflow Vulnerability

Release Date:
August 24, 2006

Date Reported:
August 17, 2006

Severity:
High (Code Execution)

Systems Affected:
Internet Explorer 6 SP1 with MS06-042 - Windows 2000
Internet Explorer 6 SP1 with MS06-042 - Windows XP SP1

Overvie

[ more ] [ reply ]

[ GLSA 200608-23 ] Heartbeat: Denial of Service 2006-08-24
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA 1155-2] New sendmail packages fix denial of service 2006-08-24
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1155-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 24th, 2006

[ more ] [ reply ]