SecurityFocus

[eVuln] MyBB 'Avatar URL' XSS Vulnerability 2006-08-02
alex evuln com

New eVuln Advisory:

MyBB 'Avatar URL' XSS Vulnerability

http://evuln.com/vulns/132/summary.html

--------------------Summary----------------

eVuln ID: EV0132

Vendor: MyBB Group

Vendor's Web Site: http://www.mybboard.com/

Software: MyBB

Sowtware's Web Site: http://www.mybboard.com/

Versions

[ more ] [ reply ]

[USN-330-1] tiff vulnerabilities 2006-08-02
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-330-1 August 02, 2006
tiff vulnerabilities
CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462,
CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
======================================================

[ more ] [ reply ]

[SECURITY] [DSA 1138-1] New cfs packages fix denial of service 2006-08-02
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1138-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 2nd, 2006

[ more ] [ reply ]

rPSA-2006-0143-1 gnupg 2006-08-02
Justin M. Forbes (jmforbes rpath com)

rPath Security Advisory: 2006-0143-1
Published: 2006-08-02
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote User Deterministic Unauthorized Access
Updated Versions:
gnupg=/conary.rpath.com@rpl:devel//1/1.4.5-1-0.1

References:
http://www.cve.mitre.org/cgi-bin/

[ more ] [ reply ]

Content Management Framework "G3" - XSS Vulnerability in Search Function 2006-08-02
Stefan Friedli (stefan friedli gmail com)

Content Management Framework "G3" - XSS Vulnerability in Search Function

INTRO
According to the manufacturer, "G3" is a classic content-management-system,
allowing customers to manage their own websites without knowing much about
webpublishing.
Information about the product is available at:
http:

[ more ] [ reply ]

SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability 2006-08-02
x0r0n hotmail com

///////////////////CYBER-WARRiOR.ORG\\\\\\\\\\\\\\\\\\\\

#SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability

-

#Author: xoron

-

#script: SaveWeb Portal

-

#Class : Remote

-

#cont@ct: x0r0n[at]hotmail[dot]com

-

#CODE: include($SITE_Path."po

[ more ] [ reply ]

[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities 2006-08-02
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1137-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 2nd, 2006

[ more ] [ reply ]

[SECURITY] [DSA 1135-1] New libtunepimp packages fix arbitrary code execution 2006-08-02
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1135-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 2nd, 2006

[ more ] [ reply ]

Secunia Research: Jetbox Multiple Vulnerabilities 2006-08-02
Secunia Research (remove-vuln secunia com)

======================================================================

Secunia Research 02/08/2006

- Jetbox Multiple Vulnerabilities -

======================================================================
Table of Contents

Affected Software..............

[ more ] [ reply ]

[SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities 2006-08-02
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1134-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 2nd, 2006

[ more ] [ reply ]

EEYE: research.eeye.com 2006-08-01
Marc Maiffret (mmaiffret eeye com)

Hi,

I am happy to announce to the first incarnation of
http://research.eEye.com. On this site you can find everything from our
previously released advisories to our previously unreleased research
tools. A lot of these tools are seeing daylight for the first time
outside of eEye so we do expect ther

[ more ] [ reply ]

rPSA-2006-0142-1 libtiff 2006-08-01
Justin M. Forbes (jmforbes rpath com)

rPath Security Advisory: 2006-0142-1
Published: 2006-08-01
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote User Deterministic Unauthorized Access
Updated Versions:
libtiff=/conary.rpath.com@rpl:devel//1/3.8.2-3-0.1

References:
http://www.cve.mitre.org/cgi-bi

[ more ] [ reply ]

JavaScript port scanning 2006-08-01
pdp (architect) (pdp gnucitizen googlemail com)

Inspired by SPI Dynamics - tiny JavaScript port scanner
http://www.gnucitizen.org/projects/javascript-port-scanner/

--
pdp (architect)
http://www.gnucitizen.org

[ more ] [ reply ]

[SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code 2006-08-01
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1133-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 1st, 2006

[ more ] [ reply ]

Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] 2006-08-01
gssincla nnlsoftware com

Title: Barracuda Arbitrary File Disclosure

Severity: High (Sensitive Information Disclosure)

Date: 01 August 2006

Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053

Discovered by: Greg Sinclair (gssincla (at) nnlsoftware (dot) com [email concealed])

Discovered on: 29 May 2006

Overview:

Barracuda

[ more ] [ reply ]

Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] 2006-08-01
gssincla nnlsoftware com

Title: Barracuda Hardcoded Password Vulnerability

Severity: High (Sensitive Information Disclosure)

Date: 01 August 2006

Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053

Discovered by: Greg Sinclair (gssincla (at) nnlsoftware (dot) com [email concealed])

Discovered on: 28 May 2006

Overview:

Ba

[ more ] [ reply ]

DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow' 2006-08-01
K F (lists) (kf_lists digitalmunition com)

DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow'
Author: Kevin Finisterre
Vendor: http://www.apple.com/
Product: 'Mac OSX <=10.4.7'
References:
http://www.digitalmunition.com/DMA[2006-0801a].txt
http://www.digitalmunition.com/getpwnedmail-x86.pl
http://www.digitalmunition.com/getpwnedmail-p

[ more ] [ reply ]

SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure 2006-08-01
secure symantec com (1 replies)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Symantec has posted a Security Advisory for Symantec On-Demand Protection.

PLease see the advisory for complete information:

http://www.symantec.com/avcenter/security/Content/2006.08.01a.html

-----BEGIN PGP SIGNATURE-----

Version: PGP Desk

[ more ] [ reply ]

Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure 2006-08-02
Chris Wysopal (weld vulnwatch org)

[ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities 2006-08-01
security mandriva com

[ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities 2006-08-01
security mandriva com

SUSE Security Announcement: freetype2 (SUSE-SA:2006:045) 2006-08-01
Thomas Biege (thomas suse de)

SUSE Security Announcement: libtiff (SUSE-SA:2006:044) 2006-08-01
Thomas Biege (thomas suse de)

[SECURITY] [DSA 1131-1] New apache package fix buffer overflow 2006-08-01
Steve Kemp (skx debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1131-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
Aug 1st, 2006

[ more ] [ reply ]

WoW Roster <= 1.5.x Remote File Include (hsList.php) 2006-08-01
AG Spider (ag-spider hotmail com)

Title : WoW Roster <= 1.5.x Remote File Include (hsList.php)

########################################################################
#######

Discovered By :::: AG-Spider

------------------------------------------------------------------------
-----
Class : Remote file include
Rish : Danger
--

[ more ] [ reply ]

ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability 2006-08-01
David Matousek (david matousec com)

BlackICE does not protect pamversion.dll in its installation directory. And also because its component
protection fails to protect BlackICE processes this can be misused to inject fake DLL into BlackICE service.

The whole advisory with more details and source code is available here
http://www.matou

[ more ] [ reply ]

TSEP 0.9.4.2 <= Remote File Inclusion 2006-08-01
philipp niedziela gmx de

+--------------------------------------------------------------------

+

+ TSEP 0.9.4.2

+

+--------------------------------------------------------------------

+

+ Affected Software .: TSEP 0.9.4.2

+ Venedor ...........: http://www.tsep.info/

+ Class .............: Remote File Inclusion

+ Ri

[ more ] [ reply ]

[USN-327-2] firefox regression 2006-08-01
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-327-2 August 01, 2006
firefox regression
https://bugzilla.mozilla.org/show_bug.cgi?id=346167
===========================================================

A security issue affects the following Ubuntu r

[ more ] [ reply ]