SecurityFocus

Zyxel Prestige 660H-61 Cross-Site Scripting 2006-07-26
jose palanco eazel es

Zyxel Prestige 660H-61 Cross-Site Scripting

Tested on Zyxel Prestige 660H-61

ZyNOS F/W Version: V3.40(PT.0)b32 | 1/28/2005

Standard:NORMAL

Discovered by: José Ramón Palanco: jose.palanco(at)eazel(dot).es

http://www.eazel.es

Description:

Zyxel Prestige 660H-61 ADSL Router is vuln

[ more ] [ reply ]

TP-Book <= 1.00 Cross Site Scripting Vulnerabilities 2006-07-25
tamriel gmx net

wwwThreads XSS 2006-07-25
l2odon yahoo com

#----------------------------------------------------------

#Aria-Security.net Advisory

#Discovered by: l2odon

#< www.Aria-security.net>

#Gr33t to: A.u.r.a & O.U.T.L.A.W & R@1D3N @ DrtRp & Cl0wn

#-----------------------------------------------------------

#Software: wwwTh

[ more ] [ reply ]

PHP-Auction SQL injection 2006-07-25
l2odon yahoo com

[SECURITY] [DSA 1111-2] New Linux kernel 2.6.8 packages fix privilege escalation 2006-07-26
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1111-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Dann Frazier
July 26th, 2006

[ more ] [ reply ]

Multiple vulnerabilities in OpenCMS 2006-07-26
Meder Kydyraliev (meder o0o nu)

Multiple access control and input validation vulnerabilities in
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OpenCMS (Open Source Website Content Management System)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

0. ORIGINAL ADVISORY
~~~~~~~~

[ more ] [ reply ]

[USN-297-3] Thunderbird vulnerabilities 2006-07-26
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-297-3 July 26, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779,
CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2784,
CVE-2006-2787
=========

[ more ] [ reply ]

[USN-320-2] php4 regression 2006-07-26
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-320-2 July 26, 2006
php4 regression
https://launchpad.net/bugs/53581
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04

[ more ] [ reply ]

Secunia Research: AutoVue SolidModel Professional Buffer OverflowVulnerability 2006-07-26
Secunia Research (remove-vuln secunia com)

======================================================================

Secunia Research 26/07/2006

- AutoVue SolidModel Professional Buffer Overflow Vulnerability -

======================================================================
Table of Contents

Affected Software.

[ more ] [ reply ]

EzUpload multi file vulnerabilities 2006-07-26
hack2prison yahoo com

I don't know anyone report this but I have detected this when test EzUpload Pro 2.2.0

Attacker can re-config EzUpload system without login.

File: filter.php --> change Extensions Mode file type.

File: access.php --> change Protection Method accept anyone upload file

File: edituser.php --> Add us

[ more ] [ reply ]

MS06-034 lies? IIS 6 can still be owned? 2006-07-26
Cesar (cesarc56 yahoo com)

Hi all.

After early getting the details of MS06-034 I thought
it will be cool to build the exploits since there has
been long time without any IIS exploit and our
customers (see *1) will like it, so I asked the guys
to build the exploits and that I will take care of the
part of elevating privilege

[ more ] [ reply ]

Full Path Disclosure xGuestBook v1.02 2006-07-25
dicomdk gmail com

###################Dicomdk####################

Full Path Disclosure xGuestBook v1.02 #

#

http://xatrix.xa.funpic.de/xguestbook2/ #

#

By : X-boy #

############

[ more ] [ reply ]

[ MDKSA-2006:131 ] - Updated perl-Net-Server packages fix format string vulnerability 2006-07-25
security mandriva com

[security bulletin] HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS) 2006-07-25
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00579189
Version: 2

HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon
as soon as possible.

[ more ] [ reply ]

[ GLSA 200607-10 ] Samba: Denial of Service vulnerability 2006-07-25
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200607-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties 2006-07-25
simo64 gmail com

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties

Produce : LinksCaffe 3.0

Website : http://gonafish.com/

Impact : manupulation of data / system access

Discovered by : Simo64 - Moroccan Security Team

[+] SQL injection

******************

[1]Vulnerable cod

[ more ] [ reply ]

[vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow 2006-07-25
vulnpost-remove vuln sg

AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow

by Tan Chew Keong

Release Date: 2006-07-25

Summary

-------

A vulnerability has been found in AGEphone. When exploited, the vulnerability allows execution of arbitrary code with privileges of the AGEphone user via a single specially-cra

[ more ] [ reply ]

[vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability 2006-07-25
vulnpost-remove vuln sg

[vuln.sg] Vulnerability Research Advisory

TurboZIP ZIP Repair Buffer Overflow Vulnerability

by Tan Chew Keong

Release Date: 2006-07-25

Summary

-------

A vulnerability has been found in TurboZIP. When exploited, the vulnerability allows execution of arbitrary code when the user opens and

[ more ] [ reply ]

[vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities 2006-07-25
vulnpost-remove vuln sg

[vuln.sg] Vulnerability Research Advisory

DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities

by Tan Chew Keong

Release Date: 2006-07-25

Summary

-------

Some vulnerabilities have been found in DynaZip DZIP32.DLL/DZIPS32.DLL. When exploited, the vulnerabilities allow execution

[ more ] [ reply ]

Advisory: VMware Possible Incorrect Permissions On SSL Key Files 2006-07-25
Nick Breese (nick breese security-assessment com)

========================================================================

= VMware Possible Incorrect Permissions On SSL Key Files
=
= VMWare Advisory:
= http://kb.vmware.com/kb/2467205
=
= Affected Software:
= VMware Player for Linux
= VMware Workstation for Linux
= VMware Server for Linux

[ more ] [ reply ]

[USN-296-2] Firefox vulnerabilities 2006-07-25
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-296-2 July 25, 2006
firefox, mozilla-firefox vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778,
CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783,
CVE-2006-2784, CVE

[ more ] [ reply ]

[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities 2006-07-25
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200607-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA 1122-1] New Net::Server packages fix denial of service 2006-07-24
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1122-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 24th, 2005

[ more ] [ reply ]

Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006) 2006-07-23
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Freeciv
http://www.freeciv.org
Versions: <= 2.1.0-beta1 and SVN <= 15 Jul 2006
Platforms: Windows, *nix, *BSD, MacOS and more
Bugs: A] mem

[ more ] [ reply ]

SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced 2006-07-21
research symantec com

Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127) 2006-07-23
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Warzone Resurrection
http://home.gna.org/warzone/
(Warzone 2100 http://www.strategyplanet.com/warzone2100/)
Versions: <= 2.0.3 and SVN

[ more ] [ reply ]

rPSA-2006-0135-1 gimp 2006-07-24
Justin M. Forbes (jmforbes rpath com)

rPath Security Advisory: 2006-0135-1
Published: 2006-07-24
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
User Deterministic Privilege Escalation
Updated Versions:
gimp=/conary.rpath.com@rpl:devel//1/2.2.8-8.2-1

References:
http://www.cve.mitre.org/cgi-bin/cvename.

[ more ] [ reply ]

Opsware NAS 6.0 reveals MySQL 'root' password 2006-07-24
Freeman, Michael (mfreeman multimax com)

The Opsware Network Automation System (NAS) version 6.0 installation
places an 'init' style startup script in /etc/init.d/mysqll and places
the 'root' password that you choose for the MySQL MAX database during
installation.

The permissions on this small shell script are world readable, allowing
an

[ more ] [ reply ]