---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated fetchmail packages fix security issues
Advisory ID: FLSA:164512
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Empire
http://www.wolfpackempire.com
http://sourceforge.net/projects/empserver
Versions: <= 4.3.2
Platforms: Windows, *nix, *BSD and

[ more ]  [ reply ]

Software: e107 (CMS)

Versions: <= 0.7.2

Type: SQL-injection

Homepage: www.e107.org

Description:

----------------------------

SQL-Injection in e107 allows attacker to become a site admininstrator.

Requirements:

----------------------------

Magic_quotes_gpc = Off

[ more ]  [ reply ]

Details

The first vulnerability issue is due to an input validation error in "index.php" "diapo.php" and "affich.php" scripts that do not validate "rep","image" variables, which may be exploited to cross site scripting attacks.

http://traget/index.php?rep=[xss]

http://traget/diapo.php?rep=[

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated xloadimage package fixes security issues
Advisory ID: FLSA:152923
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ]  [ reply ]

David,

One thing you have to keep in mind is that a lot of things are incredibly
variable when dealing with this subject. For instance, suppose you want to
ensure that the URI in a web server is not overflowable. So you test with
something like

GET /[AAAAAAAAA x 4096] HTTP/1.1
Host: foobar.com
Con

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: GNUnet
http://www.gnunet.org
Versions: <= 0.7.0d and revision 2780
Platforms: Windows, *nix, *BSD, Mac and more
Bug: UDP socket unreachab

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Outgun
http://koti.mbnet.fi/outgun/
Versions: <= 1.0.3 bot 2
Platforms: Windows, *nix, *BSD and more
Bugs: A] data_file_request buffer-ove

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated gnupg package fixes security issues
Advisory ID: FLSA:185355
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Raydium
http://raydium.org
Versions: <= SVN revision 309
(newer versions can be vulnerable to some of the bugs
which are

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Genecys
http://www.genecys.org
Versions: <= 0.2 and current CVS
Platforms: *nix and *BSD
Bugs: A] tell_player_surr_changes buffer-overflow

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated emacs packages fix a security issue
Advisory ID: FLSA:152898
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated ncpfs package fixes security issues
Advisory ID: FLSA:152904
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated tetex packages fix security issues
Advisory ID: FLSA:152868
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ]  [ reply ]

ROTFL ! Wonderful Italian *Haccher* !!

*Only* 3 (I say three) years this bug is known.

https://bugzilla.mozilla.org/show_bug.cgi?id=181860

Do you know this guy, P4 ? NO ?! A stroke of luck!

[ more ]  [ reply ]

# Milli-Harekat Advisory ( www.milli-harekat.org )

# Gallery Upload Vulnerabilities

# Risk : High

# Class: Remote

# Script : Gallery Scripts

# Credits : Dj ReMix

# Thanks : ßy Korsan , Liz0zim ,ESOBAR, PoizinBo0x ,TR_IP ,ERNE ,CyberWolf...

# Vulnerable Scripts :

DUGallery v1.

[ more ]  [ reply ]

==================

Credit: Mr-X

Site: www.alshmokh.com

Email: Mster-X (at) hotmail (dot) com [email concealed]

==================

Example:-

/chat.php?action=showmain&PHPSESSID=XSS

[ more ]  [ reply ]

Giving "1 LIST .. *" IMAP command allows the user to see all files and
directories under the mbox root's parent directory, so potentially you
could see other users' mailbox names. Nothing can be done with them
though, so it's not possible to read or modify them.

There are also some other less than

[ more ]  [ reply ]

SEC Consult Security Advisory 20060512-0
==============================================================
title: Symantec Enterprise Firewall NAT/HTTP
Proxy Private IP Exposure
program: Symantec Enterprise FW
vulnerable version: 8.0

[ more ]  [ reply ]

Hii, i'm king_purba,

Sorry, i made miss analysis on ssh case

All connection trough IP will die caused

by ARP cache poissoning, this isn't ssh problem

since the goal of attack is IP.

regards

[ more ]  [ reply ]

Yes, there really is a issue here. If you take

time and don't just look at the first 2-3 pages

in google.

Phil's Bookmark is a bookmark script.

[ more ]  [ reply ]

THere was a LDAP backdoor security hole in Dokeos last week. Dokeos has released a patch for this : http://www.dokeos.com/download/dokeos-1.6.4-patch1.zip

Thomas De Praetere

DOKEOS

[ more ]  [ reply ]

PHPBB 2.0.20 multiple issues with avatars

some problems persistently lie in the way it handles remote and uploaded avatars:

a remote user can:

(1) saturate the server with unuseful files, 'cause phpbb do not delete

the previous one when you upload a new avatar

(2) use PhpBB installatio

[ more ]  [ reply ]