SecurityFocus

PatroNet CMS Xss Vuln 2006-04-12
Soothackers gmail com

-----------------------------------
PatroNet CMS Xss Vuln
-----------------------------------
Site :
http://www.patronet.hu/

Bug :
http://victim/"><script>alert(/Soot/)</script>

-----------------------------------
Source :
http://soot.shabgard.org/bugs/PatroNet-CMS.txt

Credit :
Soot

[ more ] [ reply ]

Clansys Multiple Xss Vulnerabilities 2006-04-12
Soothackers gmail com

---------------------------------------------
Clansys v.1.1 Multiple Xss Vulnerabilities
---------------------------------------------

Bug:
Clansys v.1.0
1- http://victim/path/index.php?page=archiv&func=search
"><script>alert(/Soot/)</script>

Clansys v.1.1
1- http://victim/path/index

[ more ] [ reply ]

[security bulletin] HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code 2006-04-13
security-alert hp com

[USN-270-1] xpdf vulnerabilities 2006-04-13
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-270-1 April 13, 2006
kdegraphics, koffice, xpdf, cupsys, poppler, tetex-bin vulnerabilities
CVE-2006-1244
===========================================================

A security issue affects the following Ub

[ more ] [ reply ]

Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting 2006-04-12
Esteban Martinez Fayo (secemf yahoo com ar)

Argeniss Security Advisory

Name: Vulnerability in Microsoft FrontPage Server Extensions Could Allow
Cross-Site Scripting (MS06-17)
Affected Software: Microsoft FrontPage Server Extensions 2002 and Microsoft
SharePoint Team Services
Severity: Medium
Remote exploitable: Yes (User intervention

[ more ] [ reply ]

[SECURITY] [DSA 1033-1] New horde3 packages fix several vulnerabilities 2006-04-12
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1033-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
April 12th, 2006

[ more ] [ reply ]

Simplog <=0.9.2 multiple vulnerabilities 2006-04-12
rgod autistici org

#!/usr/bin/php -q -d short_open_tag=on
<?
echo "Simplog <= 0.9.2 \"s\" remote cmmnds xctn\r\n";
echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";
echo "site: http://retrogod.altervista.org\r\n\r\n";
echo "dork: intext:\"Powered by simplog\"\r\n\r\n";

if ($argc<5) {
echo "Usage: php ".$argv[0]." host path loca

[ more ] [ reply ]

Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 2006-04-12
Steven M. Christey (coley mitre org) (1 replies)

Michal Zalewski asked:

>...but how come there's no CVE entry for the bash script in my
>signature?

To which I'll answer the underlying question, i.e. "why assign a CVE
identifier to what appears to be a non-vulnerability?"

1) To clarify: while we changed the CVE naming scheme in October 2005

[ more ] [ reply ]

Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2] 2006-04-12
86400s nerim net

[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities 2006-04-12
alex evuln com

New eVuln Advisory:
QLnews XSS and PHP Code Insertion Vulnerabilities
http://evuln.com/vulns/113/summary.html

--------------------Summary----------------
eVuln ID: EV0113
CVE: CVE-2006-1575 CVE-2006-1576
Software: QLnews
Sowtware's Web Site: http://www.vscripts.pl/
Versions: 1.2
Critical Level: Dan

[ more ] [ reply ]

[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation 2006-04-12
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1032-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
April 12th, 2006

[ more ] [ reply ]

Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability 2006-04-12
Sowhat (smaillist gmail com)

Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability

By Sowhat of Nevis Labs
Date: 2006.04.11

http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx

CVE: CVE-2006-1189

Vendor
Microsoft Inc.

Prod

[ more ] [ reply ]

2nd European Conference on Computer Network Defense (EC2ND) 2006-04-11
Blyth A J C (Comp) (ajcblyth glam ac uk)

2nd European Conference on Computer Network
Defense (EC2ND)

14th/15th December 2006, School of Computing, University of Glamorgan,
UK.

Call for
Papers

The 2nd European Conference on Computer Network Defense will take place
in December 2006 at the School of Computing, University o

[ more ] [ reply ]

Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC 2006-04-11
phaas redspin com

Ultr@VNC 1.0.1 Client POC Code
--
Though the Server appears safe against remote code execution, the client exploitation is trivial with OllyDbg.
The following POC binds to port 5900 and executes a buffer overflow on vulnerable clients that connect. The client machine will then spawn an instance of

[ more ] [ reply ]

SAXoPRESS - directory traversal 2006-04-11
securiteam datasec no

SAXoPRESS is a content management system, mainly used for news publishing.

A vulnerability exists in SAXoPRESS, which allows malicious users to read the contents of files on the server, and possibly execute arbitrary commands.

Example exploit:
http://example.com/apps/pbcs.dll/misc?url=../../../../

[ more ] [ reply ]

IT Underground, London 2006 - call for papers 2006-04-11
it_underground gazeta pl

Hello,

I'd like to announce the call for papers for the IT Underground
2006, a two-day conference organized by Software Conferences and
hakin9.lab team in 28-29 June 2006, London, UK.

IT Underground 2006 is a sixth edition of a conference dedicated to
IT security issues, where remarkable author

[ more ] [ reply ]

[ MDKSA-2006:070 ] - Updated openvpn packages fix vulnerability 2006-04-11
security mandriva com

IMF 2006 - Submission Deadline Extension 2006-04-11
Oliver Goebel (Goebel CERT Uni-Stuttgart DE)

Dear all,

for your information:

The deadline to submit papers for the IMF Conference 2006 has been
extended to 2006-05-01.

Please excuse possible cross-postings.

------------------------------------------------------------------------
---

CALL FOR PAPERS

[ more ] [ reply ]

[ MDKSA-2006:071 ] - Updated xscreensaver packages fix clear-text password vulnerability 2006-04-11
security mandriva com

AzDGVote File inclusion 2006-04-11
selfar2002 hotmail com

AzDGVote File inclusion
---------------------------------
Site:http://www.azdg.com/
Demo:http://www.azdg.com/scripts/AzDGVote/vote.php?id=1

---------------------------------------
File inclusion

include $int_path."/AzDG.template.inc.php";

int_path parameter File inclusion

Aut File

vote.php,vi

[ more ] [ reply ]

[SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access 2006-04-11
SRC Telindus (research src telindus com)

HP System Management Homepage Remote Unauthorized Access
--------------------------------------------------------

[Vulnerability]: Remote Authentication Bypass
[Product]: CompaqHTTPServer/9.9 HP System Management Homepage 2.1.3.132
and above
[Platform]: Microsoft® Windows® - Linux operating system

[ more ] [ reply ]

Re: Bypassing ISA Server 2004 with IPv6 2006-04-10
noreply romainl com

Hello:

I must say, the title was alarming. But, the body shows someone who doesn't know the difference between an IPv4 and IPv6 network stack. They are different and require different rules. This is why many IDS/IPS/Firewall systems either offer limited or no support for IPv6.

- Anon for my prote

[ more ] [ reply ]

Re: Re: PHPList <= 2.10.2 remote commands execution 2006-04-11
rg viza gmail com

Isn't this old news?

Your app is a sieve if you run with register globals on (or have developed your own code to do the same thing and replace it). It's a disaster waiting to happen.

In the PHP manual, the developers of PHP have posted a big fat warning about this. It's easier to secure your code

[ more ] [ reply ]

[eVuln] VNews Multiple Vulnerabilities 2006-04-11
alex evuln com

New eVuln Advisory:
VNews Multiple Vulnerabilities
http://evuln.com/vulns/112/summary.html

--------------------Summary----------------
eVuln ID: EV0112
CVE: CVE-2006-1543 CVE-2006-1544 CVE-2006-1545
Software: VNews
Sowtware's Web Site: http://www.vscripts.pl/?id=vnews
Versions: 1.2
Critical Level:

[ more ] [ reply ]

IBM 2006-04-10
ptt btinternet com

Hi,

Does anyone know of a contact at IBM for advisory publication?

Cheers

ptt

[ more ] [ reply ]

Confixx 3.1.2 <= SQL Injection 2006-04-11
sn4k3 23 gmail com

// Confixx 3.1.2 <= SQL Injection //

-----------------------------------------------------------------

[~] Advisory by: LoK-Crew ~ Snake_23

[-] Exploit: http://www.victim.com/user/index.php?SID=[SQL]

[-] Googledork: inurl:confixx inurl:login|anmeldung

[+] Greetz to: Bluegeek and Team.Rootbox
[

[ more ] [ reply ]

Tritanium Bulletin Board 1.2.3 - XSS 2006-04-11
d4igoro gmail com

Tritanium Bulletin Board 1.2.3 - XSS Vulnerabilities
--------------------------------------------------------
Software: Tritanium Bulletin Board 1.2.3
Version: 1.2.3
Type: Cross Site Scripting Vulnerability
Date: Die Apr 11 21:57:50 CEST 2006
Vendor: tritanium
Page: http://www.tritanium-scripts.com/

[ more ] [ reply ]

Manila <= 9.5 - XSS Vulnerabilities 2006-04-11
d4igoro gmail com

Manila <= 9.5 - XSS Vulnerabilities
--------------------------------------------------------
Software: Manila
Version: <= 9.5
Type: Cross Side Scripting Vulnerability
Date: Die Apr 11 21:33:54 CEST 2006
Vendor: UserLand Software
Page: http://manila.userland.com/
Risc: Middle

credits:
--------------

[ more ] [ reply ]