SecurityFocus

Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan. 2006-02-03
Mert Sarýca (mert sarica gmail com)

http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html

Some people say this method works also on Trend Micro InterScan
Messaging Security Suite and InterScan Web Security Suite. I really
appreciate if you use one of these and can able to test.

[ more ] [ reply ]

[SECURITY] [DSA 964-1] New gnocatan packages fix denial of service 2006-02-03
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 964-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 3rd, 2006

[ more ] [ reply ]

[ MDKSA-2006:033 ] - Updated OpenOffice.org packages fix issue with disabled hyperlinks 2006-02-02
security mandriva com

[ MDKSA-2006:032 ] - Updated xpdf packages fixes heap-based buffer overflow vulnerability 2006-02-02
security mandriva com

Re: Re: Verified evasion in Snort 2006-02-02
anonpoet inconnu isu edu

<pre>
There seems to be some confusion about the fragmentation IDS evasion. We've observed
fragmentation timeouts on windows from 5 seconds to 90 seconds depending on the
software installed and random chance. Here are raw dumps from an evasion.

The mistake Judy Novak made in her analysis was

[ more ] [ reply ]

[ MDKSA-2006:031 ] - Updated kdegraphics packages fixes heap-based buffer overflow vulnerability 2006-02-02
security mandriva com

[ MDKSA-2006:030 ] - Updated poppler packages fixes heap-based buffer overflow vulnerability 2006-02-02
security mandriva com

[SLAB] NetBSD / OpenBSD kernfs_xread patch evasion 2006-02-02
SecurityLab Research (SLAB_research securitylab net)

--- SecurityLab Technologies, Inc.
--- Security Advisory
--- http://www.securitylab.net

Advisory Name: NetBSD / OpenBSD kernfs_xread patch evasion
Release Date: February 02, 2006
Application: kernfs
Platform: NetBSD / OpenBSD
Severity: Severe
Author: SLAB Research
Vendor Status: Patched
Reference

[ more ] [ reply ]

[ MDKSA-2006:029 ] - Updated libast packages fixes buffer overflow vulnerability 2006-02-02
security mandriva com

The History of the Oracle PLSQL Gateway Flaw 2006-02-02
David Litchfield (davidl ngssoftware com)

In the past few days Oracle has criticized me for publishing a workaround
for a critical flaw in their PLSQL Gateway. This email will show that after
4 years of waiting for Oracle to try to get it right, I eventually decided
to take matters into my own hands and provide Oracle customers with more
he

[ more ] [ reply ]

security contact @lycos.com 2006-02-01
Spiros Antonatos (antonat ics forth gr)

Anyone knows any security contact for lycos.com? I have tried
security (at) lycos (dot) com [email concealed] and security (at) lycos-inc (dot) com [email concealed] but they do not work.

Thanks,
Spiros Antonatos

[ more ] [ reply ]

CyberShop Ultimate E-commerce Script Cross Site Scripting 2006-02-02
B3g0k hackermail com

CyberShop Ultimate E-commerce Script Cross Site Scripting

###Hi all
###B3g0k[at]hackermail.com
###Patriotic Hackers!!!
###http://www.patriotichack.org
###Special Thanx All Kurdish Hackers
###-----------------------------------
###CyberShop Ultimate E-commerce Script Cross Site Scripting
###--------

[ more ] [ reply ]

CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities 2006-02-02
Williams, James K (James Williams ca com)

Title: CAID 33581 - CA Message Queuing Denial of Service
Vulnerabilities

CA Vulnerability ID: 33581

CA Advisory Date: 2006-02-02

Discovered By: Nicolas Pouvesle of Tenable Network Security

Impact: Remote attacker can cause a denial of service condition.

Summary: The following two security v

[ more ] [ reply ]

Bug for libs in php link directory 2.0 2006-02-02
Mario Oyorzabal Salgado (tuxsoul tuxsoul com)

Program: PHPLD (Php link directory)
Homepage: http://www.phplinkdirectory.com/
Language: PHP
Version: 2.0

Php link directory use lib's how adodb, smarthy, phpmailer, etc., etc.
but this lib's have bug's.

Bugs:

ADOdb PostgreSQL SQL Injection Vulnerability
<http://www.securityfocus.com/bid/16364>
2

[ more ] [ reply ]

Re: Blackboard Authentication Error 2006-02-02
jeremy qux net

Doesn't seem to be the same on 6.3 with webserver passthrough as the authentication mode. Stuff like this is probably why they encourage closing the browser after logout (that's the default screen on logout since 6.0). At least the session keys don't appear to be unsalted md5 hashes of an incremen

[ more ] [ reply ]

Re: Blackboard Authentication Error 2006-02-02
security-alerts blackboard com

This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product. The customer has been contacted and will be updating their environment. Customers running the Blackboard products do not need to apply any patch

[ more ] [ reply ]

SoftMaker Shop is vulnerable to XSS 2006-02-01
preben watchcom no

Inputs in the SoftMaker Shop is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters.

Some fields have been filtered in a basic form, so that simple scripting like "<script>alert('XSS')</script>" is not possible. However, since the filtering is not bas

[ more ] [ reply ]

[SECURITY] [DSA 963-1] New mydns packages fix denial of service 2006-02-02
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 963-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 2nd, 2006

[ more ] [ reply ]

Black Hat USA CFP opens, Europe early bird reminder, Federal news 2006-02-02
Jeff Moss (jmoss blackhat com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey BugTraq readers,

A bunch of announcements from Black Hat. It was easier to bundle them
all
together instead of send them out bit by bit, so everything from
Black
Hat Federal coverage to the CFP opening for the summer USA conference
is
included. He

[ more ] [ reply ]

[ MDKSA-2006:028 ] - Updated php packages fix XSS and response splitting vulnerabilities 2006-02-01
security mandriva com

Daffodil CRM - vulnerable to SQL-injection. 2006-01-30
preben watchcom no

Daffodil CRM does not properly sanities it's input?s on the login page;

http://www.SITE.com:8080/daffodilcrm/userlogin.jsp

Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1

Vendor?s homepage is: http://www.daffodildb.com/crm/

Please credit to: Preben Nyløkken

[ more ] [ reply ]

Fcrontab - memory corruption on heap. 2006-02-01
pi3ki31ny wp pl

Name: Fcron - convert-fcrontab
Vendor URL: http://fcron.free.fr
Author: Adam Zabrocki <pi3ki31ny (at) wp (dot) pl [email concealed]>
Date: November 25, 2005

Issue:

Fcron (convert-fcrontab) allow users to corruption on heap section.

Desc

[ more ] [ reply ]

Re: MyCO multiple vulnerabilities 2006-02-01
office punctweb com

Hello.

I foud this post by mistake (google search). I'm the creator of MyCO Guestbook, an i have some mentions to make: this project is a very old one, it is not under development for about 3 years now. It was made in a hurry, with lots of laks in code structure and security bugs. I do not recomend

[ more ] [ reply ]

Re: Verified evasion in Snort 2006-02-01
mwatchinski sourcefire com

This and other target base fragmentation evasions are the reason we re-wrote the fragmentation engine in Snort.

If you look at Judy Novak's Frag3 Development paper, Snort's latest fragmentation engine (frag3) supports target-based fragmentation policies for overlaps, ttl evasions, and timeouts. Thi

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-06:08.sack 2006-02-01
FreeBSD Security Advisories (security-advisories freebsd org)