SecurityFocus

Cerberus Helpdesk multiple vulnerabilities. 2005-12-25
A. Ramos (aramosf unsec net)

Title: Cerberus Helpdesk multiple vulnerabilities.
Severity: Medium
Affected: cerberus-gui (2.649), support-center (2.649<->3.2.0pr2)
Problem type: remote
Author: Alejandro Ramos <aramosf at unsec dot net>

Description:
------------------------------------------------------------------------
-------

[ more ] [ reply ]

[ GLSA 200512-15 ] rssh: Privilege escalation 2005-12-27
Stefan Cornelius (dercorny gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200512-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Obsidis n°1 released! 2005-12-23
angelo rosiello org

About:
Obsidis is a scientific/underground magazine that focuses on research in ITC security.
The project is managed by Rosiello Security in conjunction with members of Packetstorm Security, Astalavista, Information Security Writers, Blacksun and Hackers Center who make up the Committee.

http://w

[ more ] [ reply ]

Multiple Translation websites Cross Site Scripting vulnerability: Google, Altavista, IBM, freetranslation, worldlingo, etc 2005-12-25
simo morx org

Title: Multiple Translation websites Cross Site Scripting
vulnerability

Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
Date: 22 December 2005
MorX Security Research Team
http://www.morx.org

Service: Translation tools/websites

Vendors: Google, altavista, IBM, freetranslation, wo

[ more ] [ reply ]

[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #3 2005-12-24
bugtraq morph3us org

[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #2 2005-12-24
bugtraq morph3us org

[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #1 2005-12-24
bugtraq morph3us org

[ GLSA 200512-13 ] Dropbear: Privilege escalation 2005-12-23
Stefan Cornelius (dercorny gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200512-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Airscanner Mobile Security Advisory #0508310 Spb Kiosk Engine Administrator Password & Information Disclosure 2005-12-24
contact removethis removethis airscanner com

Airscanner Mobile Security Advisory #05083101:
Spb Kiosk Engine Administrator Password & Information Disclosure (Local)

Product:
Kiosk Engine 1.0.0.1

Platform:
Tested on Windows Mobile Pocket PC 2003

Requirements:
Mobile device running Windows Mobile Pocket PC with Kiosk Engine 1.0.0.1 installed

[ more ] [ reply ]

Found new bug 2005-12-23
hackeriri yahoo com

In GOD We Trust
Kachal667 Under9round Team (KuT)
Hi,
Here's my(LrK) new advisory about PHP Website.

PHP System - Input Data(simple XSS) vulnerabilities
Date: 02/11/2005

Summary
-------

PHP is a language for programming and it is very good language for

[ more ] [ reply ]

CFP - IT Underground 2006, Prague, Czech Republic 2005-12-27
Piotr Sobolewski (piotr sobolewski gazeta pl)

Dear Bugtraq readers,

I'd like to announce the call for papers for the IT Underground 2006, a
two-day conference organized by Software Conferences and hakin9.lab team in
23-24 February 2006, Prague, Czech Republic.

IT Underground 2006 is a fifth edition of a conference dedicated to IT
security

[ more ] [ reply ]

Secunia Research: IceWarp Web Mail Multiple File InclusionVulnerabilities 2005-12-27
Secunia Research (vuln secunia com)

======================================================================

Secunia Research 27/12/2005

- IceWarp Web Mail Multiple File Inclusion Vulnerabilities -

======================================================================
Table of Contents

Affected Software..

[ more ] [ reply ]

[SECURITY] [DSA 928-1] New dhis-tools-dns packages fix insecure temporary file creation 2005-12-27
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 928-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 27th, 2005

[ more ] [ reply ]

Dev web management system <= 1.5 SQL injection / cross site scripting 2005-12-24
retrogod aliceposta it

---- Dev web management system <= 1.5 SQL injection / cross site scripting -----

software:
site: http://dev-wms.sourceforge.net/
description: "Dev is powerful and very flexible content management
system for web portals[..]"
-------------------------------------------------------------

[ more ] [ reply ]

MDKSA-2005:237 - Updated cpio packages fix buffer overflow on x86_64 2005-12-24
Mandriva Security Team (security mandriva com)

MDKSA-2005:236 - Updated fetchmail packages fix vulnerability 2005-12-24
Mandriva Security Team (security mandriva com)

Multiple Network-related Vulnerabilities in Electric Sheep 2005-12-23
MichaelAiello MichaelAiello com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Polytechnic University ISIS Security Advisory PUISIS10212005
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://isis.poly.edu/
- - - - - -

[ more ] [ reply ]

Electric Sheep window-id stack overflow 2005-12-23
MichaelAiello MichaelAiello com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Polytechnic University ISIS Security Advisory PUISIS10202005
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://isis.poly.edu

[ more ] [ reply ]

[TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB 2005-12-23
tk trapkit de

RE: Webwasher CSM Appliance Script Security Restriction Bypass 2005-12-23
Frank Berzau (frank cyberguard com)

The Proactive Security Filter is one of several security filters in the
Webwasher CSM Suite. It can block or mitigate many day zero threats
before their signature is added to the integrated Antivirus engines.
While we never claimed it can detect 100% of new malware, we are
continously improving the

[ more ] [ reply ]

[SECURITY] [DSA 926-2] New ketm packages fix privilege escalation 2005-12-23
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 926-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 23rd, 2005

[ more ] [ reply ]

[ GLSA 200512-12 ] Mantis: Multiple vulnerabilities 2005-12-22
Stefan Cornelius (dercorny gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200512-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

XSS&Sql injection attack in PHP-Fusion 6.00.3 Released 2005-12-22
krasza gmail com

XSS&Sql injection attack in PHP-Fusion 6.00.3 Released
Web page:http://www.php-fusion.co.uk/

Author:krasza[krasza (at) gmail (dot) com [email concealed]]

1.Description
(...)"PHP-Fusion is a constantly evolving content management system (CMS) powered by PHP 4 and mySQL. It provides an easy to install system with a simple yet p

[ more ] [ reply ]

Webwasher CSM Appliance Script Security Restriction Bypass 2005-12-22
d0t v0rt3x (d0tv0rt3x gmail com)

Vendor: Webwasher (http://www.webwasher.com/)
Product: Webwasher CSM Appliance
Affected versions: CSM Suite 5.x
Author: .v0rt3x (d0tv0rt3x[at]gmail[d0t]com)
Date: 2005-Dec-22

....Background....
"...Webwasher appliances provide high-performance "Proactive
Filtering" of bidirectional SMTP, HTTP, HTTP

[ more ] [ reply ]

iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability 2005-12-22
labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com)

Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability

iDefense Security Advisory 12.22.05
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=362
December 22, 2005

I. BACKGROUND

Linux is a clone of the operating system Unix, written from scratch by
Linus Torvalds with ass

[ more ] [ reply ]

Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) 2005-12-22
Reed Arvin (reedarvin gmail com)

( Original article: http://reedarvin.thearvins.com/20051222-01.html )

Summary:
Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11)
and CMA 3.5 (patch 5) (http://www.mcafee.com/)

Details:
By default the naPrdMgr.exe process runs under the context of the
Local System account. Every

[ more ] [ reply ]

CYBSEC - Security Advisory: httprint Multiple Vulnerabilities 2005-12-22
Mariano Nuñez Di Croce (mnunez cybsec com)

(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vu
lnerabilities.pdf)

CYBSEC S.A.
www.cybsec.com

Advisory Name: httprint Multiple Vulnerabilities
==========

Vulnerability Class: Denial of Service, Arbit

[ more ] [ reply ]

[SECURITY] [DSA 925-1] New phpbb2 packages fix several vulnerabilities 2005-12-22
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 925-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 22nd, 2005

[ more ] [ reply ]

fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348) 2005-12-21
ma+bt dt e-technik uni-dortmund de

fetchmail-SA-2005-03: security announcement

Topics: #1 crash retrieving headerless message in multidrop mode
#2 fetchmail 6.2.5.X end of life

Author: Matthias Andree
Version: 1.00
Announced: 2005-12-19
Type: null pointer dereference
Impact: fetchmail crashes
Danger: low
Credits: Daniel Drak

[ more ] [ reply ]