SecurityFocus

Re: WebCalendar Multiple Vulnerabilities 2005-12-01
craig k5n us

Fix has already been posted:

https://sourceforge.net/tracker/index.php?func=detail&aid=1369439&group_
id=3870&atid=303870

[ more ] [ reply ]

PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution 2005-11-30
retrogod aliceposta it

PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution

software:
site: http://www.phpx.org/
description: "PHPX is a constantly evolving and changing Content Management
System (CMS)[..]"

vulnerable code in auth.inc.php at lines 22-26:

...
if (!isset($_POST[use

[ more ] [ reply ]

Re: DNS query spam 2005-11-29
fugi bl org

DNS traffic is UDP, source is spoofed, you setup a large record and request it from the victim's IP to a list of nameservers.

http://packetstormsecurity.org/DoS/ihateperl.pl

nothing new

[ more ] [ reply ]

MDKSA-2005:220 - Updated kernel packages fix numerous vulnerabilities 2005-11-30
Mandriva Security Team (security mandriva com)

Re: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption 2005-11-30
retrogod securityfocus com, at securityfocus com,aliceposta securityfocus com, it securityfocus com

it's not an inclusion bug, it is an fopen()/file corruption bug, this is the vulnerable code in xarMLSXML2PHPBackend.php:
...
function create($ctxType, $ctxName)
{
assert('!empty($this->baseDir)');
assert('!empty($this->baseXMLDir)');
$this->fileName = $this->baseDir;

[ more ] [ reply ]

MDKSA-2005:217 - Updated netpbm packages fix pnmtopng vulnerabilities 2005-11-30
Mandriva Security Team (security mandriva com)

MDKSA-2005:218 - Updated kernel packages fix numerous vulnerabilities 2005-11-30
Mandriva Security Team (security mandriva com)

MDKSA-2005:219 - Updated kernel packages fix numerous vulnerabilities 2005-11-30
Mandriva Security Team (security mandriva com)

Opera 8.50 DoS with simple java applet 2005-11-29
Marc Schoenefeld (marc schoenefeld gmx org) (1 replies)

Hi y'all,

it is possible to crash the opera 8.50 browser with a simple
java applet (see below).
This was observed on Win32, Linux versions maybe affected, too.
This can be tested only at:

http://www.illegalaccess.org/exploit/opera85/OperaApplet.html

As you can see the applet crashes at 0x67c0a54c

[ more ] [ reply ]

Re: Opera 8.50 DoS with simple java applet 2005-11-30
Edward D Wiget (ewiget rhpstudios com)

Gallery 2.x Security Advisory 2005-11-30
Bharat Mediratta (bharat menalto com)

Gallery is an open source web based photo album organizer. The
2.x is a newly released complete rewrite of the application.

Url: http://gallery.menalto.com
Contact: gallery (at) menalto (dot) com [email concealed]

An internal security audit turned up 3 separate vulnerabilities. These
are all resolved in Gallery 2.

[ more ] [ reply ]

[SECURITY] [DSA 912-1] New centericq packages fix denial of service 2005-11-30
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 912-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 30th, 2005

[ more ] [ reply ]

Re: WebCalendar Multiple Vulnerabilities 2005-11-30
ascii (ascii katamail com)

Paul Laudanski wrote:
> I too tried contacting the vendor but received no response. Your timing
> of vendor notice and vul'n release are fast unfortunately. Taking a look,
> simple functions in PHP can be called upon to fix those issues.

thanks Paul for the cooperation : )

i'm sorry i hadn't u

[ more ] [ reply ]

Re: Re: - Cisco IOS HTTP Server code injection/execution vulnerability- 2005-11-29
picardos terra es (1 replies)

>Isn't your exploit somewhat complicated? Just put

><img src="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>

>on a web page, and trick the victim to visit it >while he or she is
>logged into the Cisco router at 192.0.2.1 over >HTTP.
That's what makes this vulnerability so fun.

[ more ] [ reply ]

Re: - Cisco IOS HTTP Server code injection/execution vulnerability- 2005-11-30
Florian Weimer (fw deneb enyo de)

possible privilege escalation on QNX Neutrino 6.3.0 2005-11-29
pasquale minervini (minervini neuralnoise com)

a buffer overflow vulnerability in the utility "phgrafx" included in the
QNX Neutrino Realtime Operating System can potentially be exploited by malicious
users to escalate their privileges (by default the application is suid and owned by root).

example:

qnx$ uname -a; id
QNX qnx 6.3.0 2004/04/29-2

[ more ] [ reply ]

RE: - Cisco IOS HTTP Server code injection/execution vulnerability- 2005-11-29
Evans, Arian (Arian Evans fishnetsecurity com)

To further aggravate the CSRF/'Session Riding' angle, one may
implement two attack mechanisms against Cisco IOS/HTTP (and any
similar platform) with current browsers/javascript injection:

1) img src=[IE only]javascript: and increment through RFC-reserved
IP space; you could focus on .1's and .254's

[ more ] [ reply ]

APPLE-SA-2005-11-29 Security Update 2005-009 2005-11-30
noreply securityfocus com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-11-29 Security Update 2005-009

Security Update 2005-009 is now available and delivers the following
security enhancements:

Apache2
CVE-ID: CVE-2005-2088
Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.3
Impact: Cross-sit

[ more ] [ reply ]

Panda Remote Heap Overflow 2005-11-29
list rem0te com

Date
November 29, 2005

Vulnerability
The Panda Antivirus Library provides file format support for virus analysis. During decompression of ZOO files Panda is vulnerable to a heap overflow allowing attackers complete control of the system(s) being protected. This vulnerability can be exploited remote

[ more ] [ reply ]