===========================================================
Ubuntu Security Notice USN-186-2 September 25, 2005
mozilla-firefox vulnerabilities
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The foll

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SUSE Security Announcement

Package: XFree86-server,xorg-x11-server
Announcement ID: SUSE-SA:2005:056
Date:

[ more ]  [ reply ]

Release Date:--
26th September 2005

Severity:--
High (Arbitrary Code Execution)

Vendor:--
Image-Line Software

Vendor Status:--
Vendor Contacted --- No Response

Systems Affected:--
Fl Studio v5.0.1 (Confirmed)
Vulnerability may also exist in previous and current versions

Background:--
FL Studi

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: MultiTheftAuto
http://www.multitheftauto.com
Versions: <= 0.5 patch 1
Platforms: Windows, Linux, FreeBSD and OpenBSD
Bugs: A] anyone can m

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-186-1 September 23, 2005
mozilla, mozilla-firefox vulnerabilities
CAN-2005-2968, MFSA-2005-58
===========================================================

A security issue affects the following Ubuntu releases:

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 817-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 22nd, 2005

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

My Little Forum 1.5 / 1.6beta SQL Injection

software:
site: http://www.mylittlehomepage.net/my_little_forum
software: "A simple web-forum that supports classical thread view (message tree)
as well as messagebord view to display the messages.
Requires PHP > 4.1 and a MySQL database."

1) look at th

[ more ]  [ reply ]

Typos et all included at no charge!
enjoy.

[ more ]  [ reply ]

MailGust 1.9 SQL injection / board takevor

software:
site: http://www.mailgust.org/
description:
Mailgust is three softwares in one:
* Mailing list manager
* Newsletter distribution tool
* Message Board
Mailgust is written in php and uses a mysql database.

vulnerability:

if magic quotes off

[ more ]  [ reply ]

Exploiting the XmlHttpRequest object in IE - Referrer spoofing,
and a lot more...

Amit Klein, September 2005

Preface
=======

This paper is released in a bit of haste, and as such, it may be
somewhat incomplete. The reason is that I was toying with the
co

[ more ]  [ reply ]

AlstraSoft E-Friends Remote command exucetion

Site : http://www.alstrasoft.com/efriends.htm

Description :

AlstraSoft E-Friends is an online social networking software that allows you to start your own site just like Friendster and Tribe.net. The E-Friends software allows members to connect to pe

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 820-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 24th, 2005

[ more ]  [ reply ]

To report a Rita Phishing Scam to the MWP Call to Arms Rita Task Force,
please contact:

US-CERT at soc (at) us-cert (dot) gov [email concealed]
OR
SANS ISC at handlers (at) sans (dot) org [email concealed]

Gadi.

[ more ]  [ reply ]

2.31 23/09/2005

PhpMyFaq 1.5.1 SQL injection / board takeover / user info disclosure / path disclosure
remote code / commands execution

software:
site: http://www.phpmyfaq.de/
description: "phpMyFAQ is a multilingual, completely database-driven FAQ-system.
It supports various databases to store al

[ more ]  [ reply ]

======================================================================

Secunia Research 23/09/2005

- 7-Zip ARJ Archive Handling Buffer Overflow -

======================================================================
Table of Contents

Affected Software..........

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 819-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 23rd, 2005

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2005-0051

Package names: clamav
Summary: Multiple vulnerabilities
Date: 2005-09-23
Affected versions: Trus

[ more ]  [ reply ]

Versions: all from 2.2.1 to 2.3.1(+Service Pack)+shop jportal(I check this bug only on one site)

SQL injection attack
if magic_quotes_qpc=Off

Problem is in file serching engine (download.php), witch code is in ?module/down.inc.php? file:

<code>
if($cat=='all') {
$q_ = "AND title LIKE '%$word%'";

[ more ]  [ reply ]

======================================================================

Secunia Research 23/09/2005

- PowerArchiver ACE/ARJ Archive Handling Buffer Overflow -

======================================================================
Table of Contents

Affected Software...

[ more ]  [ reply ]

Microsoft Internet Explorer 6.0 embedded content cross site scripting

scip AG Vulnerability ID 1746 (09/22/2005)
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746

I. INTRODUCTION

Microsoft Internet Explorer is since many years the most popular web
browser. The main reason for this popularity is

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN

HPSBMA01212 REVISION: 2

SSRT5998 Rev.2 HP System Management Homepage (v2.0.x) Denial of
Service (DoS) and XSS

NOTICE:
The information in this Security Bulletin should be acted upon
as soon as possible.

INITIAL

[ more ]  [ reply ]

Dear All,

On our anniversary Hack Dot AE renew the worldwide Hacking Contest and invite you all to a new challenge. The first contest attracted huge interest from challengers from all over the world. This year contest is similarly constructed of 7 different levels which are more advanced and divers

[ more ]  [ reply ]

My Little Forum 1.5 / 1.6beta SQL Injection

software:
site: http://www.mylittlehomepage.net/my_little_forum
software: "A simple web-forum that supports classical thread view (message tree)
as well as messagebord view to display the messages.
Requires PHP > 4.1 and a MySQL database."

1) look at th

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 817-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 22nd, 2005

[ more ]  [ reply ]

Hi

With respect to the IIS/5.0 48K "bug" (see "HTTP Request Smuggling",
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf, pages 6-7 or 4-5),
Noam Ben-Yochanan commented that IIS/5.x provides with the programmer with a way to consume
the request body (beyond the 48K usually read), thu

[ more ]  [ reply ]