|
|
Colapse all |
Post message
Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure 2005-09-13 contact airscanner com XSS Vulnerability in MIVA Merchant 5 - Includes Fix 2005-09-14 admin hyperconx com MIVA Merchant 5 is vulnerable to XSS attack. Users can use javascript to embed their own inputs into the MM5 screens and checkout pages overriding various store safeguards and functions. MIVA Corporation has been very cooperative and has already posted an update to their software entitled (core-4). [ more ] [ reply ] MDKSA-2005:164 - Updated XFree86/x.org packages fix vulnerability 2005-09-14 Mandriva Security Team (security mandriva com) [SECURITY] [DSA 811-1] New common-lisp-controller packages fix arbitrary code injection 2005-09-14 joey infodrom org (Martin Schulze) RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox 2005-09-14 Peter Kruse (kruse krusesecurity dk) Hi Juha! > I have informed the vendor Netscape being affected on 9th > September 2005. I did the same on the 10th of September - still no reply nor official statement from Netscape which makes me a little worried. > 2) > Disabling IDN support via about:config (or prefs.js file) is > possible i [ more ] [ reply ] Re: Re: Serious Security issue with broken - Microsoft's .Net XML Serialization API 2005-09-14 darkangel stt gmail com there is an attribute in .net to serialize all your attributes... "long" type may not be serializable by default (no idea why)... example : [XmlRootAttribute("item", IsNullable = false)] public class MenuData { [XmlAttribute("Label")] public string MenuLabel = string.Empty; [XmlAttribute( [ more ] [ reply ] RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies 2005-09-14 Ferguson, Justin (IARC) (FergusonJ nv doe gov) J. Ferguson Intrusion Analyst NNSA Information Assurance Response Center fergusonj (at) nv.doe (dot) gov [email concealed] -----Original Message----- From: Ferguson, Justin (IARC) Sent: Wednesday, September 14, 2005 6:50 AM To: 'Martin Roesch'; Ferguson, Justin (IARC) Cc: 'snort-devel (at) lists.sourceforge (dot) net [email concealed]'; 'snort-users@ [ more ] [ reply ] Anti Arp Poisoning Daemon (OpenAAPD) PS: Link corrected 2005-09-14 Andrea Di Pasquale (whyx openbeer it) RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies 2005-09-14 Steven Sturges (steve sturges sourcefire com) > Q5) Frag3 has the problem in the snapshot I downloaded, why > won't you admit it? > A5) Because you're wrong. The snapshot you're referring to > has the fixes in PrintTcpOptions(), so even with the call to > PrintIPPkt() in there the DoS doesn't work. Version 2.4.0 > did not have the code yo [ more ] [ reply ] Re: PHP Nuke <= 7.8 Multiple SQL Injections 2005-09-14 evaders99 gmail com I'd just like to report as a solution: the Nuke Patched files. These are being developed to cover all the latest vulnerabilities, and to fix issues with previous versions of phpNuke. Current change log http://www.nukefixes.com/ftopict-1779-.html#7641 These changes will be implemented to our CVS an [ more ] [ reply ] Re: AWstats Path Disclosure Vulnerability 2005-09-15 Fournaux (fournaux khmerdev com) Hi ! If you use this url : http://www.server.com/awstats/awstats.pl?config=xxx You will get the full path on the hard drive of the script "awstats.pl" with all sub folders. To prevent an attack, this is the kind of information you should hide. If you search "full path disclosure" on google or on [ more ] [ reply ] Oracle Reports: Generic SQL Injection Vulnerability via Lexical References 2005-09-14 ak red-database-security com ######################################################################## ##### Red-Database-Security GmbH - Oracle Reports Security Advisory Generic SQL Injection Vulnerability in Oracle Reports via Lexical References Name Generic SQL Injection Vulnerability in Oracle Reports via L [ more ] [ reply ] Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability 2005-09-15 alexsrb netsite com Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version I have found Vulnerability in Online Dating Software by AEwebworks - aeDating Script <= 4.0 version which is exploitable when you are searching for your soulmate at aeDating service Software. For example : www.[target].com/s [ more ] [ reply ] CastleCops ramps up fight against CoolWebSearch/HomeSearch 2005-09-14 Paul Laudanski (zx castlecops com) CastleCops keeps and maintains various databases on malware and legitimate items for browser helpers objects, toolbars, startups, services, and activex objects. Thanks to the collaboration of many Team CastleCops Expert members, CC is frequently among the first to indentify and analyze a new em [ more ] [ reply ] Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness 2005-09-15 Juha-Matti Laurio (juha-matti laurio netti fi) Remote File Inclusion in MyGuestbook 2005-09-14 rod hedor (rodhedor hotmail com) Remote File Inclusion in MyGuestbook Date: 10/07/2005 Severity: High version: 0.6.1 The bug reside in form.inc.php3 The Vulnerable Code if ($show < 1) { include ("form.inc.php3"); } Exploit : http://server/Guestbook/form.inc.ph...cmd.gif?&cmd=id Discovery by RoDheDoR L-G-H Team http [ more ] [ reply ] Is netcraft publishing URL of your intranet sites? 2005-09-15 Saqib Ali (docbook xml gmail com) Hello All, Seems like netcraft is publishing URLs of the "IntrAnet" sites on their "Most Visited Web Sites" webpage. For e.g. see http://toolbar.netcraft.com/stats/topsites?s=BC2835548233105D201D1B94E74 3#1440209 It has listed IBM's secure intranet site: < https://w3esapp1.endicott.ibm.com > in th [ more ] [ reply ] gtkdiskfree insecure temporary file creation 2005-09-15 ZATAZ Audits (exploits zataz net) ######################################################### gtkdiskfree insecure temporary file creation Vendor: http://gtkdiskfree.tuxfamily.org/ (no more avaible) Advisory: http://www.zataz.net/adviso/gtkdiskfree-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : [ more ] [ reply ] Character Manipulation in Online Systems. 2005-09-15 hackology gmail com Applicable to Almost all the discussion forums or places which require you an Email System... Risk : Medium (being just 18 years old, i can not write a very attractive article, but i will try my best) I discovered this Trick after playing with Orkut, then tried it on some other Portals For INstan [ more ] [ reply ] Avocent CCM: Port Access Control Bypass Vulnerability 2005-09-15 spam drwetter org Hi, this is another bug I found during my research on console servers which is presumably fixed by now. So here you go: Summary: Port Access Control Bypass Vulnerability Details: Avocents CCM console server have a flaw which enables users to bypass access control by using ssh with standard pas [ more ] [ reply ] SQL injection & XSS in phpoutsourcing Noah's classifieds 2005-09-14 alireza hassani (trueend5 yahoo com) Software: phpoutsourcing Noah's classifieds Vendor: http://classifieds.phpoutsourcing.com/ Version: all versions Bug: SQL injection & XSS Exploitation: Remote with browser ------------------------------------------------------------------------ ------------- Introduction: Noah' Classifieds is a gen [ more ] [ reply ] TWiki Remote Command Execution Vulnerability 2005-09-14 Sap . (0xsapx0 gmail com) This advisory alerts you of a potential security issue with your TWiki installation: The TWiki history function allows arbitrary shell command execution. The permanent place for this advisory is http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev . Please see updates and follow-u [ more ] [ reply ] Airscanner Mobile Security Advisory #05081102: vxFtpSrv 0.9.7 Remote Code Execution Buffer Overflow Vulnerability 2005-09-15 contact airscanner com Airscanner Mobile Security Advisory #05081102: vxFtpSrv 0.9.7 Remote Code Execution Buffer Overflow Vulnerability Product: vxFtpSrv 0.9.7 Platform: Tested on Windows Mobile Pocket PC 2003 Requirements: Mobile device running Windows Mobile Pocket PC with vxFtpSrv 0.9.7 installed and running. Cre [ more ] [ reply ] DriverStudio Remote Control Authentication Bypass Vulnerability 2005-09-15 cocoruder 163 com DriverStudio Remote Control Authentication Bypass Vulnerability by cocoruder page:http://ruder.cdut.net email:cocoruder (at) 163 (dot) com [email concealed] && frankruder (at) hotmail (dot) com [email concealed] Last Update:2005.09.10 class:design error date:10/9/2005 Remote:yes local:yes Product Affected: >=NuMega.DriverStudio.v2.7 I test successfull [ more ] [ reply ] Airscanner Mobile Security Advisory #05081101: vxWeb v.1.1.4 Denial of Service Vulnerability 2005-09-15 contact airscanner com Airscanner Mobile Security Advisory #05081101: vxWeb v.1.1.4 Denial of Service Vulnerability Product: vxWeb v1.1.4 Platform: Tested on Windows Mobile Pocket PC 2003 Requirements: Mobile device running Windows Mobile Pocket PC with vxWeb v1.1.4 installed and running. Credits: Seth Fogie Airscan [ more ] [ reply ] Airscanner Mobile Security Advisory #05081203: vxTftpSrv 1.7.0 Remote Code Execution Buffer Overflow Vulnerability 2005-09-15 contact airscanner com Airscanner Mobile Security Advisory #05081203: vxTftpSrv 1.7.0 Remote Code Execution Buffer Overflow Vulnerability Product: vxTftpSrv 1.7.0 Platform: Tested on Windows Mobile Pocket PC 2003 Requirements: Mobile device running Windows Mobile Pocket PC with vxTFTPSrv installed and running. Credit [ more ] [ reply ] [SECURITY] [DSA 812-1] New turqstat packages fix buffer overflow 2005-09-15 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
File Transfer Anywhere v3.01 Local Server Password Disclosure
Product:
TTXN File Transfer Anywhere v3.01 server
Platform:
Tested on Windows Mobile Pocket PC 2003
Requirements:
Mobile device running Windows Mobile Pocket PC with Transfer Anywhere v3.0
[ more ] [ reply ]