SecurityFocus

[SECURITY] [DSA 777-1] New Mozilla packages fix frame injection spoofing vulnerability 2005-08-17
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 777-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 17th, 2005

[ more ] [ reply ]

SQL injection in mediabox404 v1.2 2005-08-17
cedric securityfocus com, tissieres securityfocus com,objectif-securite securityfocus com, ch securityfocus com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Product: mediabox404 WebRadio & WebTV manager
Version: 1.2 Release (and previous)
URL: http://www.mediabox404.org
VULNERABILITY CLASS: SQL injection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[PRODUCT DESCRIPTION]
This is a group of modules

[ more ] [ reply ]

Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0 2005-08-17
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Chris Moneymaker's World Poker Championship
http://moneymakergaming.com
Versions: 1.0
Platforms: Windows
Bug: buffer-overflow
Exploitatio

[ more ] [ reply ]

[SECURITYREASON.COM] phpAdsNew/phpPgAds 2.0.5 Local file inclusion cXIb8O3.16 2005-08-17
max jestsuper pl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[phpAdsNew/phpPgAds 2.0.5 Local file inclusion cXIb8O3.16]

Author: Maksymilian Arciemowicz (cXIb8O3)
from SECURITYREASON.COM TEAM

Date: 14.07.2005 (01:54 GMT+01.00)

- --- 0.Description ---
phpAdsNew is an open-source ad server, with an integrated ban

[ more ] [ reply ]

NOVL-2005010098073 GroupWise Password Caching 2005-08-17
Ed Reed (ereed novell com)

Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access 2005-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] SSRT4874 rev.0 - HP-UX Ignite-UX Remote Unauthorized Access 2005-08-16
Boren, Rich (HP SSRT) (rich boren hp com)

RE: Serious flaw in Linksys wireless AP password security 2005-08-16
Robert Thompson Jr. (rthompson columbiabank com)

Thank you for the link. I appreciate it.

After reading through it, I am beginning to see where I may have
misunderstood what you were getting at.

When I was attempting to get into the router, with WZC set open, and
encryption was enabled on my router, but not on my nic, there was no
connecting.

[ more ] [ reply ]

Win32 Port of Nessusd 2005-08-16
Tom Stracener (strace gmail com) (1 replies)

FYI. . .

Cenzic has released a win32 port of Nessus server. Source code and
binaries are available for download.

http://www.cenzic.com/nessusport.html

-Tom

[ more ] [ reply ]

Re: Win32 Port of Nessusd 2005-08-17
Michael Boman (michael boman gmail com)

Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) 2005-08-15
sec-list nolog org

Hello,

Reed Arvin wrote:
> However, they are a large company. Things can slip through the cracks
> I guess. As to the statement that was made about not following
> "standard industry practices", I could only assume that they would add
> that to save face.

ACK.

From my experience, they are not t

[ more ] [ reply ]

Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) 2005-08-15
NoBrain NoPain (nobnop gmail com) (1 replies)

Hello,

Reed Arvin wrote:
> Patches/Workarounds:
> The vendor was notified of the issue. There was no response.

Vendor Response:
http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&do
cType=kc&externalId=KBkb42216xml&language=en_US

One can find there: "McAfee was not notified in a

[ more ] [ reply ]

Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) 2005-08-15
Reed Arvin (reedarvin gmail com)

Hummingbird FTP Weak Password Encryption 2005-08-14
nnposter users sourceforge net

Hummingbird FTP Weak Password Encryption

Critical: Less critical
Impact: Exposure of sensitive information
Where: Local system
Solution Status: Unpatched

Software: Hummingbird Connectivity 10.x
http://connectivity.hummingbird.com/products/nc/cpia.html

Description:
A vulnerability has been ident

[ more ] [ reply ]

RE: Vulnerability found in CPAINT Ajax Toolkit 2005-08-16
Thor Larholm (thor pivx com)

I had a couple minutes to spare and highlighted some additional
vulnerabilities in CPAINT to the developers, which have now been fixed
promptly.

CPAINT uses xmlhttp to call a serverside script with either GET or POST
requests. The basic request structure is as follow

cpaint_function=serversideFunc

[ more ] [ reply ]

SQL injection in Persianblog 2005-08-16
alireza hassani (trueend5 yahoo com) (1 replies)

This is the KAPDA.ir 's advisory
(Powered by PersianHacker.NET)

Discussion:

PersianBlog.com is the Weblog service for Persian
users.
Over 75 per cent of Persian-language content on the
Internet belonged to Persianblog with 63,000 number of
blogs.
Website: http://www.persianblog.com
--------

[ more ] [ reply ]

Re: SQL injection in Persianblog 2005-08-16
nummish (nummish gmail com)

[ GLSA 200508-08 ] Xpdf, Kpdf, GPdf: Denial of Service vulnerability 2005-08-16
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200508-07 ] AWStats: Arbitrary code execution using malicious Referrer information 2005-08-16
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

RE: Serious flaw in Linksys wireless AP password security 2005-08-15
Robert Thompson Jr. (rthompson columbiabank com) (1 replies)

When upgrading my WRT54GS (v 1.0) router to the 4.50.6 and 4.70.6
firmwares, I experienced no such authentication problems.

If the router was set wide open, I could connect without authentication.

As soon as I specified WPA-PSK on the router, in order for me to connect
via the NIC I absolutely had

[ more ] [ reply ]

Re: Serious flaw in Linksys wireless AP password security 2005-08-16
Steve Scherf (steve moonsoft com)

[NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities 2005-08-15
John Cobb (johnc nobytes com)

Hello All,

I have discovered a number of remote vulnerabilities in: ECW Shop 6.0.2

Authors Site: http://www.soft4e.com/

ECW Shop is described by its authors as:

ECW-Shop - simple for use featured shopping cart with ability to use Excel
or Access format for database.

+-[Examples:]---------------

[ more ] [ reply ]

[SECURITY] [DSA 776-1] New clamav packages fix several problems 2005-08-16
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 776-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 16th, 2005

[ more ] [ reply ]

SUSE Security Announcement: apache, apache2 request smuggling problem (SUSE-SA:2005:046) 2005-08-16
Marcus Meissner (meissner suse de)

Corsaire Security Advisory: HP Ignite-UX filesystem permissions issue 2005-08-16
advisories (advisories corsaire com)

-- Corsaire Security Advisory --

Title: HP Ignite-UX filesystem permissions issue
Date: 23.11.04
Application: HP Ignite-UX prior to version C.6.2.241
Environment: HP-UX
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c041123-002

-- Scope --

The aim of

[ more ] [ reply ]

MDKSA-2005:140 - Updated proftpd packages fix format string vulnerabilities 2005-08-16
Mandriva Security Team (security mandriva com)

249bytes reverse shellcode with "nooil tricks methods" 2005-08-14
msuiche gmail com

We use the PEB for the Output/Input/Error Handles.

typedef struct PEB
BOOLEAN InheritedAddressSpace ;
BOOLEAN ReadImageFileExecOptions ;
BOOLEAN BeingDebugged ;
BOOLEAN Spare ;
HANDLE Mutant ;
PVOID ImageBaseAddress ;
PPEB LDR DATA LoaderData ;
PRTL USER PROCESS PARAMETERS ProcessParameters ;
...
t

[ more ] [ reply ]

Corsaire Security Advisory: HP Ignite-UX passwd file disclosure issue 2005-08-16
advisories (advisories corsaire com)

-- Corsaire Security Advisory --

Title: HP Ignite-UX passwd file disclosure issue
Date: 23.11.04
Application: HP Ignite-UX prior to version C.6.2.241
Environment: HP-UX
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c041123-001

-- Scope --

The aim of

[ more ] [ reply ]

MDKSA-2005:139 - Updated gaim packages fix yet more vulnerabilities 2005-08-16
Mandriva Security Team (security mandriva com)

Serious flaw in Linksys wireless AP password security 2005-08-14
Steve Scherf (bugtraq moonsoft com)

It appears that firmware version 4.50.6 for the Linksys WRT54GS (hardware
version 1) wireless router allows wireless clients to connect and use the
network without actually authenticating. With WPA Personal/TKIP authentication
enabled, the unit allows both clients using encryption with the correct
s

[ more ] [ reply ]