Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory

Desc: Multiple XSS in phpopenchat 3.0.2
Risk: Medium to High

"PHPOpenChat is a high performance php-based chat server software for a live chat-room or -module on every php-based sit

[ more ]  [ reply ]

On Thursday, 2005-08-04 at 15:17:35 -0700, Stephen C Woods wrote:

> The problem is the zip uses a default mode of 666 (not knowing
> anything about permissions by definition -it's a DOS program for Pete's
> sake, you know single user file server).

I still don't understand why this is a problem.

[ more ]  [ reply ]

Exploit for the remote command execution vulnerability in Silvernews 2.0.3:
discovered by:
http://www.securityfocus.com/archive/1/407163/30/0/threaded

sploit:
--------

#!/usr/bin/perl

################TSL#####################################################
######
#
#
# SilverNews Exploit inlcude

[ more ]  [ reply ]

0.34 2005-08-05

FlatNuke 2.5.5 (possibly prior versions) remote commands execution / cross site scripting / path disclosure (by rgod)
(release date: 2005-07-20 )

software:
author site: http://flatnuke.sourceforge.net/

path disclosure:

http://[target]/[path]/themes/butterfly/structure.php

supll

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: ethereal
Advisory ID:

[ more ]  [ reply ]

Forte Systems - Iosif Peterfi wrote:
> Basicaly, compound attacks need the victim intervention.
No; compound attacks need more than one attack vector. In your example
of attacking a web server, the attacker needs a compound attack
comprised of a remote->local attack and a local->root attack to take

[ more ]  [ reply ]

Airscanner Mobile Security Advisory: Remote Password Compromise of Microsoft Active Sync 3.7.1

Product:
Microsoft Active Sync 3.7.1

Platform:
Tested on Windows XP Professional SP-2 and Windows Mobile Pocket PC 2003

Requirements:
Windows XP Professional with Active Sync 3.7.1

Credits:
Seth Fogie

[ more ]  [ reply ]

>But then the advisory only lists 3 formats.

>So, was this just a typo by the researchers? Or are there really 4
>bugs, and the latest release still has one bug that hasn't been fixed
>yet?

>This demonstrates one of the Four I's of security advisory problems,
>namely Inconsistency. The other three

[ more ]  [ reply ]

List of people you could have contacted with regarding the bug:

http://www.fusebox.org/index.cfm?fuseaction=fusebox.teamfusebox

Forum full of users and site staff that you could have
contacted/questioned about the bug:

http://www.fusebox.org/forums/

Steven

----- Original Message -----
From:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: apache
Advisory ID:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: apache2
Advisory ID:

[ more ]  [ reply ]

Having been a modified fusebox developer for a while I can say that there
are likely MANY more problems besides that, such as SQL injection and XSS
issues that still need to be resolved in many Fusebox apps. We addressed
them by creating a standard parse function in the index.cfm file that
prevente

[ more ]  [ reply ]

Nope , is easy to do a DoS on this app , I debugged it and when u enter a very long USER and then u click to the log window of the app it'll crash... the problem is that is not a sprintf or smth like that... is smth like MultiByteToWideChar API or whatever.. I think hard to execute arbitrary code ,

[ more ]  [ reply ]

> I have Trillian Pro 3.1 Build 121 on Windows XP and can't duplicate this

I can, with that exact same build. My system is never shutdown so
Trillian is always on. There are files in there that are several
weeks old that contain my yahoo! username and password. The files are
all named /sfd\d\d\.

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-161-1 August 04, 2005
bzip2 vulnerability
CAN-2005-0758
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu

[ more ]  [ reply ]

On 8/4/05, Lupe Christoph <lupe (at) lupe-christoph (dot) de [email concealed]> wrote:
> Quoting Imran Ghory <imranghory (at) gmail (dot) com [email concealed]>:
>
> > A zip file created by Zip 2.3.1 has the permissions 644 by default,
> > Therefore any file compressed becomes world readable.
>
> Zip 2.3 works correctly:
> $ (umask 0; zip test.zip feedli

[ more ]  [ reply ]

From: security curmudgeon [mailto:jericho (at) attrition (dot) org [email concealed]]
> : I was playing around with Trillian Pro 3.1 Build 121 and noticed
> : a very disturbing behavior when using it to check my yahoo mail.
> :
> : When you choose the option to check your yahoo email from
> : Trillian (The little connection b

[ more ]  [ reply ]

Hey everyone,

The Phrack Staff is proud to announce the FINAL Phrack #63 release.

Enjoy the magazine on the Phrack Internet address :

.:: http://www.phrack.org ::.

PHRACK #63
__^__

[ more ]  [ reply ]

The issue arises when you click the link to your Yahoo mail under "My
Mail Accounts". This creates an html file in the directory discussed
below which contains user name and clear text password.

KP

-----Original Message-----
From: security curmudgeon [mailto:jericho (at) attrition (dot) org [email concealed]]
Sent: Tuesday,

[ more ]  [ reply ]

Class: Input Validation Error
CVE: CVE-MAP-NOMATCH
Remote: Yes
Local: yes
Credit: ABDUCTER ---> ABDUCTER_MINDS (at) YAHOO (dot) COM [email concealed] [OR] ABDUCTER_MINDS76 (at) HOTMAIL (dot) COM [email concealed]
Vulnerable: PortailPHP 2.4 and all version
***************************************

info :- PortailPHP POWERFUL FORUM AND formal site h

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Do scanning software bugs (the kind that crash a whole system) count as vulnerabilities... I found a bug in ISS System Scanner where if a certain AIX patch (only in HACMP clustered systems) isn't applied it brings down the whole system.

Thanks,
Dan.Creed (at) thecreeds (dot) net [email concealed]

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-160-1 August 04, 2005
apache2 vulnerabilities
CAN-2005-1268, CAN-2005-2088
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (War

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SUSE Security Announcement

Package: kernel
Announcement ID: SUSE-SA:2005:044
Date:

[ more ]  [ reply ]