SecurityFocus

Path Disclosure and XSS problem in PHP Counter 7.2 2005-07-13
priestmaster (priest priestmaster org)

Hi,

I found two vulnerabillities in PHP Counter 7.2

PHP Counter Vendor:
http://www.ekstreme.com/phplabs/phpcounter.php

First an XSS problem (file phpcounterxss.txt)
Second a Path disclosure vulnerabillity (file phpcounterdir.txt).

greets,

priestmaster

Mail: <priest (at) priestmaster (dot) org [email concealed]>
URL: http

[ more ] [ reply ]

Advisory: Oracle Forms Builder Password in Temp Files 2005-07-13
ak red-database-security com

Red-Database-Security GmbH - Oracle Security Advisory

Oracle Forms Builder Password in Temp Files

Name Oracle Forms Builder Password in Temp Files
Systems Affected Oracle Formsbuilder 9.0.4
Severity Low Risk
Category Information disclosure of password

[ more ] [ reply ]

Advisory: Oracle Forms Insecure Temporary File Handling 2005-07-13
ak red-database-security com

Red-Database-Security GmbH - Oracle Security Advisory

Oracle Forms Insecure Temporary File Handling

Name Oracle Forms Insecure Temporary File Handling
Systems Affected Oracle Forms 4.5, 6.0, 6i, 9i
Severity Medium Risk
Category Information disclosure

[ more ] [ reply ]

[ GLSA 200507-12 ] Bugzilla: Unauthorized access and information disclosure 2005-07-13
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Endless loop in NetPanzer 0.8 2005-07-13
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: NetPanzer
http://netpanzer.berlios.de
Versions: <= 0.8
Platforms: Windows, Linux and Mac
Bugs: endless loop
Exploitation: remote, versus s

[ more ] [ reply ]

Advisory: Oracle JDeveloper Plaintext Passwords 2005-07-13
ak red-database-security com

Red-Database-Security GmbH - Oracle Security Advisory

Oracle JDeveloper Plaintext Passwords

Name Oracle JDeveloper Plaintext Passwords
Systems Affected Oracle JDeveloper 9.0.4, 9.0.5, 10.1.2
Severity Low Risk
Category Information Disclosure of Password

[ more ] [ reply ]

Advisory: Oracle JDeveloper passes Plaintext Password 2005-07-13
ak red-database-security com

Red-Database-Security GmbH - Oracle Security Advisory

Oracle JDeveloper passes Plaintext Password

Name Oracle JDeveloper passes Plaintext Password
Systems Affected Oracle JDeveloper 9.0.4, 9.0.5, 10.1.2
Severity Low Risk
Category Information disclosur

[ more ] [ reply ]

[SM-ANNOUNCE] SquirrelMail 1.4.5 Released 2005-07-13
Jonathan Angliss (jon squirrelmail org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello All,

It is my proud pleasure to announce the final release of SquirrelMail
1.4.5.

This release is very important, and we strongly advise everybody to
update to the latest release.

Security Update
===============
This version contains a number o

[ more ] [ reply ]

PHPsFTPd - Admin password leak 2005-07-13
Steve (steve01 chello at)

Author: Stefan Lochbihler
Date: 11. Juli 2005
Affected Software: PHPsFTPd
Software Version: 0.2 -> 0.4
Software URL: http://phpsftpd.sourceforge.net/
Attack: Admin password leak

about PHPsFTPd:
PHPsFTPd is a web based administration and configuration interface
for the SLimFTPd ftp serve

[ more ] [ reply ]

WPS Web-Portal-System v.0.7.0 (wps_shop.cgi) remote commands execution vulnerability 2005-07-13
blahplok yahoo com

WPS Web-Portal-System v.0.7.0 (wps_shop.cgi) remote commands execution vulnerability

Vendor URL : http://www.pcdoc24.de (vendor website seem down)
Vulnerability : Remote Command Execution
Risk : High

==================================================================
An attacker may

[ more ] [ reply ]

[SECURITY] [DSA 756-1] New squirrelmail packages fix several vulnerabilities 2005-07-13
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 756-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 13th, 2005

[ more ] [ reply ]

CORE-2005-0629: MailEnable Buffer Overflow Vulnerability 2005-07-12
Core Security Technologies Advisories (advisories coresecurity com)

Core Security Technologies - Corelabs Advisory
http://www.coresecurity.com/corelabs/

MailEnable Buffer Overflow Vulnerability

Date Published: 2005-07-12

Last Update: 2005-07-12

Advisory ID: CORE-2005-0629

Bugtraq ID: None currently assigned

C

[ more ] [ reply ]

MDKSA-2005:117 - Updated dhcpcd packages fix vulnerabilities 2005-07-13
Mandriva Security Team (security mandriva com)

MDKSA-2005:118 - Updated ruby packages fix vulnerabilities 2005-07-13
Mandriva Security Team (security mandriva com)

Cisco Security Advisory: Cisco ONS 15216 OADM Telnet Denial-of-Service Vulnerability 2005-07-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce 2005-07-13
Sowhat . (smaillist gmail com)

APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce

By Sowhat
2005.07.13
http://secway.org/Advisory/AD20050713.txt

Vendor
Apple Inc.

Product Affected
Darwin Streaming Server 5.5 and below (for Win32)

CVE-ID: CAN-2005-2195

OverView:

Darwin Streaming Server is server technology al

[ more ] [ reply ]

[SECURITY] [DSA 754-1] New centericq packages fix insecure temporary file creation 2005-07-13
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 754-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 13th, 2005

[ more ] [ reply ]

[SECURITY] [DSA 755-1] New tiff packages fix arbitrary code execution 2005-07-13
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 755-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 13th, 2005

[ more ] [ reply ]

SoftiaCom MailServer v2.0 - Denial Of Service 2005-07-12
unsecure writeme com

SoftiaCom MailServer v2.0 - Denial Of Service

Software: wMailServer
Corporation: SoftiaCom Software
Version: v1.0 (v2.0 is the same...)
Vulnerability: Denial of Service

------------------------------------------

BACKGROUND
__________

SoftiaCom design and build software utilities in communicat

[ more ] [ reply ]

Full Disclosure - XMLRPC Exploit Code written in Python jul 2005 2005-07-12
Anonymous Anonymous com

#!/usr/bin/python

# ./xmlrpc.py [chk|xpl] host uri
# example (check bug): ./xmlrpc.py chk www.postnuke.com /xmlrpc.php
# example (exploit bug): ./xmlrpc.py xpl www.postnuke.com /xmlrpc.php
# Pear XML-RPC Library 1.3.0 Remote PHP Code Execution Exploit -- Not working for me
# so i made this python c

[ more ] [ reply ]

Dragonfly Shopping Cart Multiple vulnerabilities 2005-07-12
dcrab hackerscenter com

Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at http://www.dbtech.org

Severity: High
Title: Dragonfly Shopping Cart Multiple vulnerabilities
Date:

[ more ] [ reply ]

Re: MITKRB5-SA-2005-003: double-free in krb5_recvauth 2005-07-12
Tom Yu (tlyu MIT EDU)

-----BEGIN PGP SIGNED MESSAGE-----

Sorry, sent the unsigned version by mistake. The signed version is on
the web page:

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

- ---Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (SunOS)

iQCVAwUBQtQnsqbDgE/zdoE9AQEDeQQAtmh

[ more ] [ reply ]

MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC 2005-07-12
Tom Yu (tlyu MIT EDU)

DMA[2005-0712a] - 'Nokia Affix Bluetooth btftp client buffer overflow' 2005-07-12
KF (lists) (kf_lists digitalmunition com)

[ more ] [ reply ]

[FLSA-2005:152583] Updated telnet packages fix security issues 2005-07-11
Marc Deslauriers (marcdeslauriers videotron ca)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated telnet packages fix security issues
Advisory ID: FLSA:152583
Issue date: 2005-07-11
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ] [ reply ]

[FLSA-2005:123014] Updated openssh packages fix a security issue 2005-07-11
Marc Deslauriers (marcdeslauriers videotron ca)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated openssh packages fix a security issue
Advisory ID: FLSA:123014
Issue date: 2005-07-11
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ] [ reply ]

[ GLSA 200507-10 ] Ruby: Arbitrary command execution through XML-RPC 2005-07-11
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[FLSA-2005:152895] Updated mailman package fixes security issue 2005-07-10
Marc Deslauriers (marcdeslauriers videotron ca)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated mailman package fixes security issue
Advisory ID: FLSA:152895
Issue date: 2005-07-10
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ] [ reply ]

[FLSA-2005:152835] Updated dhcp package fixes security issue 2005-07-10
Marc Deslauriers (marcdeslauriers videotron ca)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated dhcp package fixes security issue
Advisory ID: FLSA:152835
Issue date: 2005-07-10
Product: Red Hat Linux
Keywords: Bugfix
CVE

[ more ] [ reply ]