SecurityFocus

WordPress 1.5.1.2 && Earlier Multiple Vulnerabilities 2005-06-29
GulfTech Security Research (security gulftech org)

##########################################################
# GulfTech Security Research June 28th, 2005
##########################################################
# Vendor : WordPress
# URL : http://wordpress.org/
# Version : WordPress 1.5.1.2 && Earlier
# Risk : Multiple Vulnera

[ more ] [ reply ]

Re: Weboot Window Washer Version 6.02.410 Will erase files from your PC 2005-06-29
info secureit-tech com

I upgraded to the latest build as indicated below and the issue occurred once more. Specifically upon a wash it nukes your Desktop folder contents for the currently logged in user. This happens unpredictably.

>
>This version will erase files from your PC.

>FYI: If you are running version 6.02

[ more ] [ reply ]

iDEFENSE Security Advisory 06.29.05: Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability 2005-06-29
iDEFENSE Labs (labs-no-reply idefense com)

Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability

iDEFENSE Security Advisory 06.29.05
www.idefense.com/application/poi/display?id=275&type=vulnerabilities
June 29, 2005

I. BACKGROUND

Clam AntiVirus is a GPL anti-virus toolkit for Unix.

II. DESCRIPTION

Remote exploitation of an input

[ more ] [ reply ]

iDEFENSE Security Advisory 06.29.05: Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability 2005-06-29
iDEFENSE Labs (labs-no-reply idefense com)

Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability

iDEFENSE Security Advisory 06.29.05
www.idefense.com/application/poi/display?id=276&type=vulnerabilities
June 29, 2005

I. BACKGROUND

Clam AntiVirus is a GPL anti-virus toolkit for Unix.

II. DESCRIPTION

Remote exploitation of an in

[ more ] [ reply ]

XOOPS 2.0.11 && Earlier Multiple Vulnerabilities 2005-06-29
GulfTech Security Research (security gulftech org)

##########################################################
# GulfTech Security Research June 28th, 2005
##########################################################
# Vendor : XOOPS
# URL : http://www.xoops.org/
# Version : XOOPS 2.0.11 And Earlier
# Risk : Multiple Vulnerabilities
##

[ more ] [ reply ]

Cisco Security Advisory: RADIUS Authentication Bypass 2005-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Security Advisory - phpBB 2.0.15 PHP-code injection bug 2005-06-28
ronvdaal (ronvdaal zarathustra linux666 com)

Security Advisory -//- phpBB 2.0.15 PHP-code injection bug

Program: phpBB 2.0.15 and older versions
Homepage: http://www.phpbb.com
Risk: Very High
Date: June 28 2005
Title: PHP-code injection bug
Type: partial disclosure
Author: Ron van Daal :.
Vendor notified: June 23 2005

Background:

phpBB is

[ more ] [ reply ]

RE: [Fwd: phpBB 2.0.16 released] 2005-06-28
ronvdaal (ronvdaal zarathustra linux666 com)

>> The changelog (contained within this release) is as follows:
>> - Fixed critical issue with highlighting - Discovered and fix provided by
>> Ron van Daal
>
> Does anyone know what the scope of this vulnerability actually is? "Critical
> issue" isn't really enough to go on here. Are we talking arb

[ more ] [ reply ]

MDKSA-2005:107 - Updated ImageMagick packages fix vulnerabilities 2005-06-28
Mandriva Security Team (security mandriva com)

MDKSA-2005:106 - Updated spamassassin packages fix DoS vulnerabilities 2005-06-28
Mandriva Security Team (security mandriva com)

SQL Injection Exploit for ASPNuke <= 0.80 2005-06-27
Alberto Trivero (trivero jumpy it)

#!/usr/bin/perl -w
#
# SQL Injection Exploit for ASPNuke <= 0.80
# This exploit retrieve the username of the administrator of the board and
his password crypted in SHA256
# Related advisory:
http://www.securityfocus.com/archive/1/403479/30/0/threaded
# Discovered and Coded by Alberto Trivero

use LW

[ more ] [ reply ]

RE: [Fwd: phpBB 2.0.16 released] 2005-06-28
Richard Stanway (bugtraq secur1ty net)

>
> Hi everyone,
> phpBB Group announces the release of phpBB 2.0.16. This release addresses
> some bugfixes and one critical security issue. To fix this, please apply
> the following change: In viewtopic.php

...

> The changelog (contained within this release) is as follows:
> - Fixed critical i

[ more ] [ reply ]

Re: Weboot Window Washer Version 6.02.410 Will erase files from your PC 2005-06-28
simon TCPTowers co uk

Is that not what it's designed to do?

[ more ] [ reply ]

Re: [Full-disclosure] Solaris 9/10 ld.so fun 2005-06-28
Piotr KUCHARSKI (chopin sgh waw pl)

On Tue, Jun 28, 2005 at 06:17:02PM +0200, Przemyslaw Frasunek wrote:
> This vulnerability was introduced by one of the recent patches for Solaris 9,
> possibly 112963. Ld.so patched with 112963-08 is not vulnerable -- it does
> not allow LD_AUDIT for set[ug]id binaries, but upgrading to 112963-16
>

[ more ] [ reply ]

Access right escalation / severe permission problems on Raritan Console Servers 2005-06-28
spam drwetter org

Hi,

during my research on console servers I've encountered a severe problem on one appliance.

Summary:
Access right escalation / severe permission problems on Raritan Console Servers

Confirmed on DSX32, Software version: 2.4.6
www.raritan.com, more see below

Details:
DSX Raritan Console Servers

[ more ] [ reply ]

Weboot Window Washer Version 6.02.410 Will erase files from your PC 2005-06-28
tmolamusa optonline net

Hello All
This version will erase files from your PC.

FYI: If you are running version 6.02.410 of Webroot's Window Washer, it will erase files and icons from your PC. Webroot's support team will not do anything to help you recover these files. Update to their latest build (411) immediately and hop

[ more ] [ reply ]

XSS IN Community forum 2005-06-27
abducter_minds yahoo com

there is aproplem in Community forum
community forum make by asp
i found a xss in search
when we typed
http://www.victim.com/forum/search/SearchResults.aspx?q=><script>alert('
CSS%20Vulnerable')</script><b%20a=a%20&f=&u=
EXAMPLE
http://forums.asp.net/search/SearchResults.aspx?q=><script>alert('CS

[ more ] [ reply ]

Multiple buffer overflows exist in Infradig Systems Inframail Advantage Server Edition 6.0 2005-06-28
Reed Arvin (reedarvin gmail com)

Summary:
Multiple buffer overflows exist in Infradig Systems Inframail
Advantage Server Edition 6.0
(http://www.infradig.com/)

Details:
Input to the SMTP MAIL FROM: command and the FTP NLST command is not
properly checked and/or filtered. Issuing the character 'A' roughly
40960 times as an argument

[ more ] [ reply ]

Whitepaper release: Risks of Passive Network Discovery Systems 2005-06-27
bugtraq sys-security com

I am pleased to announce the release of a new white paper titled:

"Risks of Passive Network Discovery Systems"

From the abstract:

This paper sheds light on the weaknesses of passive network discovery and monitoring systems. It starts by defining passive

network discovery, and goes over the a

[ more ] [ reply ]

Re: [Full-disclosure] Solaris 9/10 ld.so fun 2005-06-28
Przemyslaw Frasunek (venglin freebsd lublin pl)

Przemyslaw Frasunek wrote:
> - SunOS 5.10 Generic i86pc i386 i86pc
> - SunOS 5.9 Generic_112233-12 sun4u

This vulnerability was introduced by one of the recent patches for Solaris 9,
possibly 112963. Ld.so patched with 112963-08 is not vulnerable -- it does
not allow LD_AUDIT for set[ug]id binaries

[ more ] [ reply ]

Re: [Full-disclosure] Solaris 9/10 ld.so fun 2005-06-27
Przemyslaw Frasunek (venglin freebsd lublin pl)

Przemyslaw Frasunek wrote:
> ld.so from Solaris 9 and 10 doesn't check LD_AUDIT environment variable when
> running s[ug]id binaries, allowing to run arbitrary code with elevated
> privileges. Well, I can't belive, that such trivial vulnerability exists in
> modern OS...
[...]

Oh, well, it's not th

[ more ] [ reply ]

Solaris 9/10 ld.so fun 2005-06-27
Przemyslaw Frasunek (venglin freebsd lublin pl)

ld.so from Solaris 9 and 10 doesn't check LD_AUDIT environment variable when
running s[ug]id binaries, allowing to run arbitrary code with elevated
privileges. Well, I can't belive, that such trivial vulnerability exists in
modern OS...

The following PoC code was tested on:

- SunOS 5.10 Generic i8

[ more ] [ reply ]

[USN-145-1] wget vulnerabilities 2005-06-28
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-145-1 June 28, 2005
wget vulnerabilities
CAN-2004-1487, CAN-2004-1488, CAN-2004-2014
===========================================================

A security issue affects the following Ubuntu releases:

Ubun

[ more ] [ reply ]

[Fwd: phpBB 2.0.16 released] 2005-06-28
Christian Boenning (security verloren-im net)

---------------------------- Original Message ----------------------------
Subject: phpBB 2.0.16 released
From: "phpBB list" <noreply (at) phpbb (dot) com [email concealed]>
Date: Mon, June 27, 2005 8:34 pm
To: security (at) verloren-im (dot) net [email concealed]
------------------------------------------------------------------------
--

Hi ev

[ more ] [ reply ]

Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;) 2005-06-28
ActionSpider securityfocus com, "[at]" securityfocus com,linuxmail securityfocus com, "[dot]" securityfocus com,org securityfocus com

Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;)
ActionSpider (at) linuxmail (dot) org [email concealed]

[ more ] [ reply ]

High Risk Vulnerability in RealPlayer for Windows 2005-06-27
NGSSoftware Insight Security Research (nisr nextgenss com)

John Heasman of NGSSoftware has discovered a high risk vulnerability in
RealPlayer for Windows.

Versions affected include:

RealPlayer 10.5 (6.0.12.1040-1069)
RealPlayer 10
RealOne Player v2
RealOne Player v1

RealPlayer 10.5 (6.0.12.1212) is NOT affected.

The flaw permits the overwriting of a lo

[ more ] [ reply ]

Re: Nokia Symbian 60 "BLUETOOTH NICKNAME" Remote Restart 2005-06-27
Alex Renn Jr. (ray TXnet com)

Hello Qnix (at) bsdmail (dot) org [email concealed]!

Not only Nokia Bluetooth devices are affected.
It seems that all Series60 phones have this bug, including all firmware versions
of Siemens SX1.

====[ End of message ]====

Best Regards,
Alex Renn Jr.
ray (at) TXnet (dot) com [email concealed]

===[ Original Message ]===

From: Qnix@bsdmail.

[ more ] [ reply ]

Re: Nokia Symbian 60 "BLUETOOTH NICKNAME" Remote Restart 2005-06-27
baelang yahoo com

This vulnerabillity is well known and is called the "bluestab" DOS attack.

[ more ] [ reply ]

Re: [ECHO_ADV_20$2005] Full path disclosure JAF CMS 2005-06-26
Steven M. Christey (coley mitre org)

Two of these "full path disclosure" error messages suggest a much more
serious problem:

http://localhost/jaf-cms/index.php?page=forum&category=general&id=3/*

Warning: fopen(module/files/3/*): failed to open stream: No such
file or directory in
/var/www/html/jaf-cms/module/forum/inc/csvfil

[ more ] [ reply ]

Re: Local Root exploit (Fedora Core 4) 2005-06-27
Paul Starzetz (paul starzetz de)

Florian Strankowski (fs) wrote:

> Local Root Exploit under Fedora Core 4 (stable) Advisory
>
> Florian Strankowski
> florian.s (at) bildunxxluecke (dot) de [email concealed]
> www.bildunxxluecke.de/usr/florian/advisory/advisory-05-048.txt
>
> Vulnerable System :
>
> This vulnerability affects Fedora Core 4.0 (stable) with
> th

[ more ] [ reply ]