|
|
Colapse all |
Post message
Portcullis Security Advisory 05-013 - VoIP - Asterisk Stack Overflow 2005-06-22 Wade Alcorn (wja portcullis-security com) MDKSA-2005:103 - Updated sudo packages fix race condition vulnerability 2005-06-22 Mandriva Security Team (security mandriva com) [ GLSA 200506-20 ] Cacti: Several vulnerabilities 2005-06-22 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Undocumented account vulnerability in Enterasys Vertical Horizon switches 2005-06-21 Jacek Lipkowski (sq5bpf andra com pl) 1. Problem Description An undocumented account with a default password exists, additionally guest users can DoS the switch. 2. Tested systems The following versions were tested and found vulnerable: Vertical Horizon VH-2402S with firmware 02.05.00 Vertical Horizon VH-2402S with firmware 02.05.0 [ more ] [ reply ] Re: JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting 2005-06-20 scott stark jboss com You did not understand the suggested DownloadServerClasses change as this does not completely disable rmi class laoding. It simply restricts it to the classes/resources associated with ejb deployments as opposed to the complete server codebase. Removal of the dynamic class loading service still is a [ more ] [ reply ] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Remote File Inclusion Vulnerability 2005-06-22 iDEFENSE Labs (labs-no-reply idefense com) Multiple Vendor Cacti Remote File Inclusion Vulnerability iDEFENSE Security Advisory 06.22.05 www.idefense.com/application/poi/display?id=265&type=vulnerabilities June 22, 2005 I. BACKGROUND Cacti is a round-robin database (RRD) tool that helps create graphs from database information and is avai [ more ] [ reply ] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability 2005-06-22 iDEFENSE Labs (labs-no-reply idefense com) Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability iDEFENSE Security Advisory 06.22.05 www.idefense.com/application/poi/display?id=266&type=vulnerabilities June 22, 2005 I. BACKGROUND Cacti is a round-robin database (RRD) tool that helps create graphs from database inf [ more ] [ reply ] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities 2005-06-22 iDEFENSE Labs (labs-no-reply idefense com) Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities iDEFENSE Security Advisory 06.22.05 www.idefense.com/application/poi/display?id=267&type=vulnerabilities June 22, 2005 I. BACKGROUND Cacti is a round-robin database (RRD) tool that helps create graphs from database information and is [ more ] [ reply ] SUSE Security Announcement: SUN Java security problems (SUSE-SA:2005:032) 2005-06-22 Marcus Meissner (meissner suse de) [ECHO_ADV_19$2005] Multiple SQL INJECTION in DUWARE Products 2005-06-22 the_day echo or id ------------------------------------------------------------------------ --- [ECHO_ADV_19$2005] Multiple SQL INJECTION in DUWARE Products ------------------------------------------------------------------------ --- Author: Dedi Dwianto Date: June, 22th 2005 Location: Indonesia, Jakarta Web: http://ec [ more ] [ reply ] Tmobile users site shows other accounts email 2005-06-17 Greg Merideth (Forward Technology) (gmerideth forwardtechnology net) This only affects users who access e-mail from their tmobile phones via the tmobile site and who have configured tmobile with access to their mail accounts: Background -=-=-=-=-= A client of ours purchased the same phone that we use from Tmobile and asked us to setup the e-mail connection link tha [ more ] [ reply ] [ GLSA 200506-19 ] SquirrelMail: Several XSS vulnerabilities 2005-06-21 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Security Contact for Lyris 2005-06-21 H D Moore (sflist digitaloffense net) I am trying to reach the security contact at Lyris (www.lyris.com). I sent an email to every address listed on the web site and keep getting blown off by the operator when I call[1]. The OSVDB Vendor Dictionary has no contact information listed for Lyris. There are a number of serious, remotely [ more ] [ reply ] MercuryBoard 1.1.4 SQL Injection 2005-06-21 4yka ghc ru RST/GHC Advisory #28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Product : MercuryBoard Version : 1.1.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ more ] [ reply ] [USN-141-1] tcpdump vulnerability 2005-06-21 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-141-1 June 21, 2005 tcpdump vulnerability CAN-2005-1267 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [USN-142-1] sudo vulnerability 2005-06-21 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-142-1 June 21, 2005 sudo vulnerability CAN-2005-1993 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] [ GLSA 200506-17 ] SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability 2005-06-21 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Anti-Fraud Method? 2005-06-16 Sumy (sanandres gmail com) We have been found a vulnerability in the mind or Anti-fraud system that most of the Webhosting companies do: http://www.exploitx.com/forum/azbb.php?1118962476 This is a real story happened 3-4 days ago. -- Security Portal: http://www.exploitx.com Forum: http://www.exploitx.com/forum/ [ more ] [ reply ] Re: [Full-disclosure] Google Exploit Queries Thread 2005-06-20 Harry de Grote (harry cc kuleuven ac be) On Friday 17 June 2005 01:35, Sumy wrote: > Some google thread that are very dangerous: > http://www.exploitx.com/forum/azbb.php?1118964854 if you want a more complete manual on "how to use google and other search engines" please go to: http://www.fravia.com/ the weakest link in security is most [ more ] [ reply ] RE: osCommere HTTP Response Splitting (Solution) 2005-06-16 Harry Metcalfe (harry slaptop com) After searching in vain, I couldn't find a solution to this at oscommerce.com or through google, so I fixed it myself. Make the following fix to tep_redirect() in /catalog/includes/functions/general.php: function tep_redirect($url) { if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { if [ more ] [ reply ] Page Hijack: The 302 Exploit, Redirects and Google 2005-06-19 Sumy (sanandres gmail com) Page Hijack: The 302 Exploit, Redirects and Google 302 Exploit: How somebody else's page can appear instead of your page in the search engines. By Claus Schmidt. Abstract: An explanation of the page hijack exploit using 302 server redirects. This exploit allows any webmaster to have his own "virtu [ more ] [ reply ] [Hat-Squad] i-Gallery directory traversal 2005-06-20 Hat-Squad Security Team (bugtraq hat-squad com) Hat-Squad Advisory: i-Gallery directory traversal Product: i-Gallery Vendor Url: http://www.b-cp.com Version: 3.3 (older versions not tested , but assumed vulnerable) Vulnerability: Directory traversal and CSS bug Release Date: Vendor Status: Informed: 15 June 2005 Second Contact: 19 June 200 [ more ] [ reply ] Novell GroupWise Plain Text Password Vulnerability. 2005-06-20 Security Team (securityteam truedson com) -------------------------------------------- Novell GroupWise Plain Text Password Vulnerability. -------------------------------------------- Overview: A Vulnerability exsists in the Novell GroupWise Client that will allow an attacker to identify the id and password of the users GroupWise email a [ more ] [ reply ] [ GLSA 200506-15 ] PeerCast: Format string vulnerability 2005-06-19 Thierry Carrez (koon gentoo org) paFaq Multiple Vulnerabilities 2005-06-20 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research June 20th, 2005 ########################################################## # Vendor : php Arena # URL : http://www.phparena.net/pafaq.php # Version : paFAQ 1.0 Beta 4 # Risk : Multiple Vulnerabi [ more ] [ reply ] Cisco VPN Concentrator Groupname Enumeration Vulnerability 2005-06-20 Roy Hills (Roy Hills nta-monitor com) Cisco VPN Concentrator Groupname Enumeration Vulnerability 1. Overview: NTA Monitor has discovered a groupname enumeration vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer. The vulnerability affects remote access VPNs with grou [ more ] [ reply ] [ECHO_ADV_18$2005] Multiple SQL INJECTION in Ublog Reload 1.0.5 2005-06-20 the_day echo or id ------------------------------------------------------------------------ --- [ECHO_ADV_18$2005] Multiple SQL INJECTION in Ublog Reload 1.0.5 ------------------------------------------------------------------------ --- Author: Dedi Dwianto Date: June, 20th 2005 Location: Indonesia, Jakarta Web: http:/ [ more ] [ reply ] |
|
Privacy Statement |
Wade Alcorn
wja (at) portcullis-security (dot) com [email concealed] -
www.portcullis-security.com/advisory/advisory-05-013.txt
wade (at) bindshell (dot) net [email concealed] - www.bindshell.net/voip/advisory-05-013.txt
Vulnerable System:
This vulnerability affects Asterisk 1.0.7 and the development Asterisk
branch (known
[ more ] [ reply ]