Am 14.06.2005 schrieb Christoph 'knurd' Jeschke:
> Jonathan Angliss schrieb:
>
> > Won't match IPv6 addresses, but neither will the original code, and it
> > matches IP addresses perfectly I believe.
>
> My Suggestion for IPv4 is:
>
> ^(?!0+\.0+\.0+\.0+$)([01]?\d{1,2}|2[0-2][0-3])\.([01]?\d{1,2}|

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-140-1 June 15, 2005
gaim vulnerability
CAN-2005-1934
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5

[ more ]  [ reply ]

Vendor: Bitrix
Product:Bitrix Site Manager 4.0.x

Consequences: Web server paths
Risk: Minimal

Description: during executions of
http://host/bitrix/templates/.default/subscribe/subscr_form.php
http://host /bitrix/php_interface/dbquery_error.php
there got an erros which is causing web server interna

[ more ]  [ reply ]

Vendor: Bitrix
Product: Bitrix Site Manager 4.0.x

Vulnerability: php including.
Consequence: custom php code execution on server
Risk: Critical

Description:
Due to unfiltered _SERVER[DOCUMENT_ROOT] variable in file ?\bitrix\modules\main\start.php?,
hacker can upload php script from other server an

[ more ]  [ reply ]

Vendor: Phpforum, http://www.phpforums.net/
Product: McGallery v 1.1

Vulnerability: mysql including
Consequences: Web server paths
Risk: Low

Description: Unfiltered $host variable. Allows attacker to connect to fake DB and make select from it.
http://example.com/mcgallery/show.php?host=attackhost

[ more ]  [ reply ]

Vendor: Phpforum, http://www.phpforums.net/
Product: McGallery v 1.1

Vulnerability: files reading on disk
Consequences: Web server paths are opened
Risk: High

Description: Attacker can form the query in URL form ang get the access to the system files
Example: thttp://example.com/mcgallery/admin.p

[ more ]  [ reply ]

Also, I think this hole only occurs when register_globals is ON. In
the latest version of PHP, this defaults to OFF.

I've alerted the developers to this bug.

> On 6/15/05, systemcracker (at) gmail (dot) com [email concealed] <systemcracker (at) gmail (dot) com [email concealed]> wrote:
> > after some digging on google, I've found that this refers to the

[ more ]  [ reply ]

Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability
in one of the dependencies of HTML Help, the InfoTech Storage System parser.
This flaw can permit arbitrary code execution through a number of
applications including HTML Help, Internet Explorer and Outlook/Outlook
Express wh

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200505-06:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

[ more ]  [ reply ]

##########################################################
# GulfTech Security Research June 6th, 2005
##########################################################
# Vendor : InteractivePHP, Inc
# URL : http://www.fusionbb.com/
# Version : Version .11 Beta And Earlier
# Risk : Multi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gaim
Advisory ID:

[ more ]  [ reply ]

(Train Police at the airport)
Sottosezione Polizia Ferroviaria Fiumicino Aeroporto
Via dell'Aereopotro 00050 FIUMICINO
0665010381

(Internal Police)
Polizia Frontiera Aerea, Aeroporto di Fiumicino
06.65.61.01

You could also try:
securitytraining (at) adr (dot) it [email concealed]

If I knew what the issue was, I may be abl

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: rsh
Advisory ID:

[ more ]  [ reply ]

#!/usr/bin/perl -w
#
#***********************************************************************
*********************
# Remote Command Execution Vulnerability In Web_store.cgi *
#

[ more ]  [ reply ]

> > Anybody got a hint how to contact?

Hi,

thank you everybody writng me mails. I got about 50 mails pointing to the
official web site of the airport and the contact site. Well, of course I
checked out all (!) the addresses listed on that site BEFORE posting to this
list.

No reaction! Best res

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

NGSEC is proud to announce the new release of our new product
AntiPharming v1.00 [1] TOTALLY FREE for non-commercial use.

What is Pharming?

"(...)Pharming is the exploitation of a vulnerability in the DNS
server software that allows a hacke

[ more ]  [ reply ]

Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
Vulnerability

iDEFENSE Security Advisory 06.14.05
www.idefense.com/application/poi/display?id=263&type=vulnerabilities
June 14, 2005

I. BACKGROUND

Microsoft Outlook Express is an e-mail and newsgroup client shipped with
the Microsoft

[ more ]  [ reply ]

Microsoft Windows Interactive Training Buffer Overflow Vulnerability

iDEFENSE Security Advisory 06.14.05
www.idefense.com/application/poi/display?id=262&type=vulnerabilities
June 14, 2005

I. BACKGROUND

Microsoft Interactive Training is an application included with some OEM
versions of Windows XP

[ more ]  [ reply ]

Dear List,

3 month have passed since it has been reported that some AntiVirus
engines have flaws in regards to scanning malformed ZIP archives.
This is an update on the situation and hopefully a wake up call
for some vendors.

3 month have passed and a few Anti-Virus engines _still_ are
"vulnerabl

[ more ]  [ reply ]

Hi list,

Just found an implementation bug in MAST RunAsP.exe v3.5.1 and below,
that allows local privilege escalation.

Vendor: MAST-Computer
Homepage of product : http://www.mast-computer.com/c_9-s_7-l_en.html

Description of product:
For Windows 2000, Windows XP
RunAs Professional is a substit

[ more ]  [ reply ]

>Is this fixed by the security update issued by apple some days ago?

Apple's security advisory APPLE-SA-2005-06-08 includes an item for
launchd (CVE-ID: CAN-2005-1725) that provides "Credit to Neil
Archibald of Suresec LTD for reporting this issue," so it has been
fixed.

- Steve

[ more ]  [ reply ]

Hello Oliver,
Friday, June 10, 2005, 3:35:41 PM, you wrote:

> the problem is in function eping_validaddr() in functions.php where the
> host is checked if it is valid as the name says...
> But the only check is to see if it is a valid ip adress for eping, here
> is the code:

> --------------8<----

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUMMARY
- -------
The Finjan SurfinGate use web content filtering and internet access
management for protecting the network.

A vulnerability in the product allows you to bypass the access
management. You can download files which are normally blocked.

[ more ]  [ reply ]

Multiple Vendor Telnet Client Information Disclosure Vulnerability

iDEFENSE Security Advisory 06.14.05
www.idefense.com/application/poi/display?id=260&type=vulnerabilities
June 14, 2005

I. BACKGROUND

The TELNET protocol allows virtual network terminals to be connected to
over the internet. The i

[ more ]  [ reply ]

** My apologies if you receive multiple copies of this message. **

CALL FOR PAPERS
for the
13TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS'06)

February 1st, 2006 - Pre-Conference Workshop
February 2-3, 2006 - Symposium

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]