|
|
Colapse all |
Post message
Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: IpswitchIMail Web Calendaring Arbitrary File Read Vulnerability 2005-05-25 jamesbug gmx net Meteor FTP Server: PoC Exploit 2005-05-23 Dim K0r0l (dim acolytez com) [INTRO] Affected version: 1.5 Hello to all! Bug was found by Auston J (Anix44 (at) gmail (dot) com [email concealed]) today. So its perl code for demostration [----] [CODE] #!/usr/bin/perl # # 47meteor_bof.pl - PoC exploit for Meteor FTP Server # version 1.5 # bug found by Anix44 (at) gmail (dot) co [email concealed] [ more ] [ reply ] [security bulletin] SSRT5954 rev.1 - HP-UX TCP/IP Remote Denial of Service (DoS) 2005-05-26 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01137 REVISION: 1 SSRT5954 rev.1 - HP-UX TCP/IP Remote Denial of Service (DoS) NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The information [ more ] [ reply ] [security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS) 2005-05-26 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01164 REVISION: 0 SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS) NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The information [ more ] [ reply ] [security bulletin] SSRT5899 rev.0 - HP-UX trusted system remote unauthorized access 2005-05-26 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01165 REVISION: 0 SSRT5899 rev.0 - HP-UX trusted system remote unauthorized access NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The informa [ more ] [ reply ] [USN-134-1] Firefox vulnerabilities 2005-05-26 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-134-1 May 26, 2005 mozilla-firefox vulnerabilities MFSA 2005-42, CAN-2005-1531, CAN-2005-1532 =========================================================== A security issue affects the following Ubuntu relea [ more ] [ reply ] [USN-133-1] Apache utility vulnerability 2005-05-26 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-133-1 May 26, 2005 apache vulnerability http://xforce.iss.net/xforce/xfdb/17413 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4 [ more ] [ reply ] Invision Power Board 1.* and 2.* Exploit (BID 13529) 2005-05-26 Petey Beege (peteybeege mailinator com) #!/usr/bin/perl -w ################################################################## # This one actually works :) Just paste the outputted cookie into # your request header using livehttpheaders or something and you # will probably be logged in as that user. No need to decrypt it! # Exploit code [ more ] [ reply ] Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules. 2005-05-22 security curmudgeon (jericho attrition org) http://archives.neohapsis.com/archives/bugtraq/2005-04/0190.html On April 13, 2005, Diabolic Crab reported several vulnerabilities in phpBB Plus and other modules. From the post: : Photo Album v2.0.53 : : http://localhost/album_search.php?mode='SQL_INJECTION&search=dcrab : SQL INJECTION Looking [ more ] [ reply ] Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability 2005-05-26 Piotr Bania (bania piotr gmail com) Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]> http://pb.specialised.info Original location: http://pb.specialised.info/all/adv/avast-adv.txt Severity: Less Critical/Medium - local ring0 code execution Software affected: [ more ] [ reply ] [SECURITY] [DSA 728-2] New qpopper packages fix arbitrary file overwriting 2005-05-26 joey infodrom org (Martin Schulze) [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service 2005-05-26 joey infodrom org (Martin Schulze) davfs2 does not honour Unix permissions 2005-05-25 martin f krafft (madduck madduck net) davfs2 is a user-space tool to mount DAV resources into the Unix directory tree, using the Coda kernel filesystem as a backplane. Unfortunately, Andrew Pimlott discovered that such a mounted filesystem does not honour the Unix permissions that stat() presents. Details are here: http://bugs.debian [ more ] [ reply ] Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability 2005-05-25 Zone Labs Product Security (Product-Security zonelabs com) OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation 2005-05-25 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation Advisory number: SCOSA-2005.26 Issue date: 2005 May 25 Cross refer [ more ] [ reply ] High Risk Vulnerability in L-Soft's LISTSERV Server 2005-05-25 NGSSoftware Insight Security Research (nisr ngssoftware com) Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a high risk rating. Affected versions include: - LISTSERV version 14.3, including LISTSERV Lite and HPO - LISTSERV version 1.8e, including LISTSERV L [ more ] [ reply ] shtool insecure temporary file creation 2005-05-25 ZATAZ.net (exploits zataz net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ######################################################### shtool insecure temporary file creation Vendor: http://www.gnu.org/software/shtool/ Advisory: http://www.zataz.net/adviso/shtool-05252005.txt Vendor informed: no more vendor Exploit available: [ more ] [ reply ] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability 2005-05-25 iDEFENSE Labs (labs-no-reply idefense com) GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability iDEFENSE Security Advisory 05.25.05 http://www.idefense.com/application/poi/display?type=vulnerabilities May 25, 2005 I. BACKGROUND The GNU mailutils package is a collection of mail-related utilities, including local an [ more ] [ reply ] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability 2005-05-25 iDEFENSE Labs (labs-no-reply idefense com) GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability iDEFENSE Security Advisory 05.25.05 http://www.idefense.com/application/poi/display?type=vulnerabilities May 25, 2005 I. BACKGROUND The GNU mailutils package is a collection of mail-related utilities, including local and remote mailbo [ more ] [ reply ] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability 2005-05-25 iDEFENSE Labs (labs-no-reply idefense com) GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability iDEFENSE Security Advisory 05.25.05 http://www.idefense.com/application/poi/display?type=vulnerabilities May 25, 2005 I. BACKGROUND The GNU mailutils package is a collection of mail-related utilities, including local and [ more ] [ reply ] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d Format String Vulnerability 2005-05-25 iDEFENSE Labs (labs-no-reply idefense com) GNU Mailutils 0.6 imap4d Format String Vulnerability iDEFENSE Security Advisory 05.25.05 http://www.idefense.com/application/poi/display?type=vulnerabilities May 25, 2005 I. BACKGROUND The GNU mailutils package is a collection of mail-related utilities, including local and remote mailbox access s [ more ] [ reply ] PHP Injection in PHP Poll Creator 2005-05-25 rash ilusion (torash gmail com) (1 replies) exim 4.40 exploit 2005-05-24 plugger (plug internode on net) hello punters, i was bored last night so I coded up a local exploit of the dns_build_reverse() vulnerability in exim 4.40. hope noone minds as it was disclosed 5 months ago. tested on exim 4.40 default build with runtime user as root rather than exim or mail - hence the rootshell. see below for ver [ more ] [ reply ] [SECURITY] [DSA 728-1] New qpopper packages fix arbitrary file overwriting 2005-05-25 joey infodrom org (Martin Schulze) [USN-132-1] ImageMagick vulnerabilities 2005-05-23 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-132-1 May 23, 2005 imagemagick vulnerabilities CAN-2005-1275 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) [ more ] [ reply ] [USN-131-1] Linux kernel vulnerabilities 2005-05-23 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-131-1 May 23, 2005 linux-source-2.6.8.1, linux-source-2.6.10 vulnerabilities CAN-2005-0109, CAN-2005-1041, CAN-2005-1263, CAN-2005-1264, CAN-2005-1368, CAN-2005-1369, CAN-2005-1589 ========================= [ more ] [ reply ] [ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability 2005-05-21 Thierry Carrez (koon gentoo org) |
|
Privacy Statement |
I think this is an old bug. Please take a look at:
http://lists.virus.org/full-disclosure-0309/msg01294.html
"*** SID-2003-3312 [ Ipswitch ] IMail Directory Traversal Vulnerabilities"
Here you can find a description of this transversal directory bug from
October 2003. But it seems that some
[ more ] [ reply ]