SecurityFocus

LG U8120 Mobile Phone Denial of Service 2005-04-13
Luca Ercoli (io lucaercoli it)

===============================================================
Model: LG U8120 (other LG phones maybe vulnerable)
Auth: http://www.lge.com
Vulnerability Type: Remote Denial Of Service
--

Disclaimer:
==========

The information is provided "as is" without warranty of

[ more ] [ reply ]

HTTP RESPONSE SPLITTING by Diabolic Crab 2005-04-13
dcrab (dcrab hackerscenter com)

HTTP RESPONSE SPLITTING
by Diabolic Crab (dcrab (at) hackerscenter (dot) com [email concealed])
http://www.digitalparadox.org

Introduction to HTTP Response Splitting:
This is a fairly new web application vulnerability. It can be used for the following purposes.

Cross site scripting (XSS): This is a very common a

[ more ] [ reply ]

[ GLSA 200504-10 ] Gld: Remote execution of arbitrary code 2005-04-13
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

MDKSA-2005:070 - Updated MySQL packages fix vulnerability 2005-04-13
Mandrakelinux Security Team (security linux-mandrake com)

[SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution 2005-04-13
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 706-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 13th, 2005

[ more ] [ reply ]

NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities 2005-04-13
Bahaa Naamneh (b_naamneh hotmail com)

I've reported that NetManage RUMBA 7.3 prone to multiple Buffer Overflow vulnerabilities.

http://www.securityfocus.com/bid/12965

and I have checked also version RUMBA 7.4 and found that also this version prone to the same vulnerabilities.

Bahaa Naamneh
b_naamneh (at) hotmail (dot) com [email concealed]
www.bsecurity.tk

[ more ] [ reply ]

[SECURITY] [DSA 707-1] New mysql packages fix several vulnerabilities 2005-04-13
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 707-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 13th, 2005

[ more ] [ reply ]

cpio TOCTOU file-permissions vulnerability 2005-04-13
Imran Ghory (imranghory gmail com)

[Another compression utility with the same race condition issue as bzip2
(CAN-2005-0953) & gzip (CAN-2005-0988) - the file is extracted and
file descriptor closed before the file is chmod'ed]

================================
cpio TOCTOU file-permissions vulnerability
=============================

[ more ] [ reply ]

Details and PoC for MS05-020 MSIE DHTML Object handling vulnerabilities 2005-04-12
Berend-Jan Wever (skylined edup tudelft nl)

Details and PoC code for MSIE DHTML Object handling vulnerabilities are available online at my website:
http://www.edup.tudelft.nl/~bjwever
Note: page is not up-to-date, since it was written in August/September 2004. Additional information will be added when found during testing of MS05-20 patch.

C

[ more ] [ reply ]

IBM WebSphere Widespread configuration JSP disclosure 2005-04-13
SPI Labs (spilabs spidynamics com)

IBM WebSphere Widespread configuration JSP disclosure

Release Date: 04/13/2005
Severity: High

[Systems Affected]
* IBM WebSphere Application 6 and prior.

[Description]

The practice of sharing the document root of the app server within the
document
root of the web server creates a security exposu

[ more ] [ reply ]

Gld 1.5 released (security fix) 2005-04-13
Salim Gasmi (salim gasmi net)

In-Reply-To: <20050412004111.562AC7A890E (at) ws4-4.us4.outblaze (dot) com [email concealed]>

Hi,

gld 1.5 has been released today .

This version fixes the issues and add new features .

You can download it here : http://www.gasmi.net/down/gld-1.5.tgz

Note about the exploit released:
To be effective, the exploit needs to con

[ more ] [ reply ]

Multiple High Risk flaws fixed in Oracle 2005-04-13
NGSSoftware Insight Security Research (nisr nextgenss com)

David Litchfield of NGSSoftware has discovered multiple high risk
vulnerabilities in Oracle's Database Server. Versions affected include

Oracle Database 10g Release 1 Version 10.1.0.2, 10.1.0.3, 10.1.0.3.1 and
10.1.0.4
Oracle9i Database Server Release 2, versions 9.2.0.5 and 9.2.0.6
Oracle9i Data

[ more ] [ reply ]

Patch available for critical Veritas i3 Server vulnerability 2005-04-13
NGSSoftware Insight Security Research (nisr nextgenss com)

David Litchfield of NGSSoftware has discovered a critical vulnerability in
the Veritas i3 Focalpoint Server. This component can be found bundled with
other servers such as Indepth for Oracle. Versions known to be affected are
7.1 and earlier.

Veritas has developed a patch to fix the problem. Mor

[ more ] [ reply ]

Multiple medium risk flaws fixed in new version of PHP (late advisory) 2005-04-13
NGSSoftware Insight Security Research (nisr nextgenss com)

David Litchfield of NGSSoftware has discovered multiple medium risk
vulnerabilities in PHP. Versions affected include

PHP 5.0.3
PHP 4.3.10

PHP has released updated versions of the software available here:

http://www.php.net/downloads.php

Whilst PHP is opensource, NGSSoftware will abide by our

[ more ] [ reply ]

'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal' 2005-04-13
KF (lists) (kf_lists digitalmunition com)

Typos included at no charge. =]

[ more ] [ reply ]

GLD (Greylisting daemon for Postfix) multiple vulnerabilities. 2005-04-12
dong-hun you (xploit hackermail com)

========================================
INetCop Security Advisory #2005-0x82-026
========================================

Title: GLD (Greylisting daemon for Postfix) multiple vulnerabilities.

0x01. Description

About:
Gld is a standalone greylisting server for Postfix.

Greylisting is

[ more ] [ reply ]

zOOM Media Gallery - Simple SQL Injection discovery 2005-04-13
Andreas Constantinides (aconstantinides OdysseyConsultants com)

Description:
zOOm Media Gallery (http://zoom.ummagumma.nl) is a php/sql component+module for MamboCMS and is in use by many sites of the internet.

I discover a simple SQL Injection in it.

Affected Versions:
zOOm Image Gallery 2.1.2, *

POC:
It is possible to proof my concept us

[ more ] [ reply ]

WordPress XSS and HTML injection 2005-04-12
Nicolas Montoza (xonico gmail com)

============================================================
Title: WordPress XSS and HTML injection
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 12/04/2005
Severity: Medium. users can obtain cookies of other users and defacement website
Affected version: <=

[ more ] [ reply ]

Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 2005-04-08
Maksymilian Arciemowicz (max jestsuper pl)

In-Reply-To: <20050408023602.4627.qmail (at) www.securityfocus (dot) com [email concealed]>

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Dcrab 's Security Advisory
>[Hsc Security Group] http://www.hackerscenter.com/
>[dP Security] http://digitalparadox.org/
>
>Get Dcrab's Services to audit your Web servers, scripts, net

[ more ] [ reply ]

Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 2005-04-08
Dionysios G. Synodinos (synodinos gmail com)

A discusion regarding this issue can be found at the official PN
forum: http://forums.postnuke.com/index.php?name=PNphpBB2&file=viewtopic&t=3951
3

[ more ] [ reply ]

JavaMail allows directory traversal in attachments 2005-04-12
Rafael San Miguel Carrasco (smcsoc yahoo es)

1. INTRODUCTION

The JavaMail API provides a platform-independent and
protocol-independent framework to build mail and messaging applications.
The JavaMail API is implemented as a Java platform optional package and
is also available as part of the Java 2 platform, Enterprise Edition.

2. SYNOPS

[ more ] [ reply ]

Remote Buffer Overflow in Lotus Domino 2005-04-12
Next Generation Insight Security Research (NGS Software) (mark ngssoftware com)

Mark Litchfield of NGSSoftware has discovered a high risk vulnerability in
Lotus Domino Server.

Versions affected include:

Domino 6.0.5
Domino 6.5.4

The flaw permits execution of arbitrary code via a maliciously crafted POST
request. Internal research

has discovered to date, 6 attack vectors.

[ more ] [ reply ]

Window Washer 6.0: False Sense of Security 2005-04-11
WBG Links (wbglinks gmail com)

Product: Window Washer
Version: 6.0 (build 6.0.1.408)
Vendor: Webroot Software
Platform: Windows

This is the exact same problem I discovered with past versions of Window Washer:

http://www.securityfocus.com/archive/1/372717

Later 5.5x versions finally were fixed (shortly after my above post and

[ more ] [ reply ]

eGroupWare Leaks Files 2005-04-12
Gerald Quakenbush (geraldq mastermindsecuritygroup com)

MasterMind Security Group, Inc.
Security Brief

Date: April 7, 2005
Contact: Gerald Quakenbush <geraldq AT mastermindsecuritygroup.com>
Severity: Moderate to Serious
Product: Confirmed in eGroupWare 1.001 and 1.006

Synopsis
========
The eGroupWare open-source software (www.egroupware.org) has a fla

[ more ] [ reply ]

DoKuWiki file-upload vulnerabilities 2005-04-12
kreon (kre0n mail ru)

ADZ Security Team
===================
Info

Program: DoKuWiki
Version: 2005-02-18
Module: media.php
Bug type: File Upload bug
Vendor site: http://wiki.splitbrain.org/
Vendor Informed: Yes
===================
Bug Info

Remote user with file-upload privileges can upload anyone file with any
extention

[ more ] [ reply ]