SecurityFocus

[SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability 2005-04-07
chewkeong security org sg

SIG^2 Vulnerability Research Advisory

SurgeFTP LEAK Command Denial-Of-Service Vulnerability

by Tan Chew Keong
Release Date: 07 Apr 2005

ADVISORY URL
http://www.security.org.sg/vuln/surgeftp22m1.html

SUMMARY

SurgeFTP (http://netwinsite.com/surgeftp/) is an FTP server with SSL/TLS security, e

[ more ] [ reply ]

Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability 2005-04-07
Adam Back (adam cypherspace org)

In-Reply-To: <87r7irrzne.fsf (at) evinrude.uhoreg (dot) ca [email concealed]>

Hi

Two notes:

- the format string security bug is now fixed in hashcash-1.17

- Hubert is correct that the bug was not in hashcash-1.13, it was introduced in hashcash 1.14

Cheers

Adam

>Just to note, version 1.13 of hashcash (incidentally, the ve

[ more ] [ reply ]

[ GLSA 200504-06 ] sharutils: Insecure temporary file creation 2005-04-06
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

RE: PayPal "security" measures 2005-04-06
McAllister, Andrew (McAllisterA umsystem edu)

I tried posting a follow-up to this topic, but it was moderated out of
existence.

Looking back at my paypal phishing e-mail again and all the other
possibilities... I think the actual reason for the non-exploit phishing
spam is that that idiot spammers forgot to include the exploit.

What is more l

[ more ] [ reply ]

RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure 2005-04-06
Ravish Ahuja (ravish xeonext com)

Hello,

http://www.victimsite.com/index.php?&language=f00bar.php

Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php
on line 147

This is path disclosure but it can also be used for malicious file inc

[ more ] [ reply ]

[waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module 2005-04-07
Janek Vind (come2waraxe yahoo com)

{=======================================================================
=========}
{ [waraxe-2005-SA#041] }
{=======================================================================
=========}
{

[ more ] [ reply ]

LiteCommerce Sql injection and reveling errors vulnerability 2005-04-07
dcrab (dcrab hackerscenter com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

Se

[ more ] [ reply ]

iDEFENSE Security Advisory 04.06.05: IBM Lotus Domino Server Web Service DoS Vulnerability 2005-04-06
iDEFENSE Labs (labs-no-reply idefense com)

IBM Lotus Domino Server Web Service DoS Vulnerability

iDEFENSE Security Advisory 04.06.05
http://www.idefense.com/application/poi/display?type=vulnerabilities
April 6, 2005

I. BACKGROUND

IBM Lotus Domino Server software provides messaging, calendaring and
scheduling capabilities on a variety of o

[ more ] [ reply ]

Re: Microsoft Explorer Denial of Service 2005-04-06
Des Ward (des_ward o2 co uk)

Is this the same GIF vuln that's already been talked about.

Also, why not contact M$?

I'm not against FD if conducted responsibly, but by not contacting the vendor you're acting in an irresponsible manner.

-----Original Message-----
From: Luca Ercoli <io (at) lucaercoli (dot) it [email concealed]>
Date: 6 Apr 2005 01:55:57

[ more ] [ reply ]

Cisco Security Advisory: Vulnerabilities in Cisco IOS Secure Shell Server 2005-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[USN-108-1] GDK vulnerability 2005-04-05
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-108-1 April 05, 2005
gtk+2.0, gdk-pixbuf vulnerabilities
CAN-2005-0891
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-05:03.amd64 2005-04-06
FreeBSD Security Advisories (security-advisories freebsd org)

[ GLSA 200504-04 ] mit-krb5: Multiple buffer overflows in telnet client 2005-04-06
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

OSX - trojan apps can bypass authentication controls and gain root privilages 2005-04-06
bert adbas net (1 replies)

OSX Root Compromise
04/05/2005

Summary:
OSX can be root compromised by a trojan application. The trojan
application does not require explicit user authentication to elevate its
privileges to root, nor does the root account need to be enabled. The
Trojan application must be run from an account tha

[ more ] [ reply ]

Re: OSX - trojan apps can bypass authentication controls and gain root privilages 2005-04-06
KF (lists) (kf_lists digitalmunition com)

Active Auction House has multiple Sql injection, error and XSS vulnerabilities 2005-04-06
dcrab (dcrab hackerscenter com)

[USN-109-1] MySQL vulnerability 2005-04-06
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-109-1 April 06, 2005
mysql-dfsg vulnerability
CAN-2004-0957
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

T

[ more ] [ reply ]

Microsoft Explorer Denial of Service 2005-04-06
Luca Ercoli (io lucaercoli it) (1 replies)

Package: Microsoft Explorer
Auth: http://www.microsoft.com/
Vulnerability: Denial of Service
System(s) affected:

- Tested on Windows XP Home Edition [explorer 6.00.2800.1106 (xpsp1.020828-1920)]
- Windows 2000 seem to be not vulnerable.
- Vulnerability has not been tested on other versions of Mic

[ more ] [ reply ]

RE: Microsoft Explorer Denial of Service 2005-04-06
Larry Seltzer (larry larryseltzer com)

Cisco Security Advisory: Vulnerabilities in the Internet Key Exchange Xauth Implementation 2005-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[ GLSA 200504-05 ] Gaim: Denial of Service issues 2005-04-06
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

runcms/e-xoops 1.1A and below file upload vulnerability 2005-04-06
pokley (pokleyzz scan-associates net)

Products: runcms/e-xoops 1.1A (http://www.runcms.org)

Summary: runcms/e-xoops 1.1A and below file upload vulnerability

Description
===========
runcms/e-xoops is an extensible, OO (Object Oriented), easy to use dynamic
web content management system
written in PHP. runcms/e-xoops is the ideal too

[ more ] [ reply ]

drone armies C&C report - March/2005 2005-04-06
Gadi Evron (gadi tehila gov il)

Below is a periodic public report from the drone armies / botnets
research and mitigation mailing list.
For this report it should be noted that we base our analysis on the data
we have accumulated from various sources.

According to our incomplete analysis of information we have thus far, we
now pub

[ more ] [ reply ]

crontab from vixie-cron allows read other users crontabs 2005-04-06
Karol Wiêsek (appelast drumnbass art pl) (1 replies)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Name: vixie-cron
Author: Karol Wiêsek <appelast (at) drumnbass.art (dot) pl [email concealed]>
Date: Mar 21, 2005

Issue:

crontab allows any user to read another users crontabs

Description:

Crontab is used to create special files used by cron to execute commands
at specifi

[ more ] [ reply ]

Re: crontab from vixie-cron allows read other users crontabs 2005-04-06
Richard Moore (rich westpoint ltd uk)

MailEnable Smtpd remote Dos [x0n3-h4ck] 2005-04-05
CorryL (corryl sitoverde com)

-=[---------------------ADVISORY---------------------------]=-
-=[
]=-
-=[ MailEnable Enterprise & Pro remote DOS ]=-
-=[

[ more ] [ reply ]

iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS 2005-04-05
iDEFENSE Labs (labs-no-reply idefense com)

Computer Associates eTrust Intrusion Detection System CPImportKey
Denial of Service Vulnerability

iDEFENSE Security Advisory 04.05.05
www.idefense.com/application/poi/display?id=223&type=vulnerabilities
April 05, 2005

I. BACKGROUND

Computer Associates International, Inc.'s (CA) eTrust Intrusion

[ more ] [ reply ]

Sybase ASE Multiple Security Issues (#NISR05042005) 2005-04-05
NGSSoftware Insight Security Research (nisr nextgenss com)

NGSSoftware Insight Security Research Advisory

Name: Sybase ASE Multiple Security Issues
Systems Affected: Sybase ASE versions prior to 12.5.3 ESD#1
Severity: High
Vendor URL: http://www.sybase.com/
Researchers: Mark Litchfield [ mark (at) ngssoftware (dot) com [email concealed] ]
Sherief Hammad [ sherief@ngssof

[ more ] [ reply ]

[OpenPKG-SA-2005.005] OpenPKG Security Advisory (imapd) 2005-04-05
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]