SecurityFocus

Remote Command Execution 2005-03-07
Francisco Alisson (dominusvis click21 com br)

Remote Command Execution

Script: The Includer ( www.smarterscripts.com/includer/ )

Remote Command Execution on:

Example I.: www.host-vulnerable.com/includer.cgi?|id|
Example II.: www.host-vulnerable.com/includer.cgi?template=|id|

Sorry if the bug is already posted ;)

[ more ] [ reply ]

[SECURITY] [DSA 691-1] New abuse packages fix local root exploit 2005-03-07
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 691-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 7th, 2005

[ more ] [ reply ]

[ GLSA 200503-13 ] mlterm: Integer overflow vulnerability 2005-03-07
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php 2005-03-05
Some one (someone cannabismail com)

In-Reply-To: <20050303055339.3109.qmail (at) www.securityfocus (dot) com [email concealed]>

>phpBB 2.0.13 Bad filtered in usercp_register.php

The error isn't in usercp_register.php, it is perfectly fine that the user can set these options. The Problem is the HTML filtering in privmsg.php and viewtopic.php.

In privmsg.php you

[ more ] [ reply ]

Windows Server 2003 and XP SP2 LAND attack vulnerability 2005-03-05
Dejan Levaja (dejan levaja com)

Hello, everyone.

Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are vulnerable to LAND attack.

LAND attack:
Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condit

[ more ] [ reply ]

MDKSA-2005:050 - Updated gftp packages fix vulnerability 2005-03-04
Mandrakelinux Security Team (security linux-mandrake com)

MDKSA-2005:052 - Updated kdegraphics packages fix vulnerabilities 2005-03-04
Mandrakelinux Security Team (security linux-mandrake com)

MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities 2005-03-04
Mandrakelinux Security Team (security linux-mandrake com)

MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities 2005-03-04
Mandrakelinux Security Team (security linux-mandrake com)

MDKSA-2005:048 - Updated curl packages fix vulnerability 2005-03-04
Mandrakelinux Security Team (security linux-mandrake com)

PaX privilege elevation security bug 2005-03-05
pageexec freemail hu

LOOKNMEET HTML INJECT EXPLOIT 2005-03-04
Wesley aka PPC (ppc respected as)

-----------------------------------

LOOKNMEET HTML INJECT EXPLOIT
- By PPC^Rebyte

-----------------------------------

27feb2005

*** SEE BELOW FOR DUTCH VERSION ***
*** NEDERLANDSE VERSIE ONDERAAN ***

( ENGLISH VERSION )

*** Status
__________

[ more ] [ reply ]

phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- 2005-03-04
Wesley aka PPC (ppc respected as)

-----------------------------------

phpBB 2.0.12 Session Handling
Administrator Authentication
Bypass EXPLOIT -SIMPLIFIED-
- By PPC^Rebyte

-----------------------------------

03maa2005

** NEDERLANDSE VERSIE ONDERAAN / DUTCH VERSION BELOW **

[ more ] [ reply ]

Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 2005-03-04
Andrey Bayora (andrey hiddenbit org)

The first part is here:
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0475.html

First, this post isn?t about ?how dangerous GDI+ bug or malicious JPEG
image?, but ?how good? is your antivirus software.

The issue is: only 1 out of 23 tested antivirus software can detect
malicious J

[ more ] [ reply ]

[ GLSA 200503-10 ] Mozilla Firefox: Various vulnerabilities 2005-03-04
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200503-09 ] xv: Filename handling vulnerability 2005-03-04
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200503-08 ] OpenMotif, LessTif: New libXpm buffer overflows 2005-03-04
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

-==phpBB 2.0.13 Full path disclosure==- 2005-03-04
HaCkZaTaN (hck_zatan hotmail com)

/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #09 - 03/03/05
--------------------------------------------------------
Program: phpBB 2.0.13
Homepage: http://www.phpbb.com
Vulnerable Versions: phpBB 2.0.13 & Lower versions
Risk: Low Risk!!
I

[ more ] [ reply ]

Re: TYPO3 SQL Injection vunerabilitie 2005-03-04
Karsten Dambekalns (karsten typo3 org)

In-Reply-To: <20050303170830.16705.qmail (at) www.securityfocus (dot) com [email concealed]>

Hi.

>Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in
the links-section/module/whatever you call it).

This is the first important information - this is NOT a vulnerability
in TYPO3 itself, but in an extension.

>I d

[ more ] [ reply ]

PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx) 2005-03-04
Filip Groszynski (groszynskif gmail com)

-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Name: Form Mail Script (FS)
Version: <= 2.3 (free/commercial)
Homepage: http://www.stadtaus.com/

Author: Filip Groszynski (VXSfx)
Date: 4 March 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --

Vulnerable

[ more ] [ reply ]

Re: TYPO3 SQL Injection vunerabilitie 2005-03-04
Michael Stucki (michael typo3 org)

In-Reply-To: <20050303170830.16705.qmail (at) www.securityfocus (dot) com [email concealed]>

Hello Fabian,

(repost because posting through GMANE appears not to
work!)

> Two week ago I found a SQL Inejetion vulnerabilitie
in Typo3 (in the
> links-section/module/whatever you call it). I
didn't really try to
> develope

[ more ] [ reply ]

Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx) 2005-03-04
Filip Groszynski (groszynskif gmail com)

-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Name: Download Center Lite (DCL)
Version: <= 1.5 (free/commercial)
Homepage: http://www.stadtaus.com/

Author: Filip Groszynski (VXSfx)
Date: 4 March 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --

Vulne

[ more ] [ reply ]

GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability 2005-03-04
Hongzhen Zhou (felix__zhou hotmail com) (1 replies)

GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability

******
Author
******

Hongzhen Zhou ( Fortinet,inc )
{
felix__zhou _at_ hotmail _dot_ com
hzhou _at_ fortinet _dot_ com
}

********************
vulnerable version
********************

Just tested on GIMP version 2.2

[ more ] [ reply ]

Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability 2005-03-04
Frank Denis (Jedi/Sector One) (j c9x org)

PHP News <= 1.2.4 - Remote File Inclusion Exploit 2005-03-03
mozako (mozako mybox it)

[badroot security POC]: PHP News <= 1.2.4 - Remote File Inclusion Exploit

=- Description -=

A simple POC exploit for PHP News <= 1.2.4 remote file inclusion
vulnerability discovered by Filip Groszynski.

=- Exploit -=

#!/usr/bin/python
# PHP News 1.2.4 remote file inclusion exploit
# Code

[ more ] [ reply ]