SecurityFocus

Mozilla Firefox 1.0.1 Javascript Images are Draggable 2005-02-26
Paul (paul greyhats cjb net)

Author: Paul
Affected Software: Mozilla Firefox 1.0.0, 1.0.1 (tested only on these versions)
Risk: Low/Medium

A minor security vulnerability exists in the way that Firefox handles cross-domain image dragging. Dragging an image into the address bar will cause Firefox to navigate to the image url e

[ more ] [ reply ]

Re: Office 10 applications & flashdrives can be used to browse restricted drives 2005-02-25
Paul (paul greyhats cjb net)

In-Reply-To: <066F402A7185F04E8B7506F582E00E895E4C4C (at) mcg-ex02.mcgov (dot) org [email concealed]>

>VENDOR RESPONSE
>This issue was reported to Microsoft on Feb 11, 2005, acknowledged by
>support, and as of today our best efforts to get a hotfix (or even a
>commitment to produce a hotfix at some later date) have been fruitl

[ more ] [ reply ]

Knet <= 1.04c Buffer Overflow Bug 2005-02-25
CorryL (corryl sitoverde com)

-=[--------------------ADVISORY-------------------]=-
-=[
]=-
-=[ Knet <= 1.04c ]=-
-=[
]=-

[ more ] [ reply ]

[ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability 2005-02-25
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

-==phpBB 2.0.12 Full path disclosure==- 2005-02-26
HaCkZaTaN (hck_zatan hotmail com)

/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #06 - 25/02/05
--------------------------------------------------------
Program: phpBB 2.0.12
Homepage: http://www.phpbb.com
Vulnerable Versions: phpBB 2.0.12 & Lower versions
Risk: Low Risk!!
I

[ more ] [ reply ]

CIS WebServer Directory Traversal Bug 2005-02-25
CorryL (corryl sitoverde com)

-=[ x0n3-h4ck Italian Security Team ]=-

/*Advisories*
/*

Application: CIS WebServer

Vendor's Url: www.cisindia.net

Version: 3.5.13

Platforms: Windows

Bug: Directory Traversal

Exploitation: Remote

Author: CorryL

corryl80 (at) gmail (dot) com [email concealed]

www.x0n3-h4ck.org

*

{Description}

CIS WebServer is an ea

[ more ] [ reply ]

RE: Firescrolling [Firefox 1.0] 2005-02-25
Eric McCarty (eric piteduncan com)

Confirmed Exploit works in Firefox 1.0, however on a side note Microsoft
Anti-spyware prevented the script from executing.

Eric McCarty
Systems Administrator
Internet Security Officer

-----Original Message-----
From: mikx [mailto:mikx (at) mikx (dot) de [email concealed]]
Sent: Friday, February 25, 2005 12:11 AM
To: fu

[ more ] [ reply ]

iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability 2005-02-25
iDEFENSE Labs (labs-no-reply idefense com) (1 replies)

WU-FTPD File Globbing Denial of Service Vulnerability

iDEFENSE Security Advisory 02.25.05
www.idefense.com/application/poi/display?id=207&type=vulnerabilities
February 25, 2005

I. BACKGROUND

WU-FTPD is an ftp daemon for Unix systems developed at Washington
University. More information is availab

[ more ] [ reply ]

Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability 2005-02-25
Stan Bubrouski (stan ccs neu edu)

RE: Firescrolling [Firefox 1.0] 2005-02-25
Beauford, Jason (jbeauford EightInOnePet com) (1 replies)

That sucked.

Fortunately: http://www.mozilla.org/products/firefox/releases/

jmb

-----Original Message-----
From: mikx [mailto:mikx (at) mikx (dot) de [email concealed]]
Sent: Friday, February 25, 2005 3:11 AM
To: full-disclosure (at) lists.netsys (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed];
NTBUGTRAQ (at) LISTSERV.NTBUGTRAQ (dot) COM [email concealed]
Subject: Firescro

[ more ] [ reply ]

Re: Firescrolling [Firefox 1.0] 2005-02-26
btrq bob-n com

[USN-85-1] Gaim vulnerabilities 2005-02-25
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-85-1 February 25, 2005
gaim vulnerabilities
CAN-2005-0208, CAN-2005-0472, CAN-2005-0473
===========================================================

A security issue affects the following Ubuntu releases:

Ubun

[ more ] [ reply ]

[FLSA-2005:2336] Updated kernel packages fix security issues 2005-02-25
Marc Deslauriers (marcdeslauriers videotron ca)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:2336
Issue date: 2005-02-24
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ] [ reply ]

AW: phpWebSite-0.10.0_exploit 2005-02-25
webmaster clueless-design de

actually this bug seems to be fixed long time ago by adding following code
to the EZform.php
----
if (is_null($allowedImages) || !is_array($allowedImages)) {
include(PHPWS_SOURCE_DIR.'conf/allowedImageTypes.php');
$allowedImages = $allowedImageTypes;
}

$fileTypes = implode("

[ more ] [ reply ]

CFP: WORM 2005 2005-02-25
David Moore (dmoore caida org)

CALL FOR PAPERS

WORM 2005 - The 3rd Workshop on Rapid Malcode (WORM)
Fairfax, VA, USA, November 11th, 2005 in conjunction with ACM CCS
Submissions due June 23rd, 2005

http://www1.cs.columbia.edu/~angelos/worm05/

In the last several years, Internet-wide infectious epidemics have
emerged as one of

[ more ] [ reply ]

Announce: RSBAC v1.2.4 released 2005-02-25
Amon Ott (ao rsbac org)

Rule Set Based Access Control (RSBAC) v1.2.4 has been released! Full
information and downloads are available from http://www.rsbac.org

RSBAC Key Features:

* Free Open Source (GPL) Linux kernel security extension
* Independent of governments and big companies
* Several well-known and

[ more ] [ reply ]

[SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution 2005-02-25
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 690-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 25th, 2005

[ more ] [ reply ]

Firescrolling [Firefox 1.0] 2005-02-25
mikx (mikx mikx de)

__Summary

Remember my Internet Explorer "scrollbar exploit" based on http-equiv's
"What a Drag"? When will people ever learn that "unusual user interaction"
can be hidden by common tasks...

Let's combine fireflashing, firetabbing, xul and javascript to run arbitrary
code by dragging a scrollbar

[ more ] [ reply ]

phpWebSite 0.10.0 Full Path disclosure 2005-02-25
HaCkZaTaN (hck_zatan hotmail com)

/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® [ [ wWw.SoSvulnerable.NeT ] ]®
--------------------------------------------------------
Program: phpWebSite 0.10.0
Homepage: http://phpwebsite.appstate.edu
Vulnerable Versions: All
Risk: High!!
Impact: Fu

[ more ] [ reply ]

phpWebSite 0.10.0 Full Path disclosure 2005-02-25
HaCkZaTaN. (hck_zatan hotmail com)

/*

--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® [ [ wWw.SoSvulnerable.NeT ] ]®
--------------------------------------------------------
Program: phpWebSite 0.10.0
Homepage: http://phpwebsite.appstate.edu
Vulnerable Versions: All
Risk: High!!
Impact: F

[ more ] [ reply ]

[SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 2005-02-24
Maksymilian Arciemowicz (max jestsuper pl) (1 replies)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4]

Author: Maksymilian Arciemowicz (cXIb8O3)
Date: 24.2.2005

- --- 0.Description ---
phpMyAdmin 2.6.1 is a tool written in PHP intended to
handle the administration of MySQL over the Web.
Curr

[ more ] [ reply ]

Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion 2005-02-26
Calum Power (enune fribble net)

phpWebSite-0.10.0_exploit 2005-02-24
tjomka (tjomka navigator lv)

phpWebSite-0.10.0_exploit

[ more ] [ reply ]

[FLSA-2005:2005] Updated gdk-pixbuf packages fix security flaws 2005-02-24
Marc Deslauriers (marcdeslauriers videotron ca)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated gdk-pixbuf packages fix security flaws
Advisory ID: FLSA:2005
Issue date: 2005-02-23
Product: Red Hat Linux
Keywords: Bugfix

[ more ] [ reply ]

MDKSA-2005:047 - Updated squid packages fix vulnerability 2005-02-24
Mandrakelinux Security Team (security linux-mandrake com)

[FLSA-2005:2343] Updated vim packages fix security issues 2005-02-24
Marc Deslauriers (marcdeslauriers videotron ca)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated vim packages fix security issues
Advisory ID: FLSA:2343
Issue date: 2005-02-23
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ] [ reply ]

MDKSA-2005:046 - Updated uim packages fix vulnerability 2005-02-24
Mandrakelinux Security Team (security linux-mandrake com)

[FLSA-2005:2043] Updated zlib package fixes security issues 2005-02-24
Marc Deslauriers (marcdeslauriers videotron ca)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated zlib package fixes security issues
Advisory ID: FLSA:2043
Issue date: 2005-02-23
Product: Fedora Core
Keywords: Bugfix
Cross

[ more ] [ reply ]

Multiple vulns in punBB 2005-02-24
John Gumbel (johannes gumbel 2873 student uu se)

...

- Johannes Gumbel

[ more ] [ reply ]