SecurityFocus

[ GLSA 200412-01 ] rssh, scponly: Unrestricted command execution 2004-12-03
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA 604-1] New hpsockd packages fix denial of service 2004-12-03
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 604-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 3rd, 2004

[ more ] [ reply ]

Advanced Guestbook 2004-12-02
Emile van Elen (emile van elen gmail com)

There's a XSS in Advanced Guestbook 2.3.1

For example:

index.php?entry=<script>alert(document.cookie)</script>

greetings,
--
Emile van Elen

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-04:17.procfs 2004-12-02
FreeBSD Security Advisories (security-advisories freebsd org)

Remote Mercury32 Imap exploit 2004-12-01
JohnH (johnh secnetops com)

Here you go guys. A fully working Remote Mercury32 Imap exploit. This will
work on any windows OS. 100% universal. And now it has 14 possible targets.

Again, Someone posted some dos code :(

Cheers,

Johnh (at) secnetops (dot) com [email concealed]
Security Researcher
VISIT: www.secnetops.com

[ more ] [ reply ]

Official IFRAME patch - make sure it installs correctly 2004-12-02
Berend-Jan Wever (skylined edup tudelft nl)

The IFRAME vulnerability has been patched, see http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

*** Make sure you are patched after installing ***
I installed it using "Automatic Updates" (on Win2ksp4), rebooted and loaded my InternetExploiter.html: IT STILL WORKED!!
Even though bot

[ more ] [ reply ]

Multiple vulnerabilities in Kreed 1.05 2004-12-02
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Kreed
http://www.kreed3d.com
Versions: <= 1.05
Platforms: Windows
Bugs: A] in-game format string
B] forced exit caused by "m

[ more ] [ reply ]

[USN-37-1] cyrus21-imapd vulnerability 2004-12-02
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-37-1 December 02, 2004
cyrus21-imapd vulnerability
CAN-2004-1067
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

[ more ] [ reply ]

Blog Torrent preview 0.8 - arbitary file download 2004-12-02
Steve Kemp (steve steve org uk)

Intro
-----

Blogtorrent is a collection of PHP scripts which are designed to
make it simple to host files for transfer via bittorrent.

Whilst it is not normal to report security problems in "preview"
releases of software this software was covered prominently upon
Slashdot and could be wi

[ more ] [ reply ]

rssh and scponly arbitrary command execution 2004-12-02
Jason Wies (jason xc net)

Vulnerable applications:

rssh
All versions
All operating systems
scponly
All versions
All operating systems

Not vulnerable:

Discussion:

rssh and scponly are restricted shells that are designed to allow execution
only

[ more ] [ reply ]

[CLA-2004:905] Conectiva Security Announcement - squirrelmail 2004-12-02
Conectiva Updates (secure conectiva com br)

Cisco Security Advisory: Cisco CNS Network Registrar Denial of Service Vulnerability 2004-12-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[USN-34-1] OpenSSH information leakage 2004-11-30
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-34-1 November 30, 2004
openssh information leakage
CAN-2003-0190
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

[ more ] [ reply ]

[ GLSA 200411-37 ] Open DC Hub: Remote code execution 2004-11-28
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[USN-33-1] libgd vulnerabilities 2004-11-29
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-33-1 November 29, 2004
libgd vulnerabilities
CAN-2004-0941
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The

[ more ] [ reply ]

[USN-35-1] imagemagick vulnerabilities 2004-11-30
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-35-1 November 30, 2004
imagemagick vulnerabilities
CAN-2004-0827
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

[ more ] [ reply ]

[USN-36-1] NFS statd vulnerability 2004-12-01
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-36-1 December 01, 2004
nfs-utils vulnerability
CAN-2004-1014
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

Th

[ more ] [ reply ]

Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003. 2004-12-01
Reed Arvin (reedarvin gmail com)

Summary:
Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003
(http://www.pmail.com/).

Details:
Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.
There are 14 vulnerable commands that can be used to cause buffer
overflows to occur. After a successful login to the mail

[ more ] [ reply ]

[CLA-2004:904] Conectiva Security Announcement - cyrus-imapd 2004-12-01
Conectiva Updates (secure conectiva com br)

[SECURITY] [DSA 603-1] New openssl packages fix insecure temporary file creation 2004-12-01
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 603-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 1st, 2004

[ more ] [ reply ]

[CLA-2004:902] Conectiva Security Announcement - abiword 2004-12-01
Conectiva Updates (secure conectiva com br)

Re: Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln 2004-11-30
Holger Zimmermann (zimpel users sourceforge net)

In-Reply-To: <20020310042345.5422.qmail (at) mail.securityfocus (dot) com [email concealed]>

>To see the webroot directory just simply cause a 404

>error:

>

>http://pi3web-host.com/fake_page

This is caused by the usage of the default configuration for the wrong purpose. If you look into the configuration examples in the

[ more ] [ reply ]

Re: Winamp - Buffer Overflow In IN_CDDA.dll 2004-12-01
Black Dot (blackd0t mail ru)

In-Reply-To: <KFEMINDBKGBEMHACCJHCKEFCFDAA.brett.moore (at) security-assessment (dot) com [email concealed]>

Hello,

In my opinion the bug can't be exploited. I analized it in the debugger and found out that the address of the malicious code that is supposed to be executed has a NULL character. That means, that when we creat

[ more ] [ reply ]

Invision Power Board 'Allow auto login' setting override 2004-11-30
Hillel Himovich (hll netvision net il)

This next Vulnerability was discovered by Keyboard_Criminal <matan.marciano at gmail.com>

IPB Has a setting that enables admins to disable members from auto-login to the forums

This can be easily bypassed using this next method:

1. Use the password reset form and enter there requested nickn

[ more ] [ reply ]

Disclosure of file system information in Mozilla Firefox and Opera Browser: 2004-12-01
Giovanni Delvecchio (badpenguin79 hotmail com) (1 replies)

Title: Disclosure of file system information in Mozilla Firefox and Opera
Browser

Note:
I don't know if it could be considered really a security problem, anyway
i'll try to explain my ideas.
Sorry for my bad english.

Author: Giovanni Delvecchio

Bug: Disclosure of file system information

App

[ more ] [ reply ]

Re: Disclosure of file system information in Mozilla Firefox and Opera Browser: 2004-12-02
Liu Die Yu (liudieyu umbrella name)

SUSE Security Announcement: various kernel problems (SUSE-SA:2004:042) 2004-12-01
Marcus Meissner (meissner suse de)

[KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in"proxylog.dat" 2004-12-01
Kurczaba Associates advisories (advisories kurczaba com)

IPCop Cross Site Scripting Vulnerability in "proxylog.dat"
http://www.kurczaba.com/html/security/0411291.htm
----------------------------------------------------------

Overview:
"IPCop implements existing technology, secure programming practices and outstanding new concepts to make it â??theâ?? Lin

[ more ] [ reply ]

Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4 2004-11-30
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Jana server 2
http://www.janaserver.de
Versions: <= 2.4.4
Platforms: Windows
Bug: endless loops in the http-server and pna-proxy modules

[ more ] [ reply ]

CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability 2004-11-30
Hongzhen Zhou (felix__zhou hotmail com)

Author:

Hongzhen Zhou(Fortinet, Inc) <felix__zhou _at_ hotmail _dot_ com>

DATE:

24/11/2004

PRODUCTS:

CuteFTP Professional - FTP client for Windows.

AFFECTED VERSION:

Versions verified to be vulnerable:

CuteFTP Professional 6.0 (latest verson)

Other versions are not tested.

DETAIL

[ more ] [ reply ]