SecurityFocus

dwc_articles possible sql injection 2004-10-23
Rene (l0om excluded org)

author: l0om

site: www.excluded.org

product: dwc_articles <= 1.6 (maybe other versions too)

problem: possible sql injection

Vendor site?

www.distinctwebcreations.com

note:its currently down.

Vendor status?

Didnt find an email address or phon number.

what is it?

[ more ] [ reply ]

Re: Full path disclosure and sql injection on CubeCart 2.0.1 2004-10-21
sculptex sculptex co uk

In-Reply-To: <20041006144016.28823.qmail (at) www.securityfocus (dot) com [email concealed]>

Solution

INSERT

if (!is_numeric($cat_id))

unset($cat_id);

BEFORE

include("header.inc.php");

IN

index.php

[ more ] [ reply ]

Ability FTP Server 2.34 Buffer Overflow Exploit 2004-10-22
Jérôme ATHIAS (jerome athias caramail com)

Application Name: Ability Server

Url: http://www.code-crafters.com/abilitywebserver.html

#################################################

# Ability Server 2.34 FTP STOR Buffer Overflow #

# Advanced, secure and easy to use FTP Server. #

# 21 Oct 2004 - muts

[ more ] [ reply ]

windows 2000 server terminal server denial of service 2004-10-21
Nick Caramella (root caramella freeserve co uk)

Open thousands of connections from a terminal server (windows 2000 server) to the clients causes a denial of service of the server itself with most connections being dropped or reset,

It is to create a VB/VBA macro that open several connections to ports open on the client machines and this will e

[ more ] [ reply ]

Norton AntiVirus 2004/2005 Script Blocking Redux 2004-10-21
Daniel Milisic (dmilisic myrealbox com)

Hello All,

A correction and some clarification in reference to:
http://lists.insecure.org/lists/fulldisclosure/2004/Oct/0540.html
Norton AntiVirus 2004 Script Blocking Failure (Rant and PoC enclosed)

I was incorrect on a detail: NAV 2004 "resident scanner" Application
Privileges. If you read on y

[ more ] [ reply ]

AOL Journals BlogID incrementing discloses account names and e-mail 2004-10-22
Steven (steven lovebug org)

Date: October 22, 2004
Vendor: America Online Inc.
Issue: AOL Journals BlogID incrementing discloses account names and
e-mail addresses
URL: http://journals.aol.com / AOL Keyword: Journals
Advisory: http://www.lovebug.org/aoljournals_advisory.txt

Service Overview

[ more ] [ reply ]

Is Windows up to snuff for running our world? 2004-10-22
Richard M. Smith (rms computerbytesman com)

Hi,

The Microsoft Windows operating system is increasingly being used in devices
which run our world. Some examples include cash registers, ATMs, electronic
voting machines, and factory control computers. But is the Windows
operating system really reliable and secure enough for these kinds of
app

[ more ] [ reply ]

[CLA-2004:877] Conectiva Security Announcement - mozilla 2004-10-22
Conectiva Updates (secure conectiva com br)

iDEFENSE Security Advisory XX.XX.04 - Novell SuSe Linux LibTIFF Heap Overflow Vulnerability 2004-10-22
customer service mailbox (customerservice idefense com)

Novell SuSe Linux LibTIFF Heap Overflow Vulnerability

iDEFENSE Security Advisory 10.22.04
www.idefense.com/application/poi/display?id=154&type=vulnerabilities
October 22, 2004

I. BACKGROUND

libtiff provides support for using the Tag Image File Format (TIFF), a
widely used format for storing image

[ more ] [ reply ]

Hack Dot AE 2004-10-22
Spy Hat (spyhat spyhat com)

Hack Dot AE (Http://www.hack.ae) the region?s first ?UAE Web Hacking Challenge?. It is primarily to be played online on a website exclusively developed for the challenge. There are ten levels for HACK Dot AE Contest. Each level has a different problem which will test the candidates hacking capabil

[ more ] [ reply ]

Windows DoS in certain pGina configurations 2004-10-22
Steven (steven lovebug org)

Date: October 22, 2004
Product/Service: pGina 1.7.6 and probably older version
Issue: Windows DoS in certain pGina configurations
URL: http://pgina.xpasystems.com/
Advisory URL: http://www.lovebug.org/pgina_dos.txt

Service Overview:

pG

[ more ] [ reply ]

SuSE Security Announcement: libtiff (SUSE-SA:2004:038) 2004-10-22
Marcus Meissner (meissner suse de)

[Fwd: Altiris Carbon Copy Remote Control local SYSTEM exploitation.] 2004-10-22
KF_lists (kf_lists secnetops com)

[ more ] [ reply ]

J2ME security vulnerabilities 2004-10-22
Adam Gowdiak (zupa man poznan pl)

Hello all,

Since I received information from SUN Microsystems that they did not
plan to release
Sun Alert for the issues I found in their CLDC [1] reference
implementation, I would
like to announce the following.

I found two very serious security vulnerabilities in Java technology for
mobile
d

[ more ] [ reply ]

[Security Bulletin] SSRT4807 HP-UX stmkfont local unauthorized privileged access 2004-10-22
Boren, Rich (SSRT) (rich boren hp com)

MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities 2004-10-22
Mandrake Linux Security Team (security linux-mandrake com)

[KDE security advisory] Multiple integer overflows in kpdf 2004-10-22
Dirk Mueller (mueller kde org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KDE Security Advisory: kpdf integer overflows
Original Release Date: 2004-10-21
URL: http://www.kde.org/info/security/advisory-20041021-1.txt

0. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.o

[ more ] [ reply ]

MDKSA-2004:115 - Updated kdegraphics packages fix DoS vulnerability 2004-10-22
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:113 - Updated xpdf packages fix vulnerabilities 2004-10-22
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability 2004-10-22
Mandrake Linux Security Team (security linux-mandrake com)

[HV-LOW] Unsafe WAV header handling can cause DoS on Windows 2004-10-21
vuln hexview com

[ GLSA 200410-21 ] Apache 2, mod_ssl: Bypass of SSLCipherSuite directive 2004-10-21
Kurt Lieber (klieber gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

MDKSA-2004:112 - Updated squid packages fix SNMP processing vulnerability 2004-10-21
Mandrake Linux Security Team (security linux-mandrake com)

Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS (Risk increased) 2004-10-21
Juan C Calderon (juan calderon ge com)

In-Reply-To: <20041018184817.32681.qmail (at) www.securityfocus (dot) com [email concealed]>

We are aware that at least from R4 and later versions embedded HTML code enclosed in square brackets is send "as is" to browser, we tested this issue in R6 and R5 environments and it worked, it should work in all prior versions that su

[ more ] [ reply ]

HTTP Response Splitting in Serendipity 0.7-beta4 2004-10-21
Chaotic Evil (chaoticevil spyring com)

SECURITY ADVISORY: HTTP Response Splitting in
Serendipity 0.7-beta4

AUTHOR: Chaotic Evil (chaoticevil $$$at$$$ spyring
$$$dot$$$ com)

DATE: October 21st, 2004

PRODUCT: Serendipity 0.7-beta4 [October 14th, 2004
(Recommended release, most stable)] - www.s9y.org

FROM THE VENDOR WEBSITE:
Serendipi

[ more ] [ reply ]

MDKSA-2004:110 - Updated gaim packages fix vulnerabilities 2004-10-21
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities 2004-10-21
Mandrake Linux Security Team (security linux-mandrake com)

SQL Injection in UBB.threads 3.4.x 2004-10-21
Florian Rock (florianrock web de)

Product:
========
UBB.threads

Vendor:
=======
UBBCentral (http://www.ubbcentral.com/)

Versions:
=========
I tested it successfull on 3.4.x
At Version 3.5 you need to be logged in to perform a search. I didnt tested
this version.

Problem:
========
Sql-Injection in dosearch.php
dosearch.php?Name='

[ more ] [ reply ]