SecurityFocus

Off-by-one bug in Halo 1.04 2004-09-09
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Halo: Combat Evolved
http://www.bungie.net/Games/HaloPC/
Versions: <= 1.4
Platforms: Windows and MacOS
Bug: off-by-one (Denial of Service

[ more ] [ reply ]

Re: FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities 2004-09-09
http-equiv (at) excite (dot) com [email concealed] (1 malware com)

This is amusing. Though you're not the first to conjur

[ more ] [ reply ]

Multiple vulnerabilities 1n BBS E-Market Professional 2004-09-09
Ahmad Muammar (y3dips echo or id)

ECHO_ADV_06$2004

------------------------------------------------------------------------
---

Multiple vulnerabilities 1n BBS E-Market Professional

------------------------------------------------------------------------
---

Author: y3dips

Date: Sept, 7th 2004

Location: Indones

[ more ] [ reply ]

[ GLSA 200409-14 ] Samba: Remote printing vulnerability 2004-09-09
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

[ GLSA 200409-12 ] ImageMagick, imlib, imlib2: BMP decoding buffer overflows 2004-09-08
Thierry Carrez (koon gentoo org)

[ GLSA 200409-13 ] LHa: Multiple vulnerabilities 2004-09-08
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

MDKSA-2004:091 - Updated cdrecord packages fix local root vulnerability 2004-09-08
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:089 - Updated imlib/imlib2 packages fix BMP crash vulnerability 2004-09-08
Mandrake Linux Security Team (security linux-mandrake com)

[XSS]/SQL Injection PHP-Nuke Delete Message(s) Bug 2004-09-08
bima tampan (iko94 yahoo com)

[XSS]/SQL Injection PHP-Nuke Delete Message(s) Bug by bima_

Php-Nuke is a popular freeware content management system.

Based on information at :

http://www.mantralab.org/modules.php/modulo/news/lanotizia/%5BXSS%5D+PHP
-Nuke+7.4+Add+Message+Bug

An attacker permitted to post to global home-pag

[ more ] [ reply ]

Re: Apple, Apple Remote Desktop client [Multiple vulnerabilities] 2004-09-08
Jérôme ATHIAS (jerome athias caramail com)

In-Reply-To: <20040905194317.GD66232 (at) lightship.internal.homeport (dot) org [email concealed]>

Mac OS X CoreFoundation Buffer Overflow and Library Loading Bugs Let Local Users Gain Elevated Privileges

References:

http://securitytracker.com/id?1011174

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0821

http:/

[ more ] [ reply ]

Insecure Temporary File Creation Vulnerability in Net-Acct 2004-09-08
Jérôme ATHIAS (jerome athias caramail com)

Net-Acct is a user-space daemon which generates log files of network traffic for accounting purposes. Initially created by Ulrich Callmeier, it is now worked upon occasionally by a team of volunteers on the list net-acct*CoLi.Uni-SB.DE, questions are best asked there or net-acct*exorsus.net.

S

[ more ] [ reply ]

Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit 2004-09-08
Jérôme ATHIAS (jerome athias caramail com)

DATE

08/09/2004

PRODUCT

Trillian is a chat client currently supporting IRC, AIM, ICQ, MSN Messenger, and Yahoo! Messenger. (from readme.txt file)

DETAILS

A buffer overflow vulnerability in basic edition version 0.74i (latest version) occours in the MSN module when receiving a string of ar

[ more ] [ reply ]

MDKSA-2004:090 - Updated zlib packages fix DoS vulnerability 2004-09-08
Mandrake Linux Security Team (security linux-mandrake com)

[ GLSA 200409-11 ] star: Suid root vulnerability 2004-09-07
Kurt Lieber (klieber gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SNS Advisory No.77] Usermin Remote Arbitrary Shell Command Execution Vulnerability 2004-09-07
snsadv lac co jp (snsadv)

----------------------------------------------------------------------
SNS Advisory No.77
Usermin Remote Arbitrary Shell Command Execution Vulnerability

Problem first discovered on: Sun, 11 Apr 2004
Published on: Tue, 7 Sept 2004
---------------------------------------------------------------------

[ more ] [ reply ]

mpg123 buffer overflow vulnerability 2004-09-07
Davide Del Vecchio (dante alighieri org)

=======================================================
mpg123-0.59r buffer overflow vulnerability
=======================================================

Davide Del Vecchio Adv#10

Discovered in: 16/08/2003
Date: 06/09/2003
Version affected: mpg123-0.59r and maybe mpg123-0.59s
CVE: CAN-2004-080

[ more ] [ reply ]

Site News Authentication Error May Let Local Users Add Messages 2004-09-05
Jérôme ATHIAS (jerome athias caramail com)

SecurityTracker Alert ID: 1011159

SecurityTracker URL: http://securitytracker.com/id?1011159

Date: Sep 5 2004

Impact: Modification of user information

Exploit Included: Yes

Version(s): 1.1

Description: A vulnerability was reported in Site News. A local user can a

[ more ] [ reply ]

Bug XSS in PsNews 1.1 2004-09-05
Michal Blaszczak (wacky nicponie org)

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

*5-9-2004

*Autor: wacky

*E-mail: wacky (at) nicponie (dot) org [email concealed]

*WWW: http://www.nicponie.org

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

-----------------------------------------------

|BugCross-Site Scripting (XSS) w PsNews

[ more ] [ reply ]

PHP-Nuke 7.4 Multiple XSS Vulnerabilities Patch 2004-09-05
Pierquinto Manco (mantra ntj it)

***************************************************************

CODEBUG LABS

PATCH #1 to [XSS] Vulnerabilities in Admin Panel of PHP-NUKE 7.4

***************************************************************

To Patch your admin panel from this vulnerabilities hurricane y

[ more ] [ reply ]

[XSS] PHP-Nuke 7.4 AddMsg Bug 2004-09-05
Pierquinto Manco (mantra ntj it)

**************************************************************

* CODEBUG Labs

* Advisory #4

* Title: Addmsg Bug

* Author: Pierquinto 'Mantra' Manco

* Product: PHP-Nuke 7.4

* Type: XSS

* Web: http://www.mantralab.org

*

**************************************************************

[ more ] [ reply ]

Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4 2004-09-06
Pierquinto Manco (pierquinto gmail com)

**************************************************************

* CODEBUG Labs

* Patch #1

* Title: Multiple XSS Bug in admin.php

* Author: Pierquinto 'Mantra' Manco

* Product: PHP-Nuke 7.4

* Web: http://www.mantralab.org

*

* Register to our site and receive our newsletter!

************

[ more ] [ reply ]

[XSS] PHP-Nuke 7.4 Newsletter Injection Bug 2004-09-05
Pierquinto Manco (mantra ntj it)

**************************************************************

* CODEBUG Labs

* Advisory #5

* Title: Newsletter Injection Bug

* Author: Pierquinto 'Mantra' Manco

* Product: PHP-Nuke 7.4

* Type: XSS

* Web: http://www.mantralab.org

*

******************************************************

[ more ] [ reply ]

[ GLSA 200409-10 ] multi-gnome-terminal: Information leak 2004-09-06
Thierry Carrez (koon gentoo org)

Apple, Apple Remote Desktop client 2004-09-05
Adam Shostack (adam homeport org)

In Software Update, I see:
> The Apple Remote Desktop Client version 1.2.4 update delivers
> improvements to security, performance, and reliability of the Apple
> Remote Desktop 1.2 client software running on Mac OS X versions
> 10.1, 10.2 and 10.3. For more information on this update, please
> refe

[ more ] [ reply ]

cdrdao local root exploit 2004-09-05
Jérôme ATHIAS (jerome athias caramail com) (1 replies)

#!/bin/sh

DIR=`pwd`

echo ""

echo "cdrdao local root exploit - gr doesn't protect you this time"

echo "Karol Wiêsek <appelast*drumnbass.art.pl>"

echo ""

sleep 2

umask 000

echo -n "[*] Checking if /etc/ld.so.preload doesn't exist ... "

if [ -f /etc/ld.so.preload ]; then

echo "WRONG"

echo

[ more ] [ reply ]

Re: cdrdao local root exploit 2004-09-07
3APA3A (3APA3A SECURITY NNOV RU)

[RLSA_01-2004] QNX PPPoEd local root vulnerabilities 2004-09-05
Julio Cesar Fort (julio rfdslabs com br)

*** rfdslabs security advisory ***

Title: QNX PPPoEd local root vulnerabilities [RLSA_01-2004]

Versions: QNX RTP 6.1 (possibly others)

Vendor: http://www.qnx.com

Date: 02 Sep 2004

Author: Julio Cesar Fort <julio at rfdslabs com br>

1. Introduction

PPPoEd daemon

[ more ] [ reply ]