Security Advisory KM-2004-01: Cross-Site Scripting in Blosxom writeback

Affected Application:
Blosxom (http://www.blosxom.com)

Severity: Medium to high (typical XSS impacts)

Introduction:
Blosxom, a weblog tool, has an optionally-installable plugin commonly
used for allowing users to post comment

[ more ]  [ reply ]

Hello.
US Robotics Broadband Router 8003 is a small home/SOHO router which
is configured using a HTML interface. This interface, as usual, asks for a
password in order to let you view or change configuration parameters. But
the password is checked first by a javascript function that just com

[ more ]  [ reply ]

Dear List,

Imperva(tm)'s Applidcation Defense Center has recently discovered a
vulnerability in Business Objects' Crystal Reports Web Delivery Modules.
This vulnerability may lead to arbitrary file access and denial of
service.

Following are the advisory's details.
================================

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: http://www.codemasters.com/tocaracedriver/
Versions: <= 1.20
Platforms: Windows
Bugs: various crashs and spoofed messages
Risk: medium
Exploitat

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-04:12.jailroute Security Advisory
The FreeBSD Project

Topic: Ja

[ more ]  [ reply ]

Linksys Web Camera version 2.10 (only tested with 2.10) is vulnerable to a file inclusion vulnerability in main.cgi

Example: http://www.host.com/main.cgi?next_file=/etc/passwd

[ more ]  [ reply ]

In-Reply-To: <20040605203922.GW19402 (at) alcor (dot) net [email concealed]>

i didn't bother to check deb package, but this patch:

> http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1
.diff.gz

applied to this package:

> Size/MD5 checksum: 21414 0f990fd920ea4770dd088a97c1c87f18

> http://se

[ more ]  [ reply ]

SMC has released updated firmware for their 7008ABRv2 (part number: 750.9814)
and 7004VBRv1 routers that permanently fixes the port 1900 issue, making port
1900 no longer be WAN (internet) accessible.

The firmware update for the 7008ABRv2 (version 1.035) is available from:
http://www.smc.com/inde

[ more ]  [ reply ]

On Sunday, June 06, 2004 2:35 AM James Garrison wrote:

> CORRECTION - Firmware is 3.1RC5 not 2.0RC5 as I first stated
>
> My WG602v2 with firmware 3.1RC5 does not appear to be vulnerable.
> ^^^^^^
>
> I cannot login with the super/5777364 combination.

Firmware 3.2RC3 se

[ more ]  [ reply ]

Aloha,

I'd like to announce version 1.86 of n0t - network 0S tracer

In short n0t is an easy to use sniffer with remote OS and NAT
detection, simple IDS (NMap, XMAS, NULL scans), output
configuration scripts (very useful for really big traffic)
and BPF filter (tcpdump-style).

I believe discussion

[ more ]  [ reply ]

Another bit of warning about linksys and their inability to get the firmware
release vs. hardware version worked out correctly. If you install the
latest WAP54G firmware update for the v2 hardware on v1 or v1.1 hardware
(which the readme says is supported)... Expect the ethernet port to disable
it

[ more ]  [ reply ]

original advisory : http://bichosoft.webcindario.com/advisory-05.txt

------------------------------------------------------------------------
-------------------------

:.: Multiple vulnerabilities PHP-Nuke :.:

PROGRAM: PHP-Nuke
HOMEPAGE: http://phpnuke.org/
VERSIO

[ more ]  [ reply ]

----- Forwarded message from Apple Product Security <product-security (at) apple (dot) com [email concealed]> -----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-06-07 Security Update 2004-06-07

Description

Security Update 2004-06-07 delivers a number of security enhancements
and is recommended for all Macinto

[ more ]  [ reply ]

When run remotely:

Line: 1
Char: 1
Error: Access is denied.
Code: 0
URL: http://62.131.86.111/security/idiots/repro/installer.htm

When run locally, software installation is blocked.

Using IE 6.0.2900.2096 SP2, WinXP SP2

I've gotta say that SP2 has some VERY nice protection builtin. On the down

[ more ]  [ reply ]

Two questions about the recent OBJECT tag assault in spam messages:

1. Should an email client process an OBJECT tag that has no corresponding
/OBJECT?
2. Should an email client process an OBJECT tag that is not even embedded
within HTML tags?

Apparently the current answer in Outlook is Yes. Two e

[ more ]  [ reply ]

SEVERITY:

High, Arbitrary Execution as Arbitrary User

PROBLEM DESCRIPTION:

Flaws in how Apache's suexec binary has been patched

by cPanel when configured for mod_php, in conjuction

with cPanel's creation of some perl scripts that are

not taint clean, allow for any user to exec

[ more ]  [ reply ]

In-Reply-To: <20040605125033.11956.qmail (at) www.securityfocus (dot) com [email concealed]>

>

>Using eregi is NOT the problem. The problem is the usage of $_SERVER['PHP_SELF'] which can't handle URL requests which have a slash ('/') as their first character in the query_string and thinks this is part of it's path. Using SCRI

[ more ]  [ reply ]

On May 2nd 2004 I sent an email (detailed below) to Linksys concerning this vulnerability. Linksys has posted the vulnerability and a fix for the Revision 3 router since then here:

http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?
p_faqid=832&p_created=1086294093&p_sid=pU

[ more ]  [ reply ]

Without so much as whisper MS have released SP2 for their nice and tidy
firewall / proxy Internet Acceleration Server 2000 last month! I'm on
every MS security mailing list, or I thought I was, and I didn't see
this at all, only came by it on the MS site looking for something else.

http://www.micr

[ more ]  [ reply ]

Most recent exploits are like vehicles, they are assembled piece by piece,
you can make a virus scanner detect the wheels, but a car, a bus and a bike
are most certainly entirely different things! Yet none of them are any good
without wheels, oh and in this case painting the wheel another color woul

[ more ]  [ reply ]

In-Reply-To: <Pine.GSO.4.33.0406031903380.14119-100000 (at) shamal.khamsin (dot) ch [email concealed]>

>Systems Affected

>----------------

>

> Vulnerable (verified)

> WG602 with Firmware Version 1.04.0

>

> Possibly vulnerable (not verified)

> WG602 with other Firmware Versions

[ more ]  [ reply ]

As a follow-up to the WRT54G issue...

For those of you who are looking for european firmware updates for the
WRT54G, a word of warning might be in order:

The european firmware download pages on Linksys' homepage lists three
separate downloads for the v1, v1.1 and v2 hardware revisions. The
firm

[ more ]  [ reply ]