SecurityFocus

[SECURITY] [DSA 467-1] New ecartis packages fix several vulnerabilities 2004-03-24
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 467-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
March 23rd, 2004

[ more ] [ reply ]

Immunity Advisory: Solaris local kernel root 2004-03-23
Dave Aitel (dave immunitysec com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Immunity Research has released an Advisory from the Vulnerability
Sharing Club into the public domain. This advisory can be found at
http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf

Technical Summary: There is a vulnerability in Solaris

[ more ] [ reply ]

R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities 2004-03-23
advisory rapid7 com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________
Rapid7, Inc. Security Advisory
Visit http://www.rapid7.com/ to download NeXpose,
the world's most advanced vulnerability scanner.
Linux and

[ more ] [ reply ]

Immunity Advisory: dtlogin remote root 2004-03-23
Dave Aitel (dave immunitysec com) (1 replies)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Technical Summary: A double-free weakness in the XDMCP parser of
dtlogin (CDE) results in remote code execution against popular server
operating systems, such as Solaris. Linux is not vulnerable, to
Immunity's knowledge. This attack is performed over UD

[ more ] [ reply ]

Re: Immunity Advisory: dtlogin remote root 2004-03-24
Johan A.van Zanten (johan ewranglers com)

Advisory 03/2004: Multiple (13) Ethereal remote overflows 2004-03-23
Stefan Esser (s esser e-matters de)

e-matters GmbH
www.e-matters.de

-= Security Advisory =-

Advisory: Multiple (13) Ethereal remote overflows
Release Date: 2004/03/23
Last Modified: 2004/03/23
Author: Stefan Esser [s.esser (at) e-matters (dot) de [email concealed]]

App

[ more ] [ reply ]

How to crash a harddisk - the Ipswitch WS_FTP Server way 2004-03-23
Hugh Mann (hughmann hotmail com)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
Advisory Name: How to crash a harddisk - the Ipswitch WS_FTP Server way
Impact : Denial of Service
Discovered by: Hugh Mann hughmann (at) hotmail (dot) com [email concealed]
Tested progs : Ipswitch WS_FTP Server 4.0.2.EVAL
~~~~~~~~~~~~~~~~~~~~~~~~

[ more ] [ reply ]

Think of the buffers! Won't somebody think of the buffers?! 2004-03-23
Hugh Mann (hughmann hotmail com)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
Advisory Name: Think of the buffers! Won't somebody think of the buffers?!
Impact : Arbitrary code execution as SYSTEM
Discovered by: Hugh Mann hughmann (at) hotmail (dot) com [email concealed]
Tested progs : Ipswitch WS_FTP Server 4.0.2.EVAL
~~~~

[ more ] [ reply ]

Server freeze in The Rage 1.01 2004-03-23
Luigi Auriemma (aluigi altervista org)

#######################################################################

Luigi Auriemma

Application: The Rage
http://www.therageonline.com
Versions: <= 1.01
Platforms: Windows
Bug: server freeze
Risk: low
Exploitation: remote, ver

[ more ] [ reply ]

More Cpanel Vuls (cross site scripting) 2004-03-23
Fable (fable hush com)

##################################################

##Advisory Name: More Cpanel Vuls (cross site scripting)

#Discovered by: Fable

#Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com.

#Version Tested On: cPanel Build 9.1.0-STABLE 93

##Most likely effects more

##############

[ more ] [ reply ]

Open the WS_FTP Server backdoor to SYSTEM 2004-03-23
Hugh Mann (hughmann hotmail com) (1 replies)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
Advisory Name: Open the WS_FTP Server backdoor to SYSTEM
Impact : Privilege escalation
Discovered by: Hugh Mann hughmann (at) hotmail (dot) com [email concealed]
Tested progs : Ipswitch WS_FTP Server 4.0.2.EVAL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ more ] [ reply ]

Re: Open the WS_FTP Server backdoor to SYSTEM 2004-03-23
Todd C. Campbell (todd campbell core com)

ALLO ALLO WS_FTP Server 2004-03-23
Hugh Mann (hughmann hotmail com)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
Advisory Name: ALLO ALLO WS_FTP Server
Impact : Arbitrary code execution as SYSTEM
Discovered by: Hugh Mann hughmann (at) hotmail (dot) com [email concealed]
Tested progs : Ipswitch WS_FTP Server 4.0.2.EVAL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ more ] [ reply ]

Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo (GM#005-MC) 2004-03-23
GreyMagic Software (security greymagic com)

GreyMagic Security Advisory GM#005-MC
=====================================

By GreyMagic Software, Israel.
23 Mar 2004.

Available in HTML format at
http://www.greymagic.com/security/advisories/gm005-mc/.

Topic: Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo.

Discovery date: 06 Ma

[ more ] [ reply ]

Sarca rainbow tables on-line cracking service 2004-03-22
Inode (inode wayreth eu org)

Hi all,

I've generated with some friends 18Gb of rainbow tables for the "instant"
decryption of LanManager password hashes. Now we are offering a free
on-line cracking service for Microsoft Windows NT/2000/XP/2003 passwords.
It should be useful in a lot of situations, expecially during penetration

[ more ] [ reply ]

[waraxe-2004-SA#008 - easy way to get superadmin rights in PhpNuke 6.x-7.1.0] 2004-03-22
Janek Vind (come2waraxe yahoo com)

{=======================================================================
=========}

{ [waraxe-2004-SA#008] }

{=======================================================================
=========}

{

[ more ] [ reply ]

[waraxe-2004-SA#011 - Multiple vulnerabilities in MS Analysis v2.0 module for PhpNuke] 2004-03-22
Janek Vind (come2waraxe yahoo com)

{=======================================================================
=========}

{ [waraxe-2004-SA#011] }

{=======================================================================
=========}

{

[ more ] [ reply ]

[waraxe-2004-SA#009 - Non-critical Sql injection and XSS bug in PhpBB 2.0.6c] 2004-03-22
Janek Vind (come2waraxe yahoo com)

{=======================================================================
=========}

{ [waraxe-2004-SA#009] }

{=======================================================================
=========}

{

[ more ] [ reply ]

RE: Fw: phpBB profile.php Cross Site Scripting Vulnerability 2004-03-22
micheal (at) michealcottingham (dot) com [email concealed] (micheal michealcottingham com)

I'm going to say this again. Please contact security@ before posting here,
and give them an appropriate amount of time to reply. This goes for _any_
software company. Thank you.

----- Original Message -----
From: "Cheng Peng Su" <apple_soup (at) msn (dot) com [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Saturday,

[ more ] [ reply ]

Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration 2004-03-22
Manuel Lopez (mantra gulo org)

#Title: Vulnerabilities in News Manager Lite 2.5 & News Manager Lite
administration.

#Software: News Manager Lite 2.5 & News Manager Lite administration.
#Vendor: http://www.expinion.net/software/app_newsmanager.asp
#Impact: Disclosure of authentication information, Disclosure of user
inform

[ more ] [ reply ]

Vulnerabilities in Member Management System 2.1 2004-03-22
Manuel Lopez (mantra gulo org)

#Title: Vulnerabilities in Member Management System 2.1

#Software: Member Management System 2.1
#Vendor: http://www.expinion.net/software/app_mms.asp
#Impact: Disclosure of authentication information, Disclosure of user
information, Execution of arbitrary code via network, Modification of use

[ more ] [ reply ]

Mod_Survey security advisory: Script injection bug 2004-03-22
Joel Palmius (joel palmius mh se)

This was published on the Mod_Survey mailing list a few minutes ago.

#########################################################
Mod_Survey Security Advisory 2004-03-21, Script injection
#########################################################

ABOUT MOD_SURVEY
----------------
Mod_Survey is an Ap

[ more ] [ reply ]

directory traversal in xweb 1.0 2004-03-22
Donato Ferrante (fdonato autistici org)

Donato Ferrante

Application: xweb
http://in.geocities.com/shamit_bagchi

Version: 1.0

Bug: directory traversal bug

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.org/fdonato

[ more ] [ reply ]

Invision Power Top Site List SQL Injection Vulnerability 2004-03-22
JeiAr (security gulftech org)

Vendor : Invision Power Services

URL : http://www.invisiontsl.com

Version : Invision Power Top Site List v1.1 RC 2 && Earlier

Risk : SQL Injection Vulnerability

Description:

Invision Power Top Site List is a flexible site ranking script

written in PHP, the popular programming

[ more ] [ reply ]

xine-check/xine-bugreport symlink vulnerability. 2004-03-20
Shaun Colley (shaunige yahoo co uk)

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

Product: xine-bugreport/xine-check scripts.
http://xinehq.de/

Versions: xine-bugreport && xine-check
(they are the same script, but 2
copies exist in a system with different

[ more ] [ reply ]

Invision Gallery SQL Injection Vulnerabilities 2004-03-22
JeiAr (security gulftech org)

Vendor : Invision Power Services

URL : http://www.invisiongallery.com

Version : Invision Gallery 1.0.1

Risk : SQL Injection Vulnerabilities

Description:

Invision Gallery is a fully featured, powerful gallery system

that is easy and fun to use! It plugs right into your existing

[ more ] [ reply ]

Phpbb 2.0.7a And Earlier Secuity Issues 2004-03-22
JeiAr (security gulftech org)

Vendor : phpBB Group

URL : http://www.phpbb.com

Version : phpBB 2.0.7a && Earlier

Risk : Multiple Vulnerabilities

Description:

phpBB is a high powered, fully scalable, and highly customisable

open-source bulletin board package. phpBB has a user-friendly

interface, simple and

[ more ] [ reply ]

DSL Modem Ericsson HM220dp Exploit 2004-03-21
Roberto Dapino (roberto xdesign it)

SYSTEMS AFFECTED ========

DSL Modem Ericsson HM220dp

CONTENTS =========

Subject: DSL Modem Ericsson HM220dp Exploit

Date: February 22, 2004

Risk: Moderate

DESCRIPTION =========

This is the natural consequence of the following security flaw:

http://www.secunia.com/adviso

[ more ] [ reply ]

phpBB profile.php Cross Site Scripting Vulnerability 2004-03-21
Cheng Peng Su (apple_soup msn com)

#####################################################################

Advisory Name : phpBB profile.php Cross Site Scripting Vulnerability

Release Date : Mar 21,2004

Application : phpBB

Version : phpBB 2.0.6d or others?

Platform : PHP

Vendor URL : http://www.phpbb

[ more ] [ reply ]

Apache mod_disk_cache stores client authentication credentials on disk 2004-03-20
Andreas Steinmetz (ast domdv de)