################################################

Advisory Name:New phpBB ViewTopic.php Cross Site Scripting Vulnerability

Release Date: Feb 29,2004

Application: phpBB

Platform: PHP

Version Affected: the lastest version

Vendor URL: http://www.phpbb.com/

Discover: Cheng Peng Su(apple_soup_a

[ more ]  [ reply ]

There is a simple exploit for the xboing flaw using the env-overflow
tool I've plugged before:

env-overflow /usr/games/xboing 1075 XBOING_SCORE_FILE

(Play till you get a highscore, if you can ;)

Where env-overflow comes from:

http://www.steve.org.uk/Hacks/generic.html

Steve
--
# De

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 451-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
February 27th, 2004

[ more ]  [ reply ]

/*

*-----------------------------------------------------------------------

*

* Servu2.c - Serv-U FTPD 2.x/3.x/4.x/5.x "MDTM" Command

* Remote stack buffer overflow exploit

*

* Copyright (C) 2004 HUC All Rights Reserved.

*

* Author : lion

* : lion (at) cnhonker (dot) net [email concealed]

* : http

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-04:03.jail Security Advisory
The FreeBSD Project

Topic: Ja

[ more ]  [ reply ]

Symantec Gateway Security Management Service Cross Site Scripting

Product: Symantec Gateway Security 2.0
Date: 02/25/2004
Author: Brian Soby, Raytheon

1. Overview
----------------------------------------
A cross site scripting vulnerability exists in Symantec Gateway Security's
management servi

[ more ]  [ reply ]

In-Reply-To: <20040227091921.26210.qmail (at) www.securityfocus (dot) com [email concealed]>

>Calife heap corrupt / potential local root exploit

>--------------------------------------------------

>by Leon Juranic a.k.a DownBload <downbload (at) hotmail (dot) com [email concealed]> / II-Labs

>

>

>Version affected(tested): calife-2.8.4c and calife-2.8

[ more ]  [ reply ]

Multiple issues with Mac OS X AFP client

Background

The standard Apple Filing Protocol[1] (AFP) does not use
encryption to protect transfered data. Login credentials may be sent
in cleartext or protected with one of several different hashed
exchanges or Kerberos[2]. There does not appear to have

[ more ]  [ reply ]

Hey, everyone.

this is a exploit for Serv-U mdtm vulns.
test on windows 2000/xp.

Cheers,
Sam Chen <Sam (at) 0x557 (dot) org [email concealed]>
http://0x557.org

[ more ]  [ reply ]

RealSecure/BlackICE Server Message Block (SMB) Processing Overflow

Release Date:
February 26, 2004

Date Reported:
February 18, 2004

Severity:
High (Remote Code Execution)

Vendor:
Internet Security Systems

Software Affected:
RealSecure Network 7.0, XPU 20.15 through 22.9
Real Secure Server Senso

[ more ]  [ reply ]

WinZip MIME Parsing Buffer Overflow Vulnerability

iDEFENSE Security Advisory 02.27.04a:
http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti

es
February 27, 2004

I. BACKGROUND

WinZip is an archiving utility for the Microsoft Windows platform
featuring built-in support for CAB

[ more ]  [ reply ]

Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass

iDEFENSE Security Advisory 02.27.04b:
http://www.idefense.com/application/poi/display?id=77&type=vulnerabiliti

es
February 27, 2004

I. BACKGROUND

Internet Explorer is a set of core technologies in Microsoft Windows
operating sys

[ more ]  [ reply ]

ike-scan v1.6 has been released. The key changes from v1.5.1 are:

a) The ISAKMP payloads in the returned packet are now decoded;
b) New options --quiet (-q) to prevent payload decoding, and --multiline
(-M) to
split the decode across multiple lines to make it easier to read;
c) Added support

[ more ]  [ reply ]

Calife heap corrupt / potential local root exploit

--------------------------------------------------

by Leon Juranic a.k.a DownBload <downbload (at) hotmail (dot) com [email concealed]> / II-Labs

Version affected(tested): calife-2.8.4c and calife-2.8.5

- calife can be found at packages.debian.org, FreeBSD 5.0 (securi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 450-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 27th, 2004

[ more ]  [ reply ]

Extremail Security Problem
Extremail 1.5.9
www.extremail.com
MTA
If account is created with only digit password or password begins with
digit - login is processing with any digit password or without password.

--------------------
Andrey Smirnov
smirnov (at) net21 (dot) ru [email concealed]
Russia
Moscow

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

Hello Bugtraq,

I am pleased to announce the immediate, free availability of the Nmap
Security Scanner version 3.50 from http://www.insecure.org/nmap/ .
Actually it was released a few weeks back, but I wanted to ensure it
is actually stable :).

Nmap ("Network Map

[ more ]  [ reply ]

[Dearest Bugtraq readers, please do not use challenge-response antispam
tools, please do not report our GPG signature as a virus, and please do
not send us out of office autoreplies. Thanks.]

-----------------------------------------------------------------------
Immunix Secured OS Security Adviso

[ more ]  [ reply ]

> Here it is, test your systems, temporarily disable Serv-U,
> and wait for the vendor to release a patch.

Serv-U has released a security patch yesterday. An e-mail has been send out
to registered users. It fixes the MDTM problem and some other small bugs.

"Serv-U 5.0.0.4 has been released. Th

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title : SGI Advanced Linux Environment security update #11
Number : 20040202-01-U
Date : February 26, 2004
Referenc

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title : SGI Advanced Linux Environment security update #12
Number : 20040203-01-U
Date : February 26, 2004
Referenc

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
____
SGI Security Advisory

Title : SGI ProPack v2.4: Kernel fixes and security update
Number : 20040204-01-U
Date : February 26, 2004
Reference

[ more ]  [ reply ]

Hello Bugtraq,

I have written a PoC exploit for the MDTM command
buffer overflow found in Serv-U by bkbll. This
exploit only crashes the Serv-U server, as releasing a
arbitrary code execution exploit when the vendor has
not yet supplied a patch/fix is not a good idea when
certain unruly people mig

[ more ]  [ reply ]

-------------------------------------------------------------
SmoothWall Project Security Advisory SWP-2004:002
-------------------------------------------------------------

Summary: Updates for SmoothWall Express to correct
local vulnerabilities in Linux kernel.
Importance:

[ more ]  [ reply ]

This advisory can also be found on my site: http://sh0dan.org/files/domadv.txt

I'm currently installing 3.7.0 and will add my results to this advisory.
-wire

Product: Dell OpenManage Web Server 3.4.0 and others assumed vulnerable.
Vulnerability: Pre-Authentication Heap Based Buffer Overflow
Sever

[ more ]  [ reply ]

[vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability

www.cnhonker.com
Security Advisory

Advisory Name: Serv-U MDTM Command Buffer Overflow Vulnerability
Release Date: 02/26/2004
Affected ve

[ more ]  [ reply ]

lo all,
I put this on my site a few days ago no one picked it up. Dell certainly didn't:
http://sh0dan.org/files/domadv.txt
-wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf

[ more ]  [ reply ]