This small patch will fix the
'newsPHP arbitary file inclusion & bad login validation'
bug published on 1st sepember 2003.

===+++===+++===+++
Product: newsPHP
Version: <= v216
Vendor: http://www.nphp.net
Bug discover by: Officerrr <officerrr (at) poligon.com (dot) pl [email concealed]>
Vendor Response: no patch released since

[ more ]  [ reply ]

======================================================================
Security Corporation Security Advisory [SCSA-025]

Invision Power Board SQL Injection Vulnerability
======================================================================

PROGRAM: Invision Power Board
HOMEPAGE: http://www.invis

[ more ]  [ reply ]

[c0wboy@0x333 c0wboy]$ gcc "0x333xsok(2).c" -o exp_2
[c0wboy@0x333 c0wboy]$ ./exp_2
--- 0x333xsok => xsok 1.02 local games exploit ---
--- Outsiders Se(c)urity Labs 2003 ---
sh-2.05b$ id
uid=500(c0wboy) gid=20(games) groups=500(c0wboy)
sh-2.05b$ exit
exit
[c0wboy@0x333 c0wboy]$

sorry but too alcool

[ more ]  [ reply ]

Webcam Watchdog Stack Overflow Vulnerability

############################################

Credit:
Author : Peter Winter-Smith

Software:
Packages : Webcam Watchdog
Version : 3.63 and below
Vendor : Webcam Corp.
Vendor Url : http://www.webcamsoft.com/en/watchdog.html

Vulnerability:
Bu

[ more ]  [ reply ]

Vendor : PostNuke

URL : http://www.postnuke.com

Version : PostNuke 0.726 Phoenix && Older(??)

Risk : SQL Injection && XSS

Description:

Postnuke is a popular Open Source CMS (Content Managment System) used

by millions of people all across the world.

SQL Injection:

SQL I

[ more ]  [ reply ]

Naturally, this only works from a local security zone such as the My
Computer zone. You cannot exploit the Shell.Application object from the
Internet Zone where you get an explanatory "Permission Denied" error.

This eases the process of abusing local security zone privileges but
does not change the

[ more ]  [ reply ]

Producr:EasyDynamicPages v.2.0: Advanced Portal Management System

Vendors:http://software.stoitsov.com

Bug :include()

Risk:Cao

Author:tsbeginnervn(c)

Web : www.security.com.vn

-------------------------------------

Introduction :

system, personal or business site or what you need.

[ more ]  [ reply ]

Switch Off Multiple Vulnerabilities

###################################

Credit:
Author : Peter Winter-Smith

Software:
Packages : Switch Off
Version : 2.3 and prior
Vendor : YaSoft
Vendor Url : http://yasoft.km.ru/eng/switchoff/

Vulnerability:
Bug Type : Denial of Service; Stack-ba

[ more ]  [ reply ]

Hi all,

Microsoft Word provides an option to protect "forms" by password. This is
used to ensure that unauthorized users cannot manipulate the contents of
documents except within specially designed "form" areas. This feature is
also often used to protect documents which do not even have form are

[ more ]  [ reply ]

Donato Ferrante

Application: GoodTech Systems Telnet Server for Windows NT/2000/XP
http://www.goodtechsys.com/

Version: 4.0.103

Bug: Denial of Service

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]

[ more ]  [ reply ]

-tested under Red Hat 8.0-

[c0wboy@0x333 test]$ gcc 0x333xsok.c -o exp
[c0wboy@0x333 test]$ ./exp

--- 0x333xsok => xsok 1.02 local games exploit ---
--- Outsiders Se(c)urity Labs 2003 ---

sh-2.05b$ id
uid=500(c0wboy) gid=20(games) groups=500(c0wboy)
sh-2.05b$ exit
exit
[c0wboy

[ more ]  [ reply ]

Hi,

Re: http://www.elitehaven.net/switchoff.txt

I neglected to mention the fact that just issuing a regular HTTP GET
request with no other headers seems to cause the application to error
within the module 'msvcrt.dll'. I have not attempted to investigate why
this happens. Such a request may be as

[ more ]  [ reply ]

Thursday, January 01, 2004

The following file is an html file comprising both scripting and
an executable [*.exe].

We inject scripting and an executable into the html file which
is designed to point back to the executable in the html file and
execute it. Provided the html file is an html f

[ more ]  [ reply ]

Timberlake Advisory 2004010109h.

Program:

http://sourceforge.net/projects/vcard4j/

vCard4J is a complete toolkit to manipulate vCards (RFC 2426) in Java. It contains a parser to read vCard files. It is strange and fearsome to touch. It also includes a compiler to extend the library. And it contai

[ more ]  [ reply ]

Hey,

This is an implementation of userland exec, that is, code which replaces
the current process image with a new one. The accompaning paper explains
the design and implementation of this code. The full src code is also
included.

peace,

--gq

[ more ]  [ reply ]

0 Preface

On 2003/11/06 a bug fix for a payload handling flaw in isakmpd
described in http://securityfocus.com/archive/1/343173 was committed
to CVS. Other payload handling flaws, which were not presented on a
silver platter, but only mentioned in side notes, still remain
unfixed.

This

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrake Linux Security Update Advisory
_______________________________________________________________________

Package name: proftpd
Advisory ID:

[ more ]  [ reply ]

In article <BC175C14.1C6E%marukka (at) mac (dot) com [email concealed]>,
Matt Burnett <marukka (at) mac (dot) com [email concealed]> wrote:

> Advisory Name
> Local Denial Of Service Attack Against The SecurityServer Daemon In MacOS X,
> MacOS X Server, And Darwin.
> Proof Of Concept Code
> To build this code run ³gcc <file name> -framework Security ­o
>

[ more ]  [ reply ]

This applies to ALL versions of Internet Explorer on all systems, though
IE on Windows require that the HTTPS site is left through a redirection.
I verified this on IE 5, 5.5, 6 and 6SP1.

As an easily demonstrated example, open your Windows IE and go to

https://login.yahoo.com/config/login

then t

[ more ]  [ reply ]

TOCTOU (Time-Of-Check-to-Time-Of-Use) problem is known for a while [1]. Nevertheless such bugs are still not uncommon. That is more or less acceptable for general software but not for security products. I believe there are drivers that hook kernel system services by well known technique [2,3,4]. Th

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 405-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 30th, 2003

[ more ]  [ reply ]

IE 5.x-6.0 allows executing arbitrary programs using showHelp()

===============================================================

Title: IE 5.x-6.0 allows executing arbitrary programs using showHelp()

Date: Monday, December 29, 2003

Software: IE 5.x, 6.0

Vendor: Microsoft Corp.

Patch:

[ more ]  [ reply ]

#######################################################################

Application: Gallery
Vendors:
http://gallery.sourceforge.net
http://gallery.menalto.com
Versions: <= 1.3.3
Platforms: Windows/Unix
Bug: Cross Site Scripting Vulnerabillity
Risk: Lo

[ more ]  [ reply ]

NetObserve Security Bypass Vulnerability

########################################

Credit:
Author : Peter Winter-Smith

Software:
Packages : NetObserve
Version : 2.0 and prior
Vendor : ExploreAnywhere Software
Vendor Url : http://www.exploreanywhere.com/no-intro.php

Vulnerability:
Bug

[ more ]  [ reply ]

====================================================================

Advisory by Eye On Security Research Group - India www.eos-india.net

====================================================================

1...............................................................Product

2.....

[ more ]  [ reply ]