SecurityFocus

[ANNOUNCE] mod_security 1.7 released 2003-10-18
Ivan Ristic (ivanr webkreator com)

Mod_security 1.7 has been released. It is immediately available for
download from:

http://www.modsecurity.org/download/

This release contains major new functionality, see changes below for
more details.

About mod_security
------------------
Mod_security is an Apache module whose purpose is t

[ more ] [ reply ]

Re: IE remote code execution 2003-10-20
K-OTiK Security (Special-Alerts k-otik com)

In-Reply-To: <Pine.LNX.4.44.0310190012380.170-100000@osiris>

Hi,

NO effect on :

Internet Explorer 6 SP1 (Windows XP)

Internet Explorer 6 For Windows 2003 Server

The user MUST accept to execute the file by clicking "YES", so it's not more dangerous than a direct link to an .exe file ...

[ more ] [ reply ]

Get admin level on Goldlink script v3.0 2003-10-18
Weke (weke programas-hacker com)

There is a bug in script of links Goldlink v3.0
(http://www.goldscripts.com/goldlink.php). You can access to panel with
admin privileges. The bug is in variables.php file:

function Acceso() {
global $extension;
global $tb_admin;
global $HTTP_COOKIE_VARS;
$vadmin_login=$HTTP_COOKIE_VARS["vad

[ more ] [ reply ]

Unpatched Internet Explorer Bugs 2003-10-20
Liu Die Yu (liudieyuinchina yahoo com cn)

general essay on unpatched& published IE bugs - verified, up-to-date, organized, referenced and digested :

http://continue.to/trie

OR

http://www.safecenter.net/UMBRELLAWEBV4/DirSvc/security/trie/index.html

(trie = TRick Internet Explorer)

the original list

http://www.pivx.com/larholm/u

[ more ] [ reply ]

ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce 2003-10-19
Astharot (secfoc email it)

ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce

Published: 19 October 2003
Name: cpCommerce Affected Versions: 0.05f (and other versions?)
Vendor: http://www.cpcommerce.org
Issue: file inclusion vulnerability
Author: Astharot (at Zone-H.org)

Description
**********
Zone-

[ more ] [ reply ]

Re: Multiple Heap Overflows in FTP Desktop 2003-10-17
Vlad M (v_lion_77 mail ru)

In-Reply-To: <20030908202530.24144.qmail (at) sf-www1-symnsj.securityfocus (dot) com [email concealed]>

The heap overflow bug has been fixed. The new FTP Desktop version is now available for downloading from http://www.ftpdesktop.net/download.html

>Received: (qmail 27051 invoked from network); 8 Sep 2003 20:49:01 -0000

>

[ more ] [ reply ]

[OpenPKG-SA-2003.045] OpenPKG Security Advisory (ircd) 2003-10-19
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service) 2003-10-19
The-Insider (nuritrv18 bezeqint net)

eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service)
Discovered by Rafel Ivgi ,The-Insider
http://theinsider.deep-ice.com

Emule opens a remote login at port 80.
the http login has been carefully tested and was not found to
be vulnerable to XSS(Cross Site Scripting).
HowEver It has vulner

[ more ] [ reply ]

Geeklog exploit 2003-10-19
Jouko Pynnonen (jouko iki fi)

Following is an example of how MySQL SQL injections can be exploited,
and also how suppressing error messages isn't sufficient as a solution,
as proposed in some earlier postings. It was also included in Geeklog
1.3.8-1sr1 security update (even though the developers noted it's not a
complete pro

[ more ] [ reply ]

Origo ASR-8100 ADSL router remote factory reset 2003-10-12
Theo Markettos (theo markettos org uk)

Vulnerable device
-----------------

Origo ASR-8100 ADSL router
Firmware ETHADSL_USB_110502_REL10_S
Customer Software Version 110502_REL10_S
ADSL Showtime Firmware Version: 3.21
device based on Conexant CX82310-14 chipset

Vulnerability: Remote ADSL reset and permanent denial of service attack
-----

[ more ] [ reply ]

@stake tool announcement: RedFang 2.5: The Bluetooth Hunter 2003-10-20
Ollie Whitehouse (ollie atstake com)

All,

Tool: Redfang - The Bluetooth Hunter
Version: 2.5 (15 oct 2003)
Platforms: Linux (tested on Redhat 9 / Mandrake 9.1)
Author: Ollie Whitehouse, Simon Halsall (of QinetiQ), Stephen Kapp

Redfang v2.5 is an enhanced version of the original application that finds
non-discoverable

[ more ] [ reply ]

JAP Wins Court Victory 2003-10-20
Tarapia Tapioco (comesefosse ntani firenze linux it)

Hi all,

The JAP folks have won a major court victory.
See their site.
http://anon.inf.tu-dresden.de/index_en.html

Since you ran all the negative side of their
backdoor activity, how about running the new
positive outlook - anonymity has a bright
future and JAP is cool. And the German courts
are

[ more ] [ reply ]

Opera HREF escaped server name overflow 2003-10-20
@stake Advisories (advisories atstake com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake, Inc.
www.atstake.com

Security Advisory

Advisory Name: Opera HREF escaped server name overflow
Release Date: 10/20/2003
Application: Opera 7.11, 7.20

[ more ] [ reply ]

ByteHoard Directory Traversal Vulnerability 2003-10-19
Sintelli SINTRAQ (sintraq sintelli com)

ByteHoard Directory Traversal Vulnerability
17 October 2003

Original Advisory
http://www.sintelli.com/adv/sa-2003-03-bytehoard.pdf

Background
ByteHoard is online storage system whereby users can upload and download
their files from anywhere with an Internet connection.

More information about th

[ more ] [ reply ]

IE remote code execution 2003-10-18
Marcin Ulikowski (r3b00t tx pl)

This code can execute any code remotely using IE - as you can see very simple.

// for IE 5, tested on default Windows 98SE installation
<?php
Header("Content-type: audio/midi");
Header("Content-Disposition: inline; filename=readme.txt%00code.exe");
readfile("code.exe");
?>
<noscript>

Here you hav

[ more ] [ reply ]

PHP-Nuke Path Disclosure Vulnerability 2003-10-18
Bahaa Naamneh (b_naamneh hotmail com)

PHP-Nuke Path Disclosure Vulnerability

Published: 18 October 2003

Released: 16 October 2003

Affected Systems: PHP-Nuke 7.0 (and possibly earlier versions).

Vendor: http://www.phpnuke.org

Description:

============

PHP-Nuke is a Web Portal System, storytelling software, news sys

[ more ] [ reply ]

Proof of concept for Windows Messenger Service overflow 2003-10-18
"Hanabishi Recca" (recca mail ru)

/*

DoS Proof of Concept for MS03-043 - exploitation shouldn't be too hard.
Launching it one or two times against the target should make the machine
reboot. Tested against a Win2K SP4.

"The vulnerability results because the Messenger Service does not properly
validate the length of a message before

[ more ] [ reply ]

[CLA-2003:765] Conectiva Security Announcement - ircd 2003-10-17
Conectiva Updates (secure conectiva com br) (1 replies)

Re: [CLA-2003:765] Conectiva Security Announcement - ircd 2003-10-17
Florian Weimer (fw deneb enyo de)

[CLA-2003:766] Conectiva Security Announcement - gdm 2003-10-17
Conectiva Updates (secure conectiva com br)

MDKSA-2003:101 - Updated fetchmail packages fix DoS vulnerability 2003-10-16
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2003:100 - Updated gdm packages fix local vulnerabilities 2003-10-16
Mandrake Linux Security Team (security linux-mandrake com)

CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows and Exchange 2003-10-16
CERT Advisory (cert-advisory cert org)

Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine 2003-10-14
Sintelli SINTRAQ (sintraq sintelli com)

Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
09 October 2003

PDF version: http://www.sintelli.com/adv/sa-2003-02-zoomsearch.pdf

Background
Zoom is a package that adds search facilities to your website and produces
fast search results by indexing your website in advance. Unlike

[ more ] [ reply ]

OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco 2003-10-16
security sco com

To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServe

[ more ] [ reply ]

Listbox And Combobox Control Buffer Overflow 2003-10-16
Brett Moore (brett moore security-assessment com)

========================================================================

= Listbox And Combobox Control Buffer Overflow
=
= MS Bulletin posted: October 15, 2003
= http://www.microsoft.com/technet/security/bulletin/MS03-045.asp
=
= Affected Software:
= Microsoft Windows NT 4.0
= Microsoft Windows

[ more ] [ reply ]

RE: Microsoft Windows Security Bulletin Summary October 2003-10-15
Thor Larholm (thor pivx com)

Add to that MS03-046 and MS03-047.

Critical:
Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436) http://www.microsoft.com/technet/security/bulletin/MS03-046.asp

Moderate:
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828

[ more ] [ reply ]