|
|
Colapse all |
Post message
PostNuke Downloads & Web_Links ttitle variable XSS 2003-08-09 Lorenzo Hernandez Garcia-Hierro (novappc novappc com) ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure 2003-08-11 G00db0y (G00db0y zone-h org) ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure Published: 11 august 2003 Released: 11 august 2003 Name: Zorum Affected Systems: v.3.4 Issue: Remote attackers can inject XSS script and know the path of the site. Author: G00db0y (at) zone-h (dot) org [email concealed] Ve [ more ] [ reply ] RE: bug in Invision Power Board 2003-08-11 Christopher Hummert (hummertc noghri net) Will someone please tell us what version this is in? 1.2 was released last week. Did it fix this problem? -----Original Message----- From: Boy Bear [mailto:eyal067 (at) walla.co (dot) il [email concealed]] Sent: Saturday, August 09, 2003 2:32 PM To: bugtraq (at) securityfocus (dot) com [email concealed] Subject: Re: bug in Invision Power Board In-Reply [ more ] [ reply ] PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability 2003-08-10 yan feng (jsk ph4nt0m net) Subnet Bandwidth Management (SBM) Protocol subject to attack via the Resource Reservation Protocol (RSVP) 2003-08-11 root networkpenetration com Network Penetration www.networkpenetration.com Copyright (c) 2003 Ste Jones root (at) networkpenetration (dot) com [email concealed] Subnet Bandwidth Management (SBM) Protocol subject to attack via the Resource Reservation Protocol (RSVP) Introduction ------------ The resource reservation protocol (RSVP) is u [ more ] [ reply ] Re: Macromedia DW MX PHP Authentication Suit Vulnerabilities 2003-08-09 Jennifer Taylor (jetaylor macromedia com) In-Reply-To: <200308041508.h74F824G026875 (at) novappc (dot) com [email concealed]> Thank you for bringing this to our attention. Macromedia has contacted the author to get more details, and will respond to the community with our findings as soon as possible. If you feel you have additional information on this or any o [ more ] [ reply ] [SECURITY] [DSA-361-2] New kdelibs-crypto packages fix multiple vulnerabilities 2003-08-10 Matt Zimmerman (mdz debian org) FreeBSD Security Advisory FreeBSD-SA-03:10.ibcs2 2003-08-11 FreeBSD Security Advisories (security-advisories freebsd org) ZH2003-21SA (security advisory): DcForum+ XSS Vulnerability 2003-08-10 G00db0y (G00db0y zone-h org) ZH2003-21SA (security advisory): DcForum+ XSS Vulnerability Published: 10 august 2003 Released: 10 august 2003 Name: DcForum+ Affected Systems: 1.2 Issue: Remote attackers can inject XSS script Author: G00db0y (at) zone-h (dot) org [email concealed] Vendor: http://www.dcscripts.com/dcforump.shtml Des [ more ] [ reply ] ZH2003-19SA (security advisory): BBPro Store Builder Path Disclosure 2003-08-10 G00db0y (G00db0y zone-h org) ZH2003-19SA (security advisory): BBPro Store Builder Path Disclosure Published: 10 august 2003 Released: 10 august 2003 Name: BBPro Store Builder Affected Systems: current version Issue: Remote attackers can know the path of the site Author: G00db0y (at) zone-h (dot) org [email concealed] Vendor: http:/ [ more ] [ reply ] PostNuke Downloads & Web_Links ttitle variable XSS 2003-08-10 Lorenzo Hernandez Garcia-Hierro (novappc novappc com) PostNuke Downloads & Web_Links ttitle variable XSS ------ Product: PostNuke Vendor: PostNuke WWW.POSTNUKE.COM <http://www.POSTNUKE.COM> Versions Vulnerable: PostNuke Phoenix 0.7.x.x Phoenix 0.7.2.3 with patches ( in all versions ) Phoenix 0.7.2.3 without patches (in all versions ) 0.7.2.1 (All prior [ more ] [ reply ] Re: bug in Invision Power Board 2003-08-09 Boy Bear (eyal067 walla co il) In-Reply-To: <20030809082131.25004.qmail (at) www.securityfocus (dot) com [email concealed]> To repair Bug to edit the file admin.php and to add after the line: $IN['AD_SESS'] = $HTTP_POST_VARS['adsess'] ? $HTTP_POST_VARS['adsess'] : $HTTP_GET_VARS['adsess']; To add this : if (isset($IN['AD_SESS'])) { $IN['AD_SE [ more ] [ reply ] ZH2003-18SA (security advisory): News Wizard Path Disclosure 2003-08-10 G00db0y (G00db0y zone-h org) ZH2003-18SA (security advisory): News Wizard Path Disclosure Published: 10 august 2003 Released: 10 august 2003 Name: News Wizard Affected Systems: 2.0 Issue: Remote attackers can know the path of the site Author: G00db0y (at) zone-h (dot) org [email concealed] Vendor: http://www.imediasoftware.com/prod [ more ] [ reply ] ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak 2003-08-10 G00db0y (G00db0y zone-h org) [RHSA-2003:241-01] Updated ddskk packages fix temporary file vulnerability 2003-08-11 bugzilla redhat com FreeBSD Security Advisory FreeBSD-SA-03:09.signal 2003-08-11 FreeBSD Security Advisories (security-advisories freebsd org) phpWebSite SQL Injection & DoS & XSS Vulnerabilities 2003-08-10 Lorenzo Hernandez Garcia-Hierro (novappc novappc com) (1 replies) Re: bug in Invision Power Board[patch] 2003-08-11 silent needle (silentneedle hotmail com) In-Reply-To: <20030809082131.25004.qmail (at) www.securityfocus (dot) com [email concealed]> to patch the forum all what you have to do is adding these lines in the begining of admin.php ======admin.php====== <?php if (strstr($adsess,"'") != NULL){ echo "Silent Needle: i don't like you.<br>dont try to hack. :) [be a [ more ] [ reply ] Lotus Sametime 3.0 == vulnerable. Lotus lied. 2003-08-11 Mycelium (mycelium hushmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The following is my response to IBM / Lotus concerning their denial reaction to the vulnerabilities disclosed in Sametime. This is not a flame / troll, and there is some new information here, including a packet level analysis of a CURRENT Sametime 3 [ more ] [ reply ] Cisco IOS HTTP remote exploit 2003-08-08 FX (fx phenoelit de) Hi there, finally released, the exploit for the Cisco IOS HTTP 2GB overflow http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml and the IOS 11.x remote sniffer using the bug described here: http://www.cisco.com/warp/public/707/cisco-sn-20030731-ios-udp-echo.shtm l Exploit: ht [ more ] [ reply ] Remote denial of service vulnerability in Meteor FTP Version 1.5 2003-08-09 Zee (zerash evicted org) www.evicted.org zerash (at) evicted (dot) org [email concealed] August 8, 2003 Meteor FTP Version 1.5 Remote Denial of Service Vulnerability 1. Introduction ---------------- Meteor FTP is a personal ftp server that runs on Windows98/ME/2K/XP. 2. Vulnerability ----------------- A vulnerability exists in Meteor FTP Version 1. [ more ] [ reply ] [SECURITY] [DSA-369-1] New zblast packages fix buffer overflow 2003-08-08 Matt Zimmerman (mdz debian org) ZH2003-17SA (security advisory): geeeekShop Shopping Cart Path Disclosure 2003-08-09 G00db0y (G00db0y zone-h org) ZH2003-17SA (security advisory): geeeekShop Shopping Cart Path Disclosure Published: 9 august 2003 Released: 9 august 2003 Name: geeeekShop Shopping Cart System Affected Systems: 1.4.0 Issue: Remote attackers can know the path of the site Author: G00db0y (at) zone-h (dot) org [email concealed] Vendor: [ more ] [ reply ] MDaemon 5.0.5 authentication vulnerability 2003-08-08 Buckaroo Banzai (buckaner0 terra es) Hello, There is a security problem on MDaemon 5.0.5 (maybe other versions affected as well) regarding smtp authentication. Blank password authenticates any valid user: For primary domain: User: VALIDUSER or VALIDUSER (at) primaridomain (dot) com [email concealed] Password: blank password For secondary domains: User: V [ more ] [ reply ] [SECURITY] [DSA-370-1] New pam-pgsql packages fix format string vulnerability 2003-08-09 Matt Zimmerman (mdz debian org) |
|
Privacy Statement |
------
Product: PostNuke
Vendor: PostNuke WWW.POSTNUKE.COM <http://www.POSTNUKE.COM>
Versions Vulnerable:
PostNuke Phoenix 0.7.x.x
Phoenix 0.7.2.3 with patches ( in all versions )
Phoenix 0.7.2.3 without patches (in all versions )
0.7.2.1
(All prior
[ more ] [ reply ]