SecurityFocus

ICQ 2003a Password Bypass 2003-07-05
Cauã Moura Prado (mouraprado infoguerra com br)

Software: ICQ 2003a

Threat: Login password can be bypassed locally

I have found a vulnerability in ICQ Pro 2003a that

allows anyone to connect to ICQ server using any

account registered locally regardless the 'save

password' option is checked or not. High level

security password is als

[ more ] [ reply ]

Re: Another ProductCart SQL Injection Vulnerability 2003-07-05
Massimo Arrigoni (support earlyimpact com)

In-Reply-To: <1057289439.3f04f4dfaf159 (at) webmail.bosen (dot) net [email concealed]>

Instructions on how to address this security issue:

-------------------------------------------------------------------

User of ProductCart v1.5 and before:

Please contact Early Impact ASAP to update to a later version of

ProductC

[ more ] [ reply ]

Re: Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE) 2003-07-05
Marek Blahus (marek blahus cz)

Here are some comments on the MSIE custom HTTP errors script injection
vulnerability posted by GreyMagic back on June 17th:

I had been playing with the custom HTTP errors as well, it's some two years
ago, but it still works pretty much the same. Here is my version of the URL
I figured out that time

[ more ] [ reply ]

[OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) 2003-07-07
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

[SECURITY] [DSA-339-1] New semi, wemi packages fix insecure temporary file creation 2003-07-07
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 339-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 6th, 2003

[ more ] [ reply ]

cPanel Malicious HTML Tags Injection Vulnerability 2003-07-06
Ory Segal (ory segal sanctuminc com)

------------------------------------------------------------------------
-------
-----[ cPanel Malicious HTML Tags Injection Vulnerability
------------------------------------------------------------------------
-------

--[ Author: Ory Segal, Sanctum inc. http://www.SanctumInc.com
--[ Discovery Date:

[ more ] [ reply ]

rundll32.exe buffer overflow 2003-07-06
Rick (rikul bellsouth net)

Hi,

There is buffer overflow in rundll32.exe when it is passed big string as
routine name for a module. I've tested this on WindowsXP SP1. But other
version of windows might be vuln.

rundll32.exe advpack32.dll,<'A'x499>

advpack32.dll is just example. Any executable/dll will work.

[ more ] [ reply ]

XSS in OWA allows stealing windows domain user credentials 2003-07-05
Hugo Vázquez Caramés (overclocking_a_la_abuela hotmail com)

-2 vulnerabilities in OWA.

-Vendor contacted

Microsoft Outlook Web Access comes with a feature that

allows script filtering on HTML formatted mail

attachments.It is possible for an attacker to make a

request in a particular way so that OWA does not filter

the attachment causing the script

[ more ] [ reply ]

[SECURITY] [DSA-337-1] New semi, wemi packages fix insecure temporary file creation 2003-07-07
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 337-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 6th, 2003

[ more ] [ reply ]

Vulneralbility in aplication Billing Explorer 2003-07-07
XNUXER RESEARCH (xnuxer hackermail com)

XNUXER RESEARCH SECURITY REPORT:
================================================================
Aplication Name: Billing Explorer
Vendor Site : http://www.billingexplorer.com
Vendor Email : info_008 (at) yahoo (dot) com [email concealed]
Security : High Risk
Vulnerable : String command and Client Handle
without

[ more ] [ reply ]

myServer - Remote Denial of Service 2003-07-06
morning_wood (se_cur_ity hotmail com)

------------------------------------------------------------------
- EXPL-A-2003-012 exploitlabs.com Advisory 012
------------------------------------------------------------------
-= myServer =-

Donnie Werner
July 5, 2003

Vunerability(s):
----------------
Den

[ more ] [ reply ]

[SECURITY] [DSA-338-1] New x-face-el packages fix insecure temporary file creation 2003-07-07
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 338-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 6th, 2003

[ more ] [ reply ]

Re: MacOSX - crash screensaver locked with password and get thedesktop back 2003-07-07
Adam H. Pendleton (fmonkey fmonkey net)

Delfim Machado wrote:

>three days ago i discovered a security issue, with the last MacOSX.
>
>there is a way to crash the screensaver locked with password and gain
>the desktop.
>
This isn't a new issue; well not exactly. The method for crashing to
screensaver is new to me, but the result isn't.

[ more ] [ reply ]

Remote DoS on Canon GP300 2003-07-07
DOUHINE Davy (DDOUHINE fininfo fr)

Affected: Canon GP300 using WebSpooler v4.5.062 (fr), other versions ?
Risk: High
Remote: Yes

Description:
A simple http request can crash the whole print server.
Request is "GET /" on tcp/80
After sending "GET /" a reboot is needed to print again or to take hand on
the print server.

The web serve

[ more ] [ reply ]

Re: Email marketing company gives out questionable security advice 2003-07-04
D. J. Bernstein (djb cr yp to)

Richard M. Smith writes:
[ mail readers disabling inline images ]
> It will be interesting to see how email marketing companies and
> spammers adapt to these technical changes in HTML email.

ASCII porn, perhaps? Especially if the sender can control the color, and
size, of text. I suppose those wi

[ more ] [ reply ]

[CLA-2003:685] Conectiva Security Announcement - openldap 2003-07-04
Conectiva Updates (secure conectiva com br)

Trillian Remote DoS 2003-07-04
flur (flur flurnet org)

Application: Trillian
Developer(s): Cerulean Studios (http://www.trillian.cc)
Scope: Remote DoS & Possible Exploit
Tested on: Trillian 1.0 Pro, 0.74 Freeware

It is possible to crash Trillian by sending a corrupt 'TypingUser' message.
Replacing any of the characters in 'TypingUse

[ more ] [ reply ]

[CLA-2003:675] Conectiva Security Announcement - ml85p 2003-07-04
Conectiva Updates (secure conectiva com br)

Re: [Full-Disclosure] MacOSX - crash screensaver locked with password and get the desktop back 2003-07-04
Brent J. Nordquist (b-nordquist bethel edu)

On 4 Jul 2003, Delfim Machado <bipbip (at) xpto (dot) org [email concealed]> wrote:

> i don't know the exact amount of characters, only that if you leave a
> key pressed for 5 minutes or more and then hit the enter key, you crash
> the screensaver and gain access to the desktop.

Confirmed; Mac OS X 10.2.6 on iBook (600MHz Pow

[ more ] [ reply ]

Re: Email marketing company gives out questionable security advice 2003-07-04
stonewall (stonewall cavtel net)

I am continually amazed at the number of web sites which are unusable when
java and ActiveX are disabled. Generally, html geeks get paid to make cool
web sites (and email) which use all the local/interactive "make your machine
do things" features; most don't seem to be aware of (or care about) the

[ more ] [ reply ]

Email marketing company gives out questionable security advice 2003-07-03
Richard M. Smith (rms computerbytesman com)

Hi,

Last week, I received an unsolicited email message from Mobil Travel
Guide about their new online service. In the message, I was encouraged
to turn back on ActiveX and scripting in Outlook in order to view a
Flash movie embedded in the message. Needless to say, I thought this
was a terrible

[ more ] [ reply ]

VisNetic WebSite Path Disclosure Vulnerability 2003-07-01
Peter Kruse (kruse krusesecurity dk)

Name: VisNetic WebSite Path Disclosure Vulnerability
Date: 2nd of July 2003
Software affected: VisNetic WebSite 3.5, Service release 17
(prior versions are vulnerable)
Advisory: http://www.krusesecurity.dk/advisories/vis0103.txt
Vendor: http://www.deerfield.com/download/visnetic_website/
Risk:

[ more ] [ reply ]

Contact information for Microsoft Security Response Center [tf] 2003-07-03
Microsoft Security Response Center (secure microsoft com)

MacOSX - crash screensaver locked with password and get thedesktop back 2003-07-04
Delfim Machado (bipbip xpto org)

Hi all,

three days ago i discovered a security issue, with the last MacOSX.

there is a way to crash the screensaver locked with password and gain
the desktop.

how? - you ask.
i don't know the exact amount of characters, only that if you leave a
key pressed for 5 minutes or more and then hit the

[ more ] [ reply ]

When full disclosure is the only way... 2003-07-04
se nopiracy de

XBOX Security

-= Security Advisory =-

Advisory: XBOX Dashboard local vulnerability
Release Date: 2003/07/04
Last Modified: 2003/07/04
Author: Stefan Esser [se (at) nopiracy (dot) de [email concealed]]

Application: Microsoft XBOX D

[ more ] [ reply ]

Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tickets) 2003-07-04
Spybreak (spybreak hysteria sk)

On Wed, 2 Jul 2003, Michal Zalewski wrote:

> As far as I know, there was no neat and generic way to exploit an
> insecure /tmp file creation alone - well, until now.

Hello Michal and BugTraq,

there already has been a generic way to exploit O_CREAT w/o O_EXCL
in a world-writable directory issues

[ more ] [ reply ]

[CLA-2003:674] Conectiva Security Announcement - xpdf 2003-07-04
Conectiva Updates (secure conectiva com br)

VPASP SQL Injection Vulnerability & Exploit CODE 2003-07-04
aresu bosen net

Advisory Name: VPASP SQL Injection Vulnerability & Exploit CODE
Release Date: 05/07/2003
Application: 5
Platform: Win32/MSSQL
Severity: High
BUG Type: SQL Injection
Discover by: AresU <aresu (at) bosen (dot) net [email concealed]> & TioEuy <tioeuy (at) bosen (dot) net [email concealed]>
Author: Bosen <mobile (at) bosen (dot) net [email concealed]>
Vendor Status: See below.
Vendor URL:

[ more ] [ reply ]

Another ProductCart SQL Injection Vulnerability 2003-07-04
Bosen (mobile bosen net)

ProductCart SQL Injection Vulnerability
________________________________________________________________________
_______

1ndonesian Security Team (1st)
http://bosen.net/releases/
========================================================================
=======
Security Advisory

Advisory Name: Prod

[ more ] [ reply ]

[STX] Multiple Security Vulnerabilities 2003-07-03
ace static-x org

Multiple files vulnerable to a buffer overflow:

-

gnuchess is an updated version of the GNU chess playing program. It has a

simple alpha-numeric board display, an IBM PC compatible interface, or it

can be compiled for use with the chesstool program on a SUN workstation or

with the xbo

[ more ] [ reply ]