SecurityFocus

Email marketing company gives out questionable security advice 2003-07-03
Richard M. Smith (rms computerbytesman com)

Hi,

Last week, I received an unsolicited email message from Mobil Travel
Guide about their new online service. In the message, I was encouraged
to turn back on ActiveX and scripting in Outlook in order to view a
Flash movie embedded in the message. Needless to say, I thought this
was a terrible

[ more ] [ reply ]

VisNetic WebSite Path Disclosure Vulnerability 2003-07-01
Peter Kruse (kruse krusesecurity dk)

Name: VisNetic WebSite Path Disclosure Vulnerability
Date: 2nd of July 2003
Software affected: VisNetic WebSite 3.5, Service release 17
(prior versions are vulnerable)
Advisory: http://www.krusesecurity.dk/advisories/vis0103.txt
Vendor: http://www.deerfield.com/download/visnetic_website/
Risk:

[ more ] [ reply ]

Contact information for Microsoft Security Response Center [tf] 2003-07-03
Microsoft Security Response Center (secure microsoft com)

MacOSX - crash screensaver locked with password and get thedesktop back 2003-07-04
Delfim Machado (bipbip xpto org)

Hi all,

three days ago i discovered a security issue, with the last MacOSX.

there is a way to crash the screensaver locked with password and gain
the desktop.

how? - you ask.
i don't know the exact amount of characters, only that if you leave a
key pressed for 5 minutes or more and then hit the

[ more ] [ reply ]

When full disclosure is the only way... 2003-07-04
se nopiracy de

XBOX Security

-= Security Advisory =-

Advisory: XBOX Dashboard local vulnerability
Release Date: 2003/07/04
Last Modified: 2003/07/04
Author: Stefan Esser [se (at) nopiracy (dot) de [email concealed]]

Application: Microsoft XBOX D

[ more ] [ reply ]

Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tickets) 2003-07-04
Spybreak (spybreak hysteria sk)

On Wed, 2 Jul 2003, Michal Zalewski wrote:

> As far as I know, there was no neat and generic way to exploit an
> insecure /tmp file creation alone - well, until now.

Hello Michal and BugTraq,

there already has been a generic way to exploit O_CREAT w/o O_EXCL
in a world-writable directory issues

[ more ] [ reply ]

[CLA-2003:674] Conectiva Security Announcement - xpdf 2003-07-04
Conectiva Updates (secure conectiva com br)

VPASP SQL Injection Vulnerability & Exploit CODE 2003-07-04
aresu bosen net

Advisory Name: VPASP SQL Injection Vulnerability & Exploit CODE
Release Date: 05/07/2003
Application: 5
Platform: Win32/MSSQL
Severity: High
BUG Type: SQL Injection
Discover by: AresU <aresu (at) bosen (dot) net [email concealed]> & TioEuy <tioeuy (at) bosen (dot) net [email concealed]>
Author: Bosen <mobile (at) bosen (dot) net [email concealed]>
Vendor Status: See below.
Vendor URL:

[ more ] [ reply ]

Another ProductCart SQL Injection Vulnerability 2003-07-04
Bosen (mobile bosen net)

ProductCart SQL Injection Vulnerability
________________________________________________________________________
_______

1ndonesian Security Team (1st)
http://bosen.net/releases/
========================================================================
=======
Security Advisory

Advisory Name: Prod

[ more ] [ reply ]

[STX] Multiple Security Vulnerabilities 2003-07-03
ace static-x org

Multiple files vulnerable to a buffer overflow:

-

gnuchess is an updated version of the GNU chess playing program. It has a

simple alpha-numeric board display, an IBM PC compatible interface, or it

can be compiled for use with the chesstool program on a SUN workstation or

with the xbo

[ more ] [ reply ]

[SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow 2003-07-03
Secure Net Service(SNS) Security Advisory (snsadv lac co jp)

----------------------------------------------------------------------
SNS Advisory No.65
Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow

Problem first discovered: Thu, 5 Dec 2002
Published: Thu, 03 Jul 2003
Reference: http://www.lac.co.jp/security/intelligence/SNSAdvisory

[ more ] [ reply ]

Immunix Secured OS 7+ unzip update -- bugtraq 2003-07-03
Immunix Security Team (security immunix com)

-----------------------------------------------------------------------
Immunix Secured OS Security Advisory

Packages updated: unzip
Affected products: Immunix OS 7+
Bugs fixed: CAN-2003-0282
Date: Wed Jul 2 2003
Advisory ID: IMNX-2003-7+-017-01
Author: Seth Arnold <sarnold (at) immunix (dot) com [email concealed]>
---

[ more ] [ reply ]

[CLA-2003:672] Conectiva Security Announcement - unzip 2003-07-02
Conectiva Updates (secure conectiva com br)

[RHSA-2003:203-01] Updated Ethereal packages fix security issues 2003-07-03
bugzilla redhat com

Software vendors just don't "get" ActiveX security 2003-07-03
Richard M. Smith (rms computerbytesman com)

Hi,

Software vendors continue to not understand ActiveX security issues. I
found a number of ActiveX controls on my laptop which are marked "safe
for scripting", but they are clearly not. These controls contain
methods which can be used from a Web page to do things like run
programs, download fil

[ more ] [ reply ]

Broadcast BoF and server freeze in RogerWilco (2001) 2003-07-02
Auriemma Luigi (aluigi pivx com)

#######################################################################

Application: Roger Wilco (http://www.rogerwilco.com)
Versions: Mk.1d3 dated 14th Sep 2001 (1.4.1.2 is NOT vulnerable)
Platforms: Windows
Bugs: RogerWilco doesn't check the length of the nicknames sent

[ more ] [ reply ]

[KSA-003] Cross Site Scripting Vulnerability in Phpgroupware 2003-07-02
Francois SORIN (francois sorin security-corporation com)

=================================================

Kereval Security Advisory [KSA-003]

Cross Site Scripting Vulnerability in Phpgroupware

=================================================

PROGRAM: Phpgroupware
HOMEPAGE: http://www.phpgroupware.org/
VULNERABLE VERSIONS: 0.9.14.003
RISK: Low/Medi

[ more ] [ reply ]

Greymatter v1.21d: Remote PHP command injection/execution. 2003-07-02
FraMe (frame hispalab com)

Product: Greymatter v1.21d
Vendor: Noah Grey - GreySoft
Author: FraMe ( frame at kernelpanik.org )
URL: http://www.kernelpanik.org

CONTENTS

1. Overview
2. Description.
3. How to exploit it?
4. Impact.
5. Patch.
6. Vendor Response
7. Greetings

1. Overview.

Greymatter is a news/weblog tool written

[ more ] [ reply ]

OpenBSD PF :: "rdr" information leakage 2003-07-02
Ed3f (ed3f overminder com)

************************ SECURITY ALERT ************************

Systems Affected

OpenBSD PF 3.x

Risk

low

Overview

Depending on the scenario an attacker could
discover the private IP and/or port number where
packets are redirected to by PF.

Descri

[ more ] [ reply ]

phpMyAdmin: reply to vulnerability report (2003-06-18) 2003-07-02
Marc Delisle (DelislMa CollegeSherbrooke qc ca)

( From http://www.phpmyadmin.net/documentation#faqsecurity )

Last update: 2003-07-02.

The phpMyAdmin development team received notice of this security alert:
http://www.securityfocus.com/archive/1/325641.

The team regrets that the author did not communicate with us before
sending this alert.

[ more ] [ reply ]

URLMON.DLL buffer overflow - technical details 2003-07-01
Jouko Pynnonen (jouko iki fi)

OVERVIEW
========

Following are some technical details of the URLMON.DLL buffer overflow.
An overall description can be found in this Bugtraq message:

http://www.securityfocus.com/archive/1/319764

Microsoft released a patch to fix this issue in April (MS03-15). It can
be found here:

http

[ more ] [ reply ]

Red Hat 9: free tickets 2003-07-02
Michal Zalewski (lcamtuf ghettot org) (1 replies)

[ This is not strictly a new vulnerability - but a description of
a flaw that can be combined with any of the minor vulnerabilities
that pop up once a week to turn them into a major vulnerability.
I will leave it up to the moderators of BUGTRAQ and VulnWatch to
approve or reject it... ]

Th

[ more ] [ reply ]

Re: Red Hat 9: free tickets 2003-07-02
Carlos Villegas (villegas math gatech edu) (1 replies)

Re: Red Hat 9: free tickets 2003-07-02
Michal Zalewski (lcamtuf coredump cx)

Re: OptiSwitch remote root compromise - Wrong ifnormation 2003-07-02
Zeev Dr (zdraer mrv com)

In-Reply-To: <20030626030355.GA10951 (at) istc (dot) kg [email concealed]>

This is clearly a malicious attempt to harm company product.

No such hack exists, and this has been verified already by all relevant

entities.

Strongly recommended that placing such a harmful statement on site, should

at least be confirmed with th

[ more ] [ reply ]

[RHSA-2003:204-01] Updated PHP packages are now available 2003-07-02
bugzilla redhat com

CORE-2003-0305-03: Active Directory Stack Overflow 2003-07-02
CORE Security Technologies Advisories (advisories coresecurity com)

Core Security Technologies Advisory
http://www.coresecurity.com

Active Directory Stack Overflow

Date Published: 2003-07-02

Last Update: 2003-07-02

Advisory ID: CORE-2003-0305-03

Bugtraq ID: 7930

CVE Name: None cu

[ more ] [ reply ]

CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability 2003-07-02
CORE Security Technologies Advisories (advisories coresecurity com)

Core Security Technologies Advisory
http://www.coresecurity.com

NetMeeting Directory Traversal Vulnerability

Date Published: 2003-07-02

Last Update: 2003-07-02

Advisory ID: CORE-2003-0305-04

Bugtraq ID: 7931

CVE Name:

[ more ] [ reply ]

[sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow Vulnerability + PoC code 2003-07-01
sec-labs team (team sec-labs hack pl)

sec-labs team proudly presents:

Buffer overflow vulnerability in Adobe Acrobat Reader 5.0.7 and earlier
by mcbethh
29/06/2003

I. BACKGROUND

quote from documentation:
'The Acrobat Reader allows anyone to view, navigate, and print documents
i

[ more ] [ reply ]

[CLA-2003:668] Conectiva Security Announcement - kde 2003-06-30
Conectiva Updates (secure conectiva com br)