SecurityFocus

RE: Cross-site scripting vulnerability in CF 5.0 2002-12-16
CORREIA, PATRICK (pcorreia cha-llp com)

Does anyone have information on whether the same issue affects ColdFusion
MX?

______________________________________
Patrick K. Correia, Web Designer
Clough, Harbour & Associates LLP
http://www.cha-llp.com

-----Original Message-----
From: KiLL CoLe [mailto:killcole (at) yahoo (dot) com [email concealed]]
Sent: Monday, D

[ more ] [ reply ]

Cross-site scripting vulnerability in CF 5.0 2002-12-16
KiLL CoLe (killcole yahoo com) (1 replies)

Cross-site scripting vulnerability in CF 5.0. This
issue was brought up to macromedia on July 22nd, 2002.
Macromedia issued a fix to me, but I have not seen the
fix available to the public. the coldfusion
administrator allows you to view your application log
via your web browser. Under certain co

[ more ] [ reply ]

Re: Cross-site scripting vulnerability in CF 5.0 2002-12-16
SecurityFocus cubesearch com

PHP-Nuke code execution and XSS vulnerabilities 2002-12-16
Ulf Harnhammar (ulfh update uu se)

PHP-Nuke code execution and XSS vulnerabilities

PROGRAM: PHP-Nuke
VENDOR: Fransisco Burzi et al.
HOMEPAGE: http://phpnuke.org/
VULNERABLE VERSIONS: 6.0 (the only supported version)
IMMUNE VERSIONS: 6.0 with my patch applied
LOGIN REQUIRED: no

DESCRIPTION:

"PHP-Nuke is a Web portal and online co

[ more ] [ reply ]

GLSA: exim 2002-12-16
Daniel Ahlberg (aliz gentoo org)

R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors 2002-12-16
Rapid 7 Security Advisories (advisory rapid7 com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________
Rapid 7, Inc. Security Advisory

Visit http://www.rapid7.com/ to download NeXpose(tm), our
advanced vulnerability scanner. Linux and Windows 20

[ more ] [ reply ]

PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting 2002-12-15
Frog Man (leseulfrog hotmail com)

Informations :
°°°°°°°°°°°°°°
Product : PHP-Nuke
Version : 6.0
Website : http://www.phpnuke.org
Problems :
- Path Disclosure
- XSS

Developpement :
°°°°°°°°°°°°°°°
The majority of the PHPNuke's files are includes in modules.php or
index.php. To prevent the direct access, PHPNuke made two kinds of

[ more ] [ reply ]

[OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) 2002-12-16
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

[OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl) 2002-12-16
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

[OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) 2002-12-16
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD 2002-12-16
Amit Klein (Amit Klein SanctumInc com)

///////////////////////////////////////////////////////////////////////
========================>> Security Advisory <<========================
///////////////////////////////////////////////////////////////////////

--------------------------------------------------------------------
Multiple vend

[ more ] [ reply ]

Password Disclosure in Cryptainer 2002-12-16
K. K. Mookhey (cto nii co in)

===================================================
Advisory: Password Disclosure in Cryptainer
Vendor: SecureSoft http://www.cypherix.com
Download Location: http://www.cypherix.com/downloads.htm
Versions affected: Cryptainer PE and Cryptainer 2.0
Date: 16th December 2002
Type of Vulnerability: Info

[ more ] [ reply ]

GLSA: mysql 2002-12-15
Daniel Ahlberg (aliz gentoo org)

GLSA: squirrelmail 2002-12-15
Daniel Ahlberg (aliz gentoo org)

GLSA: fetchmail 2002-12-15
Daniel Ahlberg (aliz gentoo org)

GLSA: mysql 2002-12-15
Daniel Ahlberg (aliz gentoo org)

MyPHPLinks (PHP) : SQL Injection 2002-12-14
Frog Man (leseulfrog hotmail com)

Informations :
°°°°°°°°°°°°°°
Website : http://www.myphpsoft.net
Version : ? -> 2.1.9, 2.2.0CVS
Problem : SQL Injection -> Admin access

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
admin/auth/checksession.php
---------------------------------------------------------------
[...]
if($idsession!=''){
$dbs

[ more ] [ reply ]

FW: SQL Injection Solved 2002-12-13
Louie Conceicao (louie logisense com)

LogiSense Corporation is a leading provider of performance software for
service providers and enterprises. We offer a wide range of low-cost
products designed to address common client billing and management,
traffic congestion, network scalability, and latency issues."

LogiSense software tested inc

[ more ] [ reply ]

[CLA-2002:552] Conectiva Linux Security Announcement - wget 2002-12-13
secure conectiva com br

Directory Traversal Vulnerability in FTP Client on IRIX 2002-12-13
SGI Security Coordinator (agent99 sgi com)

[ESA-20021213-033] Several MySQL vulnerabilities. 2002-12-13
EnGarde Secure Linux (security guardiandigital com)

Anyone can read all XOOPS private messages 2002-12-13
Val Deux (valdeux aol com)

www.phpsecure.org advisory.

In french : http://www.phpsecure.org/?zone=pComment&d=101

By valdeux

Publiacted on december, 13th 2002

As most part of PHP CMS, XOOPS allows users to send and receive Private

Messages (PMs), that are saved on the DataBase.

We found how all messages are read

[ more ] [ reply ]

Advisory 05/2002: Another Fetchmail Remote Vulnerability 2002-12-13
Stefan Esser (s esser e-matters de)

e-matters GmbH
www.e-matters.de

-= Security Advisory =-

Advisory: Fetchmail remote vulnerability
Release Date: 2002/12/13
Last Modified: 2002/12/13
Author: Stefan Esser [s.esser (at) e-matters (dot) de [email concealed]]

Application:

[ more ] [ reply ]

Eserv remote denial of service 2002-12-13
securma massine (securma caramail com)

hi
Eserv is Mail, News, Web, FTP and Proxy Servers for
Win95/98/NT/2000 (http://www.eserv.ru/)
Eserv is vulnerable has an attack back by sending a buffer
of 5M of Data with port 119 or 25 or 110 or 21 with a
buffer of 5080000 byte ,
version tested: v2.97, v2.99 (possible all version are
vulnerable)

[ more ] [ reply ]

[SECURITY] [DSA 211-1] New mICQ packages fix denial of service 2002-12-13
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 211-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 13th, 2002

[ more ] [ reply ]

[SECURITY] [DSA-210-1] lynx CRLF injection 2002-12-12
Wichert Akkerman (wichert wiggy net)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-210-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Wichert Akkerman
December 13, 2002
- ------------

[ more ] [ reply ]

XSS flaw found at "https://www.e-gold.com" 2002-12-10
Liu Die Yu (liudieyuinchina yahoo com cn)

i know bugtraq doesn't accept vulnerability on one site, but the following

info is important; please suggest a forum for me to post.

----=======------

XSSatEGOLD-Content-Tech

XSS flaw found at "https://www.e-gold.com"

technically, it's nothing new.

XSS at E-gold is very dan

[ more ] [ reply ]