|
|
Colapse all |
Post message
[Sec-Tec Advisory] Local scripting vulnerability in phpBB 2002-11-25 Pete Foster (pete sec-tec demon co uk) Web Server Creator - Web Portal 0.1 (PHP) 2002-11-25 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° news/include/customize.php : ------------------ <? $langfile = $l; include $l; ?> ------------------ index.php : --------------------------- [ more ] [ reply ] ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd) 2002-11-25 Dave Ahmad (da securityfocus com) David Mirza Ahmad Symantec 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force Security Brief November 25, 2002 Solaris fs.auto Remote Compromise Vulnerability Synopsis: ISS X-Force has discovered a vulnerability in the Sun M [ more ] [ reply ] Netscreen Malicious URL feature can be bypassed by fragmenting the request 2002-11-25 zel (zel firewallmonkeys com) Netscreen Malicious URL feature can be bypassed by fragmenting the request http://www.cirt.net/advisories/netscreen.shtml Product Description: NetScreen Technologies Inc. is a leading developer of integrated network security solutions that offer the security, performance and total cost of ownership [ more ] [ reply ] Multiple phpNuke Modules Vulnerable to Cross-Site Scripting 2002-11-24 Matthew Murphy (mattmurphy kc rr com) phpNuke Module Vulnerabilities Enable Identity Theft Systems Affected: phpNuke 6.5b1 and prior (all operating systems) Risk: High Impact: Identity Theft/Impersonation/Privilege Elevation Scenario: Cross-site scripting flaws enabling cookie theft Description phpNuke is a popular, and very complex [ more ] [ reply ] Remote POST Buffer Overflow vulnerability in Pserv. 2002-11-24 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2002-0x82-005 ======================================== * Title: Remote POST Buffer Overflow vulnerability in Pserv (Pico Server). 0x01. Description Pico server is very small webserver of C language base that support sever [ more ] [ reply ] acFTP Authentication Issue 2002-11-24 Matthew Murphy (mattmurphy kc rr com) acFTP is an open-source FTP daemon for Windows platforms (http://www.sourceforge.net/projects/acftp) that offers more functionality than many proprietary servers (including the MS FTP service). The authentication code of acFTP contains a flaw -- specifically, the server treats users as logged in wi [ more ] [ reply ] acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS 2002-11-24 Matthew Murphy (mattmurphy kc rr com) Product Information acFreeProxy (aka "acfp") is an HTTP/1.x proxy for Microsoft Windows environments. It offers caching, and several other features, and has a plug-in format designed for extensibility. A flaw in the product may allow attackers to execute content across domains. Description The [ more ] [ reply ] Re: Alert: Microsoft Security Bulletin - MS02-066 2002-11-25 Lise (lise_moorveld hotmail com) Hi, In MS02-066 Microsoft claim they've fixed several Cross Domain Verification problems. Unfortunately, they are not really clear on which vulnerabilities they fix. Does anyone know which vulnerability was meant with this: - Frames Cross Site Scripting: CVE-CAN-2002-1187 The CVE number is reser [ more ] [ reply ] Remote Heap malloc/free & multiple Overflow vulnerability in WSMP3. 2002-11-25 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2002-0x82-006 ======================================== * Title: Remote Heap malloc/free & multiple Overflow vulnerability in WSMP3. 0x01. Description =-=-=-=-=-=-=-=-= WSMP3d webserver or, is used by shoutcast-server. This [ more ] [ reply ] [ESA-20021122-031] php upgrade, security fixes 2002-11-22 EnGarde Secure Linux (security guardiandigital com) Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002) 2002-11-22 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Multiple Buffer Overruns RealOne / RealPlayer / RealOne Enterprise Desktop Systems Affected: Windows All Severity: Critical Category: Remote Buffer Overrun Vendor URL: http://www.real.com/ Author: Mark Litchfield (mark (at) ngssoftware (dot) com [email concealed]) Date: 22nd [ more ] [ reply ] [ESA-20021122-030] local kernel vulnerabilities 2002-11-22 EnGarde Secure Linux (security guardiandigital com) [CLA-2002:550] Conectiva Linux Security Announcement - samba 2002-11-22 secure conectiva com br -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : samba SUMMARY : Buffer overflow vulnerability [ more ] [ reply ] [RHSA-2002:266-05] New samba packages available to fix potential security vulnerability 2002-11-22 bugzilla redhat com UPDATE: Linksys router vulnerability (add'l models affected) 2002-11-20 Seth Bromberger (sbbugtraq1102 yahoo com) As a followup to the "Linksys router vulnerability" posting to this list on Monday, 18 November. Linksys has confirmed that this problem affects the following products IN ADDITION TO the products listed in the original posting: BEFVP41 BEFSX41 BEFSR81 BEFN2PS4 HPRO200 with firmware versions later [ more ] [ reply ] Allied Telesyn switches & routers vulnerability 2002-11-20 Oleg A. Lebedev (techdir mns ru) Hello, all The problem: Zero stream DoS switch! We have tested switches of Allied Telesyn, 8024 and Rapier24. We have installed the latest firmware from AT site. Testing: 1. Scan for open ports on switch (assume switch address 192.168.0.13): nmap -v -sT 192.168.0.13 Starting nmap V. 2.54BETA22 [ more ] [ reply ] Open WebMail 1.71 "background" magic info 2002-11-19 FreeBSDbr Bugtraq DataBase (db-bugtraq freebsdbr com br) Hello Folks, Open Webmail is a perl webmail program that runs on UNIX operational systems. For more about Open WebMail, it´s official website is http://openwebmail.org/. Ok, let´s talk about the problem. I´ve tested Open WebMail 1.71 an when you enter an invalid username (user that doesn´t exis [ more ] [ reply ] MDKSA-2002:080 - Updated kdenetwork packages fix remote command execution vulnerabilites 2002-11-22 Mandrake Linux Security Team (security linux-mandrake com) Zeroo Folder Traversal Vulnerability 2002-11-22 mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com) According to the vendor's web page <http://lonerunner.cfxweb.net>, Zeroo is a "simple, small, portable, fast HTTP server". The server is available for Windows, and Linux operating systems. A folder traversal flaw in the server may allow attackers to compromise sensitive information stored on the s [ more ] [ reply ] MDKSA-2002:079 - Updated kdelibs packages fix remote command execution vulnerabilites 2002-11-22 Mandrake Linux Security Team (security linux-mandrake com) Security Update: [CSSA-2002-052.0] Linux: sendmail smrsh bypass vulnerabilities 2002-11-21 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: sendmail smrsh bypass vulnerabilities Advisory numb [ more ] [ reply ] GLSA: samba 2002-11-21 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200211-007 - - -------------------------------------------------------------------- PACKAGE : samba SUMMARY : remote root access DATE : 2002- [ more ] [ reply ] [OpenBSD] [syslogd] false src-IP when logging to remote syslogd 2002-11-20 Torsten Valentin (bugtraq-partner seculution de) OpenBSD's syslogd (Tested on OpenBSD 2.9 - 3.2, i386 only) seems to have a bug that might lead to false information on a remote syslog-server. The problem can be reproduced by changing the machines IP using ifconfig and NOT rebooting the whole machine. Though the machine should not use the old IP a [ more ] [ reply ] CERT Advisory CA-2002-32 Backdoor in Alcatel OmniSwitch AOS (fwd) 2002-11-21 Dave Ahmad (da securityfocus com) David Mirza Ahmad Symantec 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 ---------- Forwarded message ---------- Return-Path: <cert-advisory-owner (at) cert (dot) org [email concealed]> Delivered-To: da (at) securityfocus (dot) com [email concealed] Received: (qmail 24024 invoked by alias); 21 Nov 2002 18:36:26 -0000 Delivered [ more ] [ reply ] [LSD] Java and JVM security vulnerabilities 2002-11-21 Last Stage of Delirium (contact lsd-pl net) We would like to inform you about several security vulnerabilities in Java Virtual Machine implementations that we have found during our research. These vulnerabilities affect at least JVMs used in Netscape Communicator and Microsoft Internet Explorer web browsers. Below you can find their brief de [ more ] [ reply ] |
|
Privacy Statement |
Vendor : http://www.phpbb.com
Problem : Insufficient filtering of user input
Usability : Easy
Severity : Medium
Report by : Pete Foster, Sec-Tec Ltd (http://www.sec-tec.com)
The Product (From vendors site):
phpBB is a high powered, fully scalable, and highly customisa
[ more ] [ reply ]