Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions

== Secunia Research 03/08/2006 - PC Tools AntiVirus Insecure Default Directory Permissions - == Table of Contents Affected

CMSimple Cross Site Scripting

### #Aria-Security.net Advisory # #Discovered by: OUTLAW # # www.Aria-security.net # #Gr33t to: A.u.r.a l2odon [EMAIL

[USN-331-1] Linux kernel vulnerabilities

=== Ubuntu Security Notice USN-331-1August 03, 2006 linux-source-2.6.15 vulnerabilities CVE-2006-2934, CVE-2006-2935, CVE-2006-2936 === A security issue affects the

[USN-332-1] gnupg vulnerability

=== Ubuntu Security Notice USN-332-1August 03, 2006 gnupg vulnerability CVE-2006-3746 === A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10

Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

William A. Rowe, Jr. wrote: Apache HTTP Server 2.2.3 Released The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.3 of the Apache HTTP Server (Apache). This version of Apache is principally a bug and

[SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1139-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff August 3rd, 2006

Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

Philip M. Gollucci wrote: William A. Rowe, Jr. wrote: Apache HTTP Server 2.2.3 Released ... CVE-2006-3747: An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Is a release

Javascript software authentication brute force attack

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 0. HISTORICAL CONSIDERATIONS Nowadays it's very easy to have a virtual server with (for instance) mysql and php or any other sort of server-side authentication system, but some time ago many people were trying to use some kinds of

[MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue

[MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue Details === Product: Toenda CMS Affected Version: =1.0.3(stable) and 1.1 Immune Version: None known Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.toenda.com/ Vendor-Status: informed Advisory-Status:

SendCard = 3.4.0 unauthorized administrative access / remote commands execution

#!/usr/bin/php -q -d short_open_tag=on ? echo SendCard = 3.4.0 unauthorized administrative access / remote commands\n; echo execution exploit\n; echo by rgod [EMAIL PROTECTED]; echo site: http://retrogod.altervista.org\n;; echo dork: \Powered by sendcard - an advanced PHP e-card

[SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1140-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 3rd, 2006

SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion

#SolpotCrew Community # # modernbill ver 1.6 (DIR) Remote File Inclusion # # Download file : http://freshmeat.net/projects/modernbill/ # # #

[ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200608-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue

Drupal security advisory DRUPAL-SA-2006-011 Advisory ID:DRUPAL-SA-2006-011 Project:Drupal core

vbulletin 3.5.4 IE exploit xss

--- XSS vbulletin 3.5.4 With IE --- Author:Stefan Group: EnigmaGroup --- This is XSS that only works using IE By Saving malicous code as a .pdf and uploading as a attchment on a post. when the attachment is viewed in

Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]

[EMAIL PROTECTED] wrote: Title: Barracuda Arbitrary File Disclosure This vulnerability doesn't just allow arbitrary file disclosure, but also allows remote execution of commands through use of the pipe characher (|), e.g:

ME Download System 1.3 Remote File Inclusion

+ + + ME Download System 1.3 Remote File Inclusion + + + + Affected Software .: ME Download System 1.3 + Venedor ...: http://www.ehmig.net/ +

[ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200608-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200608-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability

///CYBER-WARRiOR.ORG\ #ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability - #Author: xoron - #script: ZoneX 1.0.3 - Publishers Gold Edition - #Class : Remote - [EMAIL PROTECTED]: x0r0n[at]hotmail[dot]com -

[security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00732238 Version: 1 HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation NOTICE: The information in this Security Bulletin should be