FLEA-2007-0014-1: vim

2007-04-30 Thread Foresight Linux Essential Announcement Service
Foresight Linux Essential Advisory: 2007-0014-1 Published: 2007-04-30 Rating: Minor Updated Versions: gvim=/[EMAIL PROTECTED]:1-devel//1/7.0.235-1-1 vim=/[EMAIL PROTECTED]:1-devel//1/7.0.235-1-1 vim-minimal=/[EMAIL PROTECTED]:1-devel//1/7.0.235-1-1 group-dist=/[EMAIL PROTECTED]:1

E-Annu (home.php) Remote SQL Injection Vulnerability

2007-04-30 Thread ilkerkandemir
-AYYILDIZ.ORG PreSents... Script: E-Annu Script D.: http://www.alic.ch/sources/annu.rar Script Demo: http://www.autocash.ch/annu/ Contact: ilker Kandemir info: */ Siz Yokken AYYILDIZ Vardi. */ --

Re: Sphider Version 1.2.x (include_dir) file include

2007-04-30 Thread ijoo . keren
hmm... i think $include_dir has been declare.. $include_dir = "./include"; <--- there is patch $language_dir = "./languages"; include "$include_dir/index_header.inc"; so i think this not Vuln..

please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB"

2007-04-30 Thread Simson Garfinkel
Dear Tim, Please issue a statement retracting your "security vulnerability" CV2-2007-2056. Your alleged vulnerability in aimage is not a bug because the function getlock() is never called. Although I appreciate the fact that you have done a security audit on my code, many of the bugs th

Flaw in about.r OS and Progress version disclosure

2007-04-30 Thread suresync
about.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1

Re: please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB"

2007-04-30 Thread Tim
Hello Simson, > Please issue a statement retracting your "security vulnerability" > CV2-2007-2056. > > Your alleged vulnerability in aimage is not a bug because the > function getlock() is never called. You are correct. I sincerely appologize for not catching this. This function is not cal

GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability

2007-04-30 Thread crazy_king
By [EMAIL PROTECTED] [EMAIL PROTECTED] Biyosecurity.Net & Expw0rm.Com Thanks : Liz0 & DarkXBoyZ & Eno7 & ApAci & Uyuss & Crackers_Child & Th3_43k1R & Xoron & Ajannn Portal : GHH Wersion : 1.1 GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability Demo : http://ghh.sourceforge

[SECURITY] [DSA 1283-1] New php5 packages fix several vulnerabilities

2007-04-30 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1283-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff April 29th, 2007

[security bulletin] HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), Local Execution of Arbitrary Code with Root Privileges

2007-04-30 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00819543 Version: 1 HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), Local Execution of Arbitrary Code with Root Privileges NOTICE: The information in this Secu