Re: Re: Back door trojan in acajoom-3.2.6 for joomla

2009-07-23 Thread Jeffrey Walton
> ... or the developers were stupid enough to develop with old code. Stupid may be a bit harsh. I find 'Software Security' is also a frame of mind that *must* be backed by education. Perhaps the developers lack the knowledge they need to model the threats and incorporate a secure architecture. Jef

[USN-806-1] Python vulnerabilities

2009-07-23 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-806-1 July 23, 2009 python2.4, python2.5 vulnerabilities CVE-2008-4864, CVE-2008-5031 === A security issue affects the following Ubuntu releas

Re: Re: Back door trojan in acajoom-3.2.6 for joomla

2009-07-23 Thread chris . boergermann
An early release of 4.0.0 has the same problem! So Acajoom has a general security issue or the developers were stupid enough to develop with old code.

Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability

2009-07-23 Thread MustLive
Hello Bugtraq! Vulnerability "wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability" is non-working. Because mentioned RFI doesn't exist. Cru3l.b0y, please, always check all vulnerabilities which you find. As I already said to author of fake vulnerability in WordPress Plugi

Stored XSS on Communigate Pro 5.2.14 and prior versions

2009-07-23 Thread Andrea Purificato - bunker
- Description The Communigate Pro webmail framework is prone to a stored Cross Site Scripting vulnerability through crafted plain text email messages. - Affected version: 5.2.14 and prior as reported from Communigate: http://www.communigate.com/cgatepro/History52.html - Details This vulnerability

Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability

2009-07-23 Thread g30rg3_x
Hi Cru3l.b0y, $plugin came from $plugins array which is filled by the glob function which find all " *.php " files that reside under " WPCACHEHOME . 'plugins/' "... Snippet Code from wp-cache-phase1.php at version 0.8.3: $plugins = glob( WPCACHEHOME . 'plugins/*.php' ); if( is_array( $plugins ) )

Re: LifeType 1.2.8 Remote File Inclusion Vulnerability

2009-07-23 Thread GulfTech Security Research
Constants cannot be overwritten like that. This is not a vulnerability. Cru3l.b0y wrote: Hi Dear, I found a new bug in LifeType. Please publish it. thank you best regards

LifeType 1.2.8 Remote File Inclusion Vulnerability

2009-07-23 Thread Cru3l.b0y
Hi Dear, I found a new bug in LifeType. Please publish it. thank you best regards /===\ |

Ocean CMS 0.0.2 Remote File Inclusion Vulnerability

2009-07-23 Thread Cru3l.b0y
Hi Dear, I found a new bug. please publish it. thank you bet regards ++ + + + Ocean CMS 0.0.2 Remote File Inclusion Vulnerabil

wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability

2009-07-23 Thread Cru3l.b0y
Hi Dear, I found a new bug. please publish it. thank you best regards === [o] wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability Software : WP Super Cache v0.8.3

[GSEC-TZO-45-2009] iPhone remote code execution

2009-07-23 Thread Thierry Zoller
Fell quite behind on this one, here it is. ___ Phone &iPod Touch - Remote arbritary code execution ___ Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary c

[SECURITY] [DSA 1840-1] New xulrunner packages fix several vulnerabilities

2009-07-23 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1840-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris July 23, 2009