security advisory - OpenVMPS

security advisory - OpenVMPS What is it? ----------- OpenVMPS is a substitute implementation of Cisco Virtual Membership Policy Server on Catalyst 65500 family of switches. It is used on Cisco LAN switces to dynamically assign ports to VLANs according to Ethernet Address. Because it was developed...

Mandrake Linux Security Advisory : clamav (MDKSA-2005:125)

Neel Mehta and Alex Wheeler discovered integer overflow vulnerabilities in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats. By sending a specially crafted file, an attacker could execute arbitrary code with the permissions of the user running Clam AV. This update provides clamav...

BNBT BitTorrent EasyTracker 7.7r3 - Denial of Service

/ BNBT BitTorrent EasyTracker Remote Denial Of Service Versions: Version 7.7r3.2004.10.27 and below Vendors: http://bnbt.go-dedicated.com/ http://bnbteasytracker.sourceforge.net/ http://sourceforge.net/projects/bnbtusermods/ Bug find and coded by: Sowhat@@secway@org http://secway.org This PoC wil...

Vulnerability found in CPAINT Ajax Toolkit

I am the original author of the CPAINT Ajax Toolkit http://cpaint.sourceforge.net/. Last night we found a vulnerability affecting all versions of CPAINT prior to v1.3-SP which is the patched version of the software that can allow a user with malicious intent to execute server or ASP/PHP commands...

PHPXMLRPC Remote Code Execution

GulfTech Security Research June 29th, 2005 Vendor : Useful Information Inc. URL : http://phpxmlrpc.sourceforge.net/ Version : PHPXMLRPC 1.1 && Earlier Risk : Remote Command Execution Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC web RPC protocol, and was...

Yappa-NG Multiple Vulnerabilities

GulfTech Security Research May 11th, 2005 Vendor : Fritz Berger URL : http://sourceforge.net/projects/yappa-ng/ Version : yappa-ng 2.3.1 && Earlier Risk : Multiple Vulnerabilities Description: Yappa-NG is the second generation new and improved version of Yappa yet another php photo album. There a...

Multiple eGroupware Vulnerabilities

GulfTech Security Research April 20th, 2005 Vendor : eGroupware URL : http://www.egroupware.org/ Version : Versions Prior To 1.0.0.007 Risk : Multiple Vulnerabilities Description: eGroupware is a very popular open source web based collaboration software that can be used within an intranet, or...

phpGedView.txt

Vendor : phpGedView URL : http://phpgedview.sourceforge.net Version : 2.65 beta 5 All Versions?? Risk : Multiple Vulnerabilities Description: The phpGedView project parses GEDCOM 5.5 genealogy files and displays them on the Internet in a format similar to PAF. All it requires to run is a php...

phpGedView < 2.65 beta 5 - Multiple Vulnerabilities

phpGedView Multiple Vulnerabilities Vendor: phpGedView Product: phpGedView Version: = 2.65 beta 5 Website: http://phpgedview.sourceforge.net Description: The phpGedView project parses GEDCOM 5.5 genealogy files and displays them on the Internet in a format similar to PAF. All it requires to run i...

L-Forum Vulnerability - SQL Injection

I have discovered an SQL injection flaw in L-Forum which has a recent record upload spoofing/XSS by Ulf of security bugs. The problem this time is search.php. It doesn't properly escape the SQL data passed in by the user in the search member. I have provided a SourceForge patch for this...

[SEC] Hole in PHPLib 7.2 prepend.php3

The PHPLib Team announces phplib-7.2d, availible now. This release fixes the recently discovered hole in prepend.php3 that can allow a remote attacker to inject non-local code into any phplib based script. Please note that this affects all applications that depend on PHPLib. Some apps have decide...