rPath update for ImageMagick More about

Posted on Tuesday, November 28, 2006 @ 10:33:49 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23090

VERIFY ADVISORY: http://secunia.com/advisories/23090/

CRITICAL: Moderately critical

IMPACT: DoS, System access

OPERATING SYSTEM: rPath Linux 1.x - http://secunia.com/product/10614/

DESCRIPTION: rPath has issued an update for ImageMagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA18261 SA22572

SOLUTION: Update to "ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.4-1".

ORIGINAL ADVISORY:
https://issues.rpath.com/browse/RPL-811
https://issues.rpath.com/browse/RPL-389

OTHER REFERENCES: SA18261: http://secunia.com/advisories/18261/

SA22572: http://secunia.com/advisories/22572/


 

 

PHP-Nuke *modules/News/index.php* SQL Injection Vulnerabilities More about

Posted on Tuesday, November 28, 2006 @ 10:33:03 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23128

VERIFY ADVISORY: http://secunia.com/advisories/23128/

CRITICAL: Moderately critical

IMPACT: Manipulation of data, Exposure of sensitive information

SOFTWARE: PHP-Nuke 7.x - http://secunia.com/product/2385/

DESCRIPTION: Paisterist has discovered two vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "sid" parameter in modules/News/index.php from modules.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows retrieval of administrator usernames and password hashes, but requires that "magic_quotes_gpc" is disabled and that the attacker knows the prefix for the database tables. The vulnerabilities are confirmed in version 7.9. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised. Set "magic_quotes_gpc" in php.ini to On. Use another product.

PROVIDED AND/OR DISCOVERED BY: Paisterist

ORIGINAL ADVISORY: http://www.neosecurityteam.net/index.php?action=advisories&id=30


 

 

ProFTPD mod_tls Buffer Overflow Vulnerability More about

Posted on Tuesday, November 28, 2006 @ 10:31:59 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23141

VERIFY ADVISORY: http://secunia.com/advisories/23141/

CRITICAL: Moderately critical

IMPACT: System access, DoS

SOFTWARE:
ProFTPD 1.3.x - http://secunia.com/product/5430/
ProFTPD 1.2.x - http://secunia.com/product/1250/

DESCRIPTION: Evgeny Legerov has reported a vulnerability in the mod_tls module for ProFTPD, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "tls_x509_name_oneline()" function in contrib/mod_tls.c. This can be exploited to cause a buffer overflow by sending specially crafted data to a server. Successful exploitation may allow execution of arbitrary code, but requires that ProFTPD uses the mod_tls module. The vulnerability is reported in version 1.3.0a. Other versions may also be affected.

SOLUTION: Restrict access to trusted people only.

PROVIDED AND/OR DISCOVERED BY: Evgeny Legerov

ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html


 

 

PostNuke *error.php* Local File Inclusion More about

Posted on Tuesday, November 21, 2006 @ 07:48:08 CST in Postnuke
by Raven

SECUNIA ADVISORY ID: SA22983

VERIFY ADVISORY: http://secunia.com/advisories/22983/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information

SOFTWARE: PostNuke 0.x - http://secunia.com/product/350/

DESCRIPTION: A vulnerability has been reported in PostNuke, which can be exploited by malicious people to disclose sensitive information. Input passed to the "PNSVlang" variable is not properly sanitised before it is used to include files in error.php. This can be exploited to include arbitrary files via directory traversal attacks. The vulnerability is reported in versions prior to 0.764.

SOLUTION: Update to version 0.764.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Kacper.

ORIGINAL ADVISORY: http://community.postnuke.com/index.php?name=News&file=article&sid=2787


 

 

2 Column News More about

Posted on Tuesday, November 21, 2006 @ 07:29:54 CST in Modules
by Raven

zulhar writes:  
Save that precious space and publish more news in your main page by using 2 column news module.

Get the Zulnews Module at Zul W3C Compliance Nuke

Fast and hassle-free registration.


 

 

PHPNuke EverQuest Theme Released! More about

Posted on Tuesday, November 21, 2006 @ 07:28:55 CST in PHP-Nuke Themes
by Raven

Mars writes:  
PortalThemes - PHPNuke EverQuest Theme Released
EQ1Theme2 is a clean fast loading PHPNuke Theme designed for an EverQuest Guild site.

Preview the theme at the PortalThemes PHPNuke Theme test site.
Includes a matching forum theme.
PSD file included for the header and topic images.

Be sure to checkout our wide selection of PHPNuke Themes at our PHPNuke Theme Test Site
PortalThemes.com


 



Page 259 of 659 (3950 total stories) [ << | < | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | > | >> ]  

News ©

Site Info

Last SeenLast Seen
  • rhineus
  • kguske
Server TrafficServer Traffic
  • Total: 567,782,603
  • Today: 7,089
Server InfoServer Info
  • Jun 26, 2026
  • 01:55 am CDT
 
 

Site Navigation