PORNOLATION RELEASE

fxofofvhbzgylnqcmnizzibwpycckvwqflpisgethgksoeovskxnqdvzofxvbelmsodeygybgoosdvopcdgdeippjhmuk

Hello Debian-security-announce!!!
A Genuine Univers1ty Degree 1n notime!

Have you ever thought that the only thing stopping you from a great job and better pay was a few lettesr behind you name?
Well now you can get them!

BA BSc MA MSc MBA PhD

Within notime!
No Stuyd Required!
100%% Verifiable!

These are real, genuine degrees that include Bachelors, Masters, MBA and Doctorate Degrees. They are fully verifiable and certified transcripts are also available.

Just clal the number below.
You?ll thank me later?

Begin Today +1 (270) 818-7244
Operators Live 24 hours
========================

horse's trappings. Then, too, his eyes, the pits darkened against theLucilius's voice softened to a whisper and a too-hectic laugh. Many ofRome. Such protection as it was. Persians, this knot of them. Horsemencenturion" Quintus had had it drummed into him in training. "When you

Problem:Blind sql injection attack in INSERT syntax
Product:PHP-nuke <=8.0
Web page:http://phpnuke.org/

Credit:Maciej `krasza` Kukla
@mail:krasza@gmail.com
homepage:www.krasza.int.pl

1.Description

(...)PHP-Nuke 8.0 Final version. This version includes a new anti-flood system, several cosmetic changes, a new web based installer, improvements on advertising system, downloads and web links modules, Forums and all BBtoNuke modules are now separated from the core system, improved the News module and many bugs fixes. Additionaly PHP-Nuke version 7.9 has been released for free to the public on the downloads section.(...)

Purchase PHP-Nuke 8.0 cast $12.

2.Blind sql injection attack in INSERT syntax

Lately I detected many sql injection attack in INSERT SYNTAX,where query looks like "INSERT into `nuke_referer` values(1,'$var')", $var is not filtered.It is possible to add new administrator(it is abuse...

Photostand_1.2.0 Multiple Cross Site Scripting
Vendor site : http://www.photostand.org/
Global risk : medium

XSS
-----

+ Permanents

Message & name fields are vulnerable to xss attacks. This kind of xss
are pretty dangerous,because anyone who see the page gone get his cookie
stolen and sended to the attackers

+ Non Permanant

index.php?page=search&q;=

Full Path Disclorure -
-----------------------

"PHPSESSID='" will returns the full path of the file.

GET /photostand_1.2.0/ HTTP/1.0
[...]
Cookie: PS_STATS_VT=true;PS_STATS_VR=true;PHPSESSID=';style=[blahblah]path=/
[...]

/photostand_1.2.0/index.php?page=article&id;=' too.

ActiveCalendar 1.2.0, Multiple vulnerabilities
Vendor site : http://www.micronetwork.de/activecalendar/
Global risk : Critical

Multiples XSS :
---------------

/activecalendar/data/[page].php?css=">

In :

/data/
flatevents.php
js.php
mysqlevents.php
m_2.php
m_3.php
m_4.php
xmlevents.php
y_2.php
y_3.php

Local File Include :
---------------------

xtcommerce local file include

local file include:
/index.php?currency=EUR&manufacturers;_id=1&template;=../../../../../../../../etc/passwd%%00

regards laurent gaffi

A few notes on this advisory and IBM's IY94817.

1) The real IY94817 document (not the stub) requires registration to
even access in the first place, which is an unfortunate practice
that too many vendors undertake. The URL was also broken for some
time. Now that I've registered, I *STILL* can't get access to this
file:

"IY94817: SECURITY: DB2DIAG.LOG SYMBOLIC LINK OVERWRITE
VULNERABILITY"

http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817

Why is it so difficult just to get some basic security information?
Security advisories should be easy for the public to access. A
sysadmin shouldn't have to register with hundreds of web sites just
to get good security information.

This kind of thing happens all the time, unfortunately.

2) Anyway, this document:

http://www-1.ibm.com/support/docview.wss?uid=swg21255745

says "The vulnerability allows a local user to write to any file on
the system through the use of symbolic links (also known as
symlinks or soft links)."

Symantec Security Advisory

SYM07-002
http://www.symantec.com/avcenter/security/Content/2007.02.22.html

BID 22564

22 Feb, 2007

Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support
Assistant

Revision History
None

Severity
High (dependent on configuration and user interaction)

BID22564
http://www.symantec.com/avcenter/security/Content/2007.02.22.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hardened-PHP Project
www.hardened-php.net

-= Security Advisory =-

Advisory: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
Release Date: 2007/02/23
Last Modified: 2007/02/23
Author: Stefan Esser [sesser@hardened-php.net]

Application: Firefox <= 2.0.0.1, Internet Explorer 7, Opera 9
Not affected: Internet Explorer 6, Opera 8
Severity: Web-pages without a defined charset will be rendered
with the charset of the parent page when put into an
(i)frame. This might allow bypassing XSS filters
with for example UTF-7 payload
Risk: Low
Vendor Status: Only Mozilla reacted and released Firefox 2.0.0.2 which fixes this issue
References: http://www.hardened-php.net/advisory_032007.142.html

Overview: