From theall at tenablesecurity.com  Sun Aug  3 01:59:53 2008
From: theall at tenablesecurity.com (George A. Theall)
Date: Sat, 2 Aug 2008 21:59:53 -0400
Subject: [VIM] GreenCart PHP Shopping Cart (id) Remote SQL Injection
	Vulnerability
Message-ID: <47CACAC1-A00D-42FD-93A7-1AFE1A742984@tenablesecurity.com>

The forum thread at www.viart.com/pozscripts_com.html suggests that  
GreenCart is a ripoff of ViArt Shop.  I don't know if that's true --  
they certainly do look the same (eg, /admin/admin_login.php, /page.php? 
page=help, /basket.php) -- but it makes me wonder if the SQL  
injections covered by Milw0rm 6189 also apply to ViArt Shop. Can  
anyone with access to a copy of ViArt confirm?


George
-- 
theall at tenablesecurity.com




From jericho at attrition.org  Mon Aug  4 23:01:30 2008
From: jericho at attrition.org (security curmudgeon)
Date: Mon, 4 Aug 2008 23:01:30 +0000 (UTC)
Subject: [VIM] final decision on VIM dinner and location?
Message-ID: <Pine.LNX.4.64.0808042301160.16768@forced.attrition.org>


I may have missed it, what was the final verdict?

From coley at linus.mitre.org  Mon Aug  4 23:27:58 2008
From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 4 Aug 2008 19:27:58 -0400 (EDT)
Subject: [VIM] 3rd annual VIM gathering?
In-Reply-To: <Pine.LNX.4.64.0807301753430.9955@forced.attrition.org>
References: <20080725211223.70515.qmail@cgisecurity.net>
	<Pine.GSO.4.51.0807252011570.20673@faron.mitre.org>
	<488B54D3.5070209@milw0rm.com>
	<Pine.GSO.4.51.0807301251200.6072@faron.mitre.org>
	<Pine.LNX.4.64.0807301753430.9955@forced.attrition.org>
Message-ID: <Pine.GSO.4.51.0808041924240.23930@faron.mitre.org>


On Wed, 30 Jul 2008, security curmudgeon wrote:

> Across the street is the Hilton, and the Star Trek deal is on the way out
> (/mourn). Could do it there and help send off Quark's bar with talk of
> VDBs and Core Reactors!

I like this idea, so let's go with this option.

So:

 - Friday night, 5:30 PM
 - at Quark's bar at the Hilton
 - Lurkers welcome

Do the OSVDB folks have any promotional material this year?  We could wear
some of it so that it's easier for new people to find us.

- Steve

From jkouns at opensecurityfoundation.org  Sat Aug  9 00:09:40 2008
From: jkouns at opensecurityfoundation.org (Jake Kouns)
Date: Fri, 8 Aug 2008 20:09:40 -0400
Subject: [VIM] VIM Meeting
Message-ID: <1218240584.17D189A6@fc8.dngr.org>

Quarks is closed, we are now at Paradise Cafe still at the Hilton. 
5:30pm

From str0ke at milw0rm.com  Tue Aug 12 16:04:24 2008
From: str0ke at milw0rm.com (str0ke)
Date: Tue, 12 Aug 2008 11:04:24 -0500
Subject: [VIM] [Fwd: Re: TGS CMS Remote Code Execution Exploit]
Message-ID: <48A1B488.4060705@milw0rm.com>

He is correct, the vulnerability is stopped by the require.

/str0ke
-------------- next part --------------
An embedded message was scrubbed...
From: lcat <lcat at email.dp.ua>
Subject: Re: TGS CMS Remote Code Execution Exploit
Date: Mon, 11 Aug 2008 12:58:44 -0700
Size: 2050
Url: http://www.attrition.org/pipermail/vim/attachments/20080812/eba741da/attachment.eml 

From coley at linus.mitre.org  Tue Aug 19 19:02:30 2008
From: coley at linus.mitre.org (Steven M. Christey)
Date: Tue, 19 Aug 2008 15:02:30 -0400 (EDT)
Subject: [VIM] CyBoards PHP uncertainties (RFI/path traversal)
Message-ID: <Pine.GSO.4.51.0808191501210.22907@faron.mitre.org>


Ref: http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt
     BID:30688
     XF:cyboardsphplite-scriptpath-file-include(44474)

Researcher: C r a C k E r



from one of our analysts:

  The researcher says CyBoards PHP Lite v1.21 from hotscripts.com. It
  is unclear how to download 1.21 from hotscripts.com; apparently only
  1.25 is available. For many of the vectors specified by the
  researcher, the CVE-2006-2871 VIM discussion applies. Specifically,
  if the installation follows the instructions, the include of
  include/config.php is a valid include that defines script_path
  before use. (On the other hand, if the product were simply extracted
  under the web root, it would probably be vulnerable.) Note that,
  although default_header.php RFI was fixed in later versions (see the
  CVE-2007-1983 VIM reference), the code change in question is not
  generally applicable to other files.


- Steve

From str0ke at milw0rm.com  Tue Aug 19 19:07:32 2008
From: str0ke at milw0rm.com (str0ke)
Date: Tue, 19 Aug 2008 14:07:32 -0500
Subject: [VIM] CyBoards PHP uncertainties (RFI/path traversal)
In-Reply-To: <Pine.GSO.4.51.0808191501210.22907@faron.mitre.org>
References: <Pine.GSO.4.51.0808191501210.22907@faron.mitre.org>
Message-ID: <48AB19F4.7050201@milw0rm.com>

  The researcher says CyBoards PHP Lite v1.21 from hotscripts.com. It
  is unclear how to download 1.21 from hotscripts.com; apparently only
  1.25 is available.



You can download 1.21 from

http://www.morpheusweb.it/html/scripts/php/forum/cyboards.zip

/str0ke


From noamr at beyondsecurity.com  Thu Aug 21 16:40:41 2008
From: noamr at beyondsecurity.com (Noam Rathaus)
Date: Thu, 21 Aug 2008 19:40:41 +0300
Subject: [VIM] SCO Security Contact
Message-ID: <200808211940.41382.noamr@beyondsecurity.com>

Hi,

I have been trying to get a hold of someone from SCO security with little 
success, any ideas who I should contact - regarding a vulnerability in their 
OS?

-- 
Noam Rathaus
CTO
noamr at beyondsecurity.com
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

From coley at linus.mitre.org  Thu Aug 21 18:23:48 2008
From: coley at linus.mitre.org (Steven M. Christey)
Date: Thu, 21 Aug 2008 14:23:48 -0400 (EDT)
Subject: [VIM] SCO Security Contact
In-Reply-To: <200808211940.41382.noamr@beyondsecurity.com>
References: <200808211940.41382.noamr@beyondsecurity.com>
Message-ID: <Pine.GSO.4.51.0808211423280.14661@faron.mitre.org>


I'll contact former SCO person Kirk Larsen, now at VMWare, to see if he
knows of anybody.

- Steve

From jkouns at opensecurityfoundation.org  Fri Aug 22 04:41:36 2008
From: jkouns at opensecurityfoundation.org (jkouns)
Date: Fri, 22 Aug 2008 00:41:36 -0400
Subject: [VIM] SCO Security Contact
In-Reply-To: <Pine.GSO.4.51.0808211423280.14661@faron.mitre.org>
References: <200808211940.41382.noamr@beyondsecurity.com>
	<Pine.GSO.4.51.0808211423280.14661@faron.mitre.org>
Message-ID: <48AE4380.1030102@opensecurityfoundation.org>

If you figure it out ...... please update the vendor dictionary! =)

http://osvdb.org/vendor/1/SCO%20Group__%20Inc_

Steven M. Christey wrote:
> I'll contact former SCO person Kirk Larsen, now at VMWare, to see if he
> knows of anybody.
>
> - Steve
>
>
>   

From jericho at attrition.org  Sun Aug 24 10:02:44 2008
From: jericho at attrition.org (security curmudgeon)
Date: Sun, 24 Aug 2008 10:02:44 +0000 (UTC)
Subject: [VIM] Gallery LFI - third party disputed vs vendor
Message-ID: <Pine.LNX.4.64.0808241001410.20108@forced.attrition.org>


CVE-2008-3600

Disclosure and Dispute:
http://archives.neohapsis.com/archives/bugtraq/2008-08/0091.html
http://archives.neohapsis.com/archives/bugtraq/2008-08/0115.html

Vendor:
http://gallery.menalto.com/gallery_1.5.8_released

One security issue was reported to us in private by the Digital Security 
Research Group [DSecRG] who were professional and are waiting until after 
this release to publish their findings.

--

who's right? =)