Xt-News 0.1
---
Vendor site: http://dreaxteam.free.fr/forums/
Product: Xt-News 0.1
Vulnerability: SQL Injection Vulnerability XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 10/12/06
Public disclosure: 22/12/06
Description:
SQL Injection Vulnerability:
Well, Just a warning b4 running the proof of concept... Make sure to close and
save useful stuff. It indeed works on xp sp2 and it will reboot your machiene.
I have to say, This would be trick to exploit another programs messagebox, and
wha joy could you possibly get out of restarting someone
Holy mackerel! Instances of this bug date back to 1999!
Different bug. That appears to be a trivial exhaustion of CSRSS worker threads
through indiscriminate calls to MessageBox+MB_SERVICE_NOTIFICATION, which
causes a DoS as no threads are available to serve kernel-mode requests from
win32k,
rPath Security Advisory: 2006-0234-1
Published: 2006-12-22
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.9-0.1-1
References:
Description
---
There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the
Oracle Portal. The following is one that you may found in any version:
From: Brian Eaton [EMAIL PROTECTED]
To: putosoft softputo [EMAIL PROTECTED]
CC: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
Date: Wed, 20 Dec 2006 13:55:09 -0500
On 12/20/06, putosoft softputo [EMAIL
SQL injection digger is a command line program that looks for SQL
injections and common errors in websites.Current version looks for SQL
injections and common errors in website urls found by performing
a google search.
The use of google search SOAP API has been removed due to no more issuing of