On Jan 2, Blud Clot [EMAIL PROTECTED] wrote:
I noticed this a while ago with netscape 4.x and those versions are
still vulnerable as well. I've never checked 6.x.
I don't think this is a real vulnerability. The function says delete and
not destroy. We all know, that data can be recovered after
#*
# Damage Hacking Group security advisory
# www.dhgroup.org
#*
#Product: EServ/2.97
#Authors: Etype Co. [www.eserv.ru]
#Vulnerable versions: up to v.2.97, may be 2.98
#Not
Informations :
°°
Product : OpenTopic
Website : http://www.infopop.com
Version : 2.3.1
Problem : XSS (script injection) - Cookies recovery
Location/Exploit :
°°
The XSS hole is in the private messages area (
http://[target]/OpenTopic?a=ugtpc ).
XSS to get cookie :
#*
# Damage Hacking Group security advisory
# www.dhgroup.org
#*
#Product: AN HTTPd server
#Authors: [www.st.rim.or.jp]
#Vulnerability: DoS, CSS, 'real patch' attack
#*
# Damage Hacking Group security advisory
# www.dhgroup.org
#*
#Product: WinAmp v.3.0 final (not beta :)) bld #488
#Authors: NullSoft, Inc. [www.winamp.com]
#Vulnerable
#*
# Damage Hacking Group security advisory
# www.dhgroup.org
#*
#Product: CuteFTP client
#Authors: GlobalSCAPE Inc. [www.globalscape.com]
#Vulnerable versions: v.4.*
Daniel Alcántara de la Hoz [EMAIL PROTECTED] writes:
In December 16, 2002 Rapid 7.Inc released a security alert about
vulnerabilities in ssh2 implementations from multiple vendors. We
have used the concept to code this exploit/proof of concept.
It's a fake server to exploit the putty