Heh, I every site that i've come across running the e107 portal seems to ask
for admin login before you could use this exploit...Are you sure all
versions are vulnerable? Doesn't even work on my own system without asking
for login.
---
Yes, of course the subject line is silly... but in fact, the vulnerable
combination actually occurs quite often. Still, I'm posting it here not
because it's a very serious flaw, but because I find it amusing and
unique. It's a CPU/BIOS/OS vulnerability, of sorts, and nobody's at fault,
of course.
Artoor,
First off, I ask as a concerned party as I use this software quite a bit
and for the fact that the vendor wasn't contacted before a 'High'
severity issue was release to the wild.
I'm currently unable to reproduce this at all. When I try the exploit
code as provided against e107 (version
hola,
paFileDB 3.1 (http://www.phparena.net) allows arbitrary file-upload and os-command
execution.
(security report attached)
nice day,
mEi
--
WebSec.org / Martin Eiszner
Gurkgasse 49/Top14
1140 Vienna
Austria / EUROPE
[EMAIL PROTECTED]
http://www.websec.org
tel: 0043 699 121772 37
paf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: xpdf
Advisory ID:
Informations :
Advisory Name: e107 website system Vulnerability
Author: hiruvim <[EMAIL PROTECTED]>
Discover by: hiruvim <[EMAIL PROTECTED]>
Website vendor : http://e107.org
Affected System(s): All versions
Severity: High
Platform(s): Windows and Unix
Issue: Security holes enable attackers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| Guardian Digital Security Advisory July 24, 2003 |
| http://www.guardiandigital.comESA-20032407-018 |
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : apache
SUMMARY : Denial of service vulnerabi
--
- EXPL-A-2003-018 exploitlabs.com Advisory 018
--
-= HP Color LaserJet 4550 =-
Donnie Werner
July 22, 2003
http://exploitlabs.com
Prod
I can positively confirm this vulnerability on both WMP 7 and 8 on Windows
98, ME, 2000, XP and 2003. The default Enhanced Security Configuration of IE
on Windows 2003 does nothing to prevent automatically opening certain media
types.
The ASF file can be automatically opened through an IFRAME, bot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: mpg123
Advisory ID:
ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta
Published: 23/07/2003
Released: 23/07/2003
Name: PHP-Gästebuch (http://www.php-gaestebuch.de)
Affected System(s): All versions (?)
Severity: Medium/High
Platform(s): Windows and Unix
Issue: Information disclosure enables atta
Integrigy Security Alert
__
Oracle E-Business Suite AOL/J Setup Test Information Disclosure
July 23, 2003
__
Summary:
The Oracle Applications AOL/J Setup Test
Integrigy Security Alert
__
Oracle E-Business Suite FNDWRR Buffer Overflow
July 23, 2003
__
Summary:
The Oracle Applications FNDWRR CGI program, used to retrie
14 matches
Mail list logo