Dropbear SSH server Denial of Service

Dropbear SSH server Denial of Service Credits: Pablo Fernandez March 7th, 2006 I. BACKGROUND Dropbear is a relatively small SSH 2 server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly us

Cisco PIX embryonic state machine TTL(n-1) DoS

Arhont Ltd - Information Security Arhont Advisory by: Konstantin V. Gavrilenko (http://www.arhont.com) http://www.hackingciscoexposed.com Arhont ref: arh200511-1 Advisory: Cisco PIX embryonic state machine TTL(n-1) DoS Class:

Cisco PIX embryonic state machine 1b data DoS

Arhont Ltd - Information Security Arhont Advisory by: Konstantin V. Gavrilenko (http://www.arhont.com) http://www.hackingciscoexposed.com Arhont ref: arh200601-1 Advisory: Cisco PIX embryonic state machine 1b data DoS Class:

IE iFrame + Sun JVM + JS bug. Exploitable?

We encountered an interesting bug while working on our web interfaces. We posted it to Sun, but we are curious if the security community sees any way to exploit this in more than a DOS sense. This isnt our speciality, that's why we are inquiring here. This is a copy of the post to Sun's bug tr

[eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities

New eVuln Advisory: ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities http://evuln.com/vulns/87/summary.html Summary eVuln ID: EV0087 CVE: CVE-2006-0940 CVE-2006-0941 Software: ShoutLIVE Sowtware's Web Site: http://cynic.x10hosting.com/downloadfile.ph

Multiple vulnerabilities in Alien Arena 2006 GE 5.00

### Luigi Auriemma Application: Alien Arena 2006 Gold Edition http://red.planetarena.org Versions: <= 5.00 Platforms:Windows and Linux Bugs: A] safe_cprintf server form

Loudblog 0.41 SQL Injection, Local file read/include

"Loudblog is a sleek and easy-to-use Content Management System (CMS) for publishing media content on the web." SQL Injection in podcast.php (magic_quotes=off): http://[target]/loudblog/podcast.php?id=1' and '1'='0' union select password,null,null,null,null,null,null,null,null,null,null,null,null

Purple Paper: Exegesis Of Virtual Hosts Hacking

What: Purple paper on discovery and exploitative vhost hacking techniques. Whom (target audience): pentesters. Where: http://public.gnucitizen.org/papers/exegesis.pdf http://www.ikwt.com/projects/exegesis.pdf

Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities

Nick Boyce wrote: > Hmmm. I didn't realise the "Show Images" setting got stored, and I > don't think that's the best strategy from a privacy point of view. It surprised me, too. The threat model was spammers trying to verify live addresses, and in that model loading a webbug multiple times is no w

Cpanel Path Disclosure Vulnerability

Cpanel hsa the vulnerability to discover the path of the files exp: loginto your cpanel account goto fantastico try to install one of the scripts ! exp: 4images if the server set a permission on the /tmp , cpanel tmp files yuo should see this Warning: main(/home/userid/public_html/fantversion.

Re: Various router DoS

I've sent this issue into Linksys referening this post as that I have the problem myself.

IM Lock 2006 - Insecure Registry Permission Vulnerability

Application: IM Lock 2006 Vendor: www.comvigo.com Corporation: Comvigo, Inc. Version: Latest: (2 March 2006) - Home Edition, Enterprise & Professional Description: IM Lock 2006 discloses passwords to local users. Background: === Security Auditing & Management software, IM Lock controls a

Re: SQL injection in Invision Power Board v2.1.5

I've tested this and cannot get SQL to execute. The "s" parameter is run past PHP's intval() which knocks off anything that's not a number. Can you explain how you got this to work?

[SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 987-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff March 7th, 2006

PHP-based CMS mass-exploitation

This is not the first time that we see those kind of "attacks", but on the recent days, I've noticed those requests on my webservers with a considerable frequency: 83.84.14X.XXX - - [06/Mar/2006:18:18:12 -0500] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_conten

phpBannerExchange 2.0 Directory Traversal Vulnerability

-- HYSA-2006-004 h4cky0u.org Advisory 013 -- Date - Tue Mar 07 2006 TITLE: == phpBannerExchange 2.0 Directory Traversal Vulnerability SEVERITY: = High SOFTWARE:

link bank code execution and xss

——– summary software: Link Bank vendors website: http://daverave.64digits.com/index.php?page=linkbank versions: n/a class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: hi

RE: linksys router + irc DoS

Version 5 is the only WRT54G that runs VXWorks (for now) http://www.linksysinfo.org/modules.php?name=Content&pa=showpage&pid=6#table Mine is version 4, so I cannot test this. Daniel Ramírez Valdez, CISSP Neoris / Networking Group Office: 52.81..5442 Mobile: 52.81.8064.4845 mailto: [EMAIL PRO

histhost v1.0.0 xss and possible rmdir

——– summary software: HitHost vendors website: http://daverave.64digits.com/index.php?page=hithost versions: <= 1.0.0 class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: