On Fri, May 12, 2006 at 02:59:17AM +0100, David Litchfield wrote:
How secure is software X?
At least as secure as Vulnerability Assessment Assurance Level P; or Q or
R. Well, that's what I think we should be able to say. What we need is an
open standard, that has been agreed upon by
Dear David
in my opinion a software can either be secure or not secure.
I think it's a bit like a woman cannot be a bit pregnant.
But the protocol you are talking about can be used to tell the secure
from the insecure pieces of software. By applying a test for these rules
against systems,
an admin or whoever succeed to find admin sid is able to launch commands,
advisory/poc exploit:
http://retrogod.altervista.org/phpbb_2020_admin_xpl.html
I politely disagree... if there are no measurements then there can be
no metrics (or is that the other way around? :-) There has to be a
start some place; i.e. in your examples, David's time can be recorded
to the hour, and even the researcher/analyst could have a rating to
compensate for skill
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1057-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 15th, 2006
===
Ubuntu Security Notice USN-274-2 May 15, 2006
mysql-dfsg vulnerability
CVE-2006-0903
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary
There seems to be some confusion in MS Security Bulletin MS06-018,
Vulnerability in Microsoft Distributed Transaction Coordinator.
The bulletin itself
(http://www.microsoft.com/technet/security/bulletin/ms06-018.mspx)
states :
An attacker could cause the Microsoft Distributed
Transaction
Hi y'all,
Quite a while ago I was testing with applets and found
this by accident. It is definitely not a big issue, but worth
to mention, as I discovered that an applet was eating up all the
free space on the harddrive by allocating a large file in
the users hidden temp dir (filename is
On 12 May 2006 [EMAIL PROTECTED] wrote:
(3) inject some php code inside jpeg files as EXIF metadata content:
this, in combinations with third party vulnerable code can be used
to compromise the server where PHP is installed.
Should be enough to check for php code inside the temporary files
:Introduction:
Normally one of the last steps when accessing to a web-server is to find the
url where the web is installed (more common in RFD).
This may be a hard step, if the RPD is the only bug in that server, but PHP
programs have functions that unexpectedly can return lots of errors.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1056-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 15th, 2006
DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop'
Author: Kevin Finisterre
Vendor: http://www.clamav.net
Product: 'ClamAV freshclam'
References:
http://www.digitalmunition.com/DMA[2006-0514a].txt
http://www.markallan.co.uk/clamXav/
Description:
Tomasz Kojm of the ClamAV team
#!/usr/bin/php -q -d short_open_tag=on
?
echo Sugar Suite Open Source = 4.2 \OptimisticLock!\ arbitrary remote
inclusion exploit\r\n;
echo by rgod [EMAIL PROTECTED];
echo site: http://retrogod.altervista.org\r\n\r\n;;
echo this is called the \five claws of Sun-tzu\\r\n\r\n;
if ($argc5) {
Title : Azboard = 1.0 Multiple Sql Injections
Published : 2006.5.14
Author : x90c(#51221;#44221;#51452;)@chollian.net/~jyj9782/
Link : http://user.chol.com/~jyj9782/sec/azboard_advisory.txt
0x01 Summary
Azboard is a web board written in asp (active server pages).
It has a sql injection
Rumors of this bug began spreading on Slashdot and other sites, thanks
to Steve Wiseman of intelliadmin.com who serendipitously discovered it
while writing a VNC client. At first it was only a rumor, as Steve's
site gave scant details and he himself was surprised such a huge hole
could possibly
FYI A security beta has been released on SourceForge
(http://sourceforge.net/projects/phpmyagenda) that addresses this issue.
Regards,
Tyree
==
Secunia Research 15/05/2006
- FilZip unacev2.dll Buffer Overflow Vulnerability -
==
Table of Contents
Affected
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Phishing_Vector_in_SAP_BC.pdf
)
CYBSEC S.A.
www.cybsec.com
Advisory Name: Phishing Vector in SAP BC (Business Connector)
Vulnerability Class: Phishing Vector / Improper
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf
)
CYBSEC S.A.
www.cybsec.com
Advisory Name: Arbitrary File Read/Delete in SAP BC (Business Connector)
Vulnerability Class:
To share information about the new Release Notes document:
this issue has been fixed in version 4.1.2 (Free Edition)
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/download.html
- Juha-Matti
Fabian Becker [EMAIL PROTECTED] wrote on 05/12/2006 03:12:32 PM:
Dear David
in my opinion a software can either be secure or not secure.
I think it's a bit like a woman cannot be a bit pregnant.
But the protocol you are talking about can be used to tell the secure
from the insecure pieces
Summary:
There's an integer overflow present that affects Novell Windows
clients and Novell Netware server and Novell Open Enterprise server.
Impact:
Remote, unauthenticated, super-user privileges.
Affected software:
Novell Netware (All versions)
Novell Open Enterprise Server (All NetWare based
==
Secunia Research 15/05/2006
- Abakt ZIP File Handling Buffer Overflow Vulnerability -
==
Table of Contents
Affected
===
Ubuntu Security Notice USN-284-1 May 15, 2006
quagga vulnerabilities
CVE-2006-2223, CVE-2006-2224, CVE-2006-2276
===
A security issue affects the following Ubuntu
// Confixx 3.1.2 = Code Injection //
-
[~] Advisory by: LoK-Crew
[-] Exploit: http://www.example.com/ftplogin/?login=;[XSS]div style=
[-] Googledork: inurl:confixx inurl:login|anmeldung
[+] Greetz to: Bluegeek
[+] Visit:
Title : YapBB = 1.2 Beta2 'find.php' SQL Injection Vulnerability
--
Author : x90c(Kyong Joo, Jung)
Published : 2006.5.16
E-mail : geinblues [at] gmail.com
Site : http://www.chollian.net/~jyj9782
--
0x01
#!/usr/bin/perl
use IO::Socket;
print q{
#
# DeluxeBB 1.06 Remote SQL Injection Exploit#
# exploit discovered and coded#
# by KingOfSka #
# http://contropotere.netsons.org #
Also available in Metasploit framework:
http://metasploit.com/projects/Framework/modules/exploits/freesshd_key_exchange.pm
david maciejak
Hi all,
Attachment is the POC exploit for freeSSHd version
1.0.9
Advisories:
http://www.securityfocus.com/bid/17958
Hello Nick and people on the list
I have seen 2 servers last month which have been
hacked and actively used to scan TCP 3372 on foreign
IPs
There were servers which had port 3372 accessible
(a firewall rule misconfiguration was making TCP ports
3000 accessible on the Internet)
I was not able
29 matches
Mail list logo