***
# Title : Estate Agent Manager = v1.3 (default.asp) Remote Login ByPass SQL
Injection Vulnerability
# Author : ajann
***
Example:
vendor site: http://products.kaonsoftwares.com/
product: mega-mall
bug:injection sql full path disclosure
language: asp
risk: high
injection sql (get):
http://site.com/mega-mall/product_review.php?t=[sql]
http://site.com/mega-mall/product_review.php?t=0productId=[sql]
MyStats =1.0.8 [injection sql, multiples xss, array full path disclosure]
vendor site: http://emcity.nexenservices.com/mystats/index.php
product :MyStats 1.0.8
bug: injection sql, multiples xss, array full path disclosure
risk : medium
[1/3] Connexion Variable XSS
Exploits:
+
+
+ PHPKit 1.6.1 RC2
+
+ Original advisory:
+ http://www.bb-pcsecurity.de/
+
+
+
+ Affected Software .: PHPKit 1.6.1 RC2
+ Venedor ...:
# TOPSTORY BASIC Version 1.0 = Remote File Include Vulnerability
# Script.. :TOPSTORY
# Discovered By : rUnViRuS
# Class.. : Remote
# Original Advisory : http://sec-area.com
#
# file :- index.php
# bug Code :- include($tst[headerfile]);
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1209-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 12th, 2006
==
# Exophpdesk V1.2 - Remote File Include by Firewall
# Application Affect:
Exophpdesk V1.2
# Sorce Code:
WordPress Remote File Inclusion
Download:http://wordpress.org/latest.zip
Found by _ANtrAX_ http://foro.c-group.org
~~~
Vulnerable Code:
{
global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query,
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue
Details
===
Product: ShopSystems
Affected Version: = 4.0
Immune Version: none
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.shopsystems.biz
Vendor-Status: informed
Advisory-Status: published
Credits
#!/usr/bin/perl
#[Script Name: phpManta - Mdoc = 1.0.2 (view-sourcecode.php) Local File
Include Exploit
#[Coded by : ajann
#[Author : ajann
#[Contact: :(
use IO::Socket;
use LWP::Simple;
@apache=(
../../../../../var/log/httpd/access_log,
../../../../../var/log/httpd/error_log,
***
# Title : UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability
# Author : ajann
***
###http://[target]/[path]//detail.asp?ID=[SQL]
From:Filistin,Lubnan,IraQ,Turkey
#!/usr/bin/perl
#[Script Name: NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit
#[Coded by : ajann
#[Author : ajann
#[Contact: :(
use IO::Socket;
if(@ARGV 3){
print
From:Filistin,Lubnan,IraQ,Turkey
NuRems 1.0 Remote XSS/SQL Injection Exploit
XSS:
form name=RequestForm action=http://x/sch1.asp; method=POST
select name=stcode size=10
option value=XSS HEREAlabama
/select
td align=center
INPUT TYPE=submit VALUE=Show cities...
/form
/XSS
SQL:
On 11/7/06, Raphael Marichez [EMAIL PROTECTED] wrote:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
***
# Title : NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability
# Author : ajann
From:Filistin,Lubnan,IraQ,Turkey
***
Anyone look at the posted fix to this vulnerability yet? From the
http://chxo.com/software/feedsplitter/ website:
Sep 19, 2006:
Mandatory Upgrade: Feedsplitter 2006-09-19
Mandatory upgrade. This fixes the issues articulated in this post. I'm
sorry this took so long to fix, the author
#From:Filistin,Lubnan,IraQ,Turkey
#!/usr/bin/perl
#[Script Name: NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit
#[Coded by : ajann
#[Author : ajann
#[Contact: :(
use IO::Socket;
if(@ARGV 3){
print
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1208-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 11th, 2006
Vulnerability Type: XSS in Email Signature Script
Download Page: http://www.liquism.com/downloads/email/
Exploit: type the following in the filed or submit it as _POST using javascript
http request.
scriptalert(1);/script
Regards
milado
vendor site: http://www.ecommercemax.com/
product : infinicart
bug: multiples injection sql xss
language : asp
risk : high
injection sql (get):
/infinicart-demo/browse_group.asp?groupid=[sql]
/infinicart-demo/added_to_cart.asp?productid=[sql]
/infinicart-demo/browsesubcat.asp?catid=[sql]
#!/usr/bin/perl
##
# shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit
#
# Bug iN shambo2.php [include($mosConfig_absolute_path .
'/components/com_shambo2/define.php');]
#
# you can test it on http://www.kittycleveland.com/site/
#
# Bug Found coded By Crackers_Child
##
# [EMAIL
This issue has been resolved in ALL current Netquery downloads at
http://virtech.org/tools/ and, for those who downloaded prior to November 11,
2006, a patch is available at the same location. The following information is
from the README.txt file included in the patch:
This patch for
Software:Web based bibliography management system
Download link: http://sourceforge.net/projects/aigaion/
script:_basicfunctions.php
author: navairum
# VBulletin DoS Exploit by www.h4x0r.ir
#
# The exploit was tested on 15 machines And 13 of them got Crashed. 98% Works
;)
#
# important = Image Verification in (search.php) is NOT Enabled.
# It works on 3.6.3 and prior [all] !
#
#Perl Script
use Socket;
if (@ARGV 2) { usage; }
The initial reverse engineering of Vascos Digipass Go3 algorithm follows in
C++.
I think this implementation is a rough approximation, if we take some
limitations about 2006 and the calculations made into account. Or I'm just
joking
:)
This generator was able to predict an otp collision,
==
# Phpjobscheduler 3.0 - Multiple Remote File Include by Firewall
# Application Affect:
phpjobscheduler 3.0
# Source Code:
==
# Phpdebug 1.1.0 - Remote File Include by Firewall
# Application Affect:
Phpdebug 1.1.0
# Source Code:
ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow
http://www.zerodayinitiative.com/advisories/ZDI-06-038.html
November 9, 2006
-- CVE ID:
CVE-2006-5821
-- Affected Vendor:
Citrix
-- Affected Products:
Citrix MetaFrame XP 1.0
Citrix MetaFrame XP 2.0
Citrix MetaFrame
***
# Title : UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability
# Author : ajann
***
Admin Panel=
***
# Title : Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection
Vulnerability
# Author : ajann
***
Products::
ASP Scripter
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/cpanel.txt
#---
#Software: CPanel
#Tested On CPanel 10
#CPanel file Manager:
#PoC:
For historical purposes only (everything should compile/run fine). An
TGZ archive is attached to this email, and a mirror is available on my
website : http://nicob.net/mirrors/sap_sploits.tgz
o testing users and passwords with RfcOpenEx (account locking bypass) :
- allow networked attack on SAP
***
# Title : Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection
Vulnerability
# Author : ajann
***
Example:
Hi,
Very old news, http://www.securiteam.com/windowsntfocus/5QP0R156AC.html,
apparently it was never patched by the vendor.
On Friday 10 November 2006 18:57, [EMAIL PROTECTED] wrote:
-=[ADVISORY---]=-
Essentia Web Server V 2.15
Perl Script Decode:
#!/usr/bin/perl
#AspPortal Password Decrypter
#Get pass exploit.asp and this copy this window
#Speical Thanks To::: Nukedx ,For ASPPORTAL Decrypter
#ajann
if(@1 = 1) { exploit(); }
sub decrypt ()
{
$lp = length($appass);
$apkey =
***
# Title : UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability
# Author : ajann
# Dork : UPublisher
***
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1209-2[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 12th, 2006
Hi,
I'm pleased to announce the availability of SinFP 2.04, which now can
run under Windows ActivePerl.
SinFP is a new approach to active and passive OS fingerprinting, you can
know more about its features here:
http://www.gomor.org/sinfp
SinFP has now more than 130 signatures in its
There are many challenges that web application security scanners face that are
widely known within the industry however may not be so obvious to someone
evaluating a product. For starters if you think you can just download, install,
and run a product against any site and get a report outlining
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/directadmin.txt
#---
#Software: DirectAdmin V1.28.1
#DirectAdmin level used : Admin
-
Fedora Legacy Update Advisory
Synopsis: Updated gzip package fixes security issues
Advisory ID: FLSA:211760
Issue date:2006-11-13
Product: Red Hat Linux, Fedora Core
Keywords:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- - ---
VMware Security Advisory
Advisory ID: VMSA-2006-0006
Synopsis: VMware ESX Server 2.5.3 Upgrade Patch 4
Patch URL:
um ... doesn't that make it a *remote* privilege escalation ?
in a certain way... you're right... although that requires the user
complicity, strictly speaking, you're right.
The guy who would manage to remotely root a box with that vulnerability would
be really good. The real serious risk is
Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS
Vulnerability
iDefense Security Advisory 11.08.06
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 08, 2006
I. BACKGROUND
Citrix Presentation Server is a product designed to allow remote access to
applications over a
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- - ---
VMware Security Advisory
Advisory ID: VMSA-2006-0007
Synopsis: VMware ESX Server 2.1.3 Upgrade Patch 2
Patch URL:
Title : MiniBB Forum = 2 Remote File Include (index.php)
###
Discovered By ThE-LoRd-Of-CrAcKiNg {MeHdi}
Sorce Code:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- - ---
VMware Security Advisory
Advisory ID: VMSA-2006-0005
Synopsis: VMware ESX Server 2.5.4 Upgrade Patch 1
Patch URL:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- - ---
VMware Security Advisory
Advisory ID: VMSA-2006-0009
Synopsis: VMware ESX Server 3.0.0 AMD fxsave/restore issue
Knowledge base
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- - ---
VMware Security Advisory
Advisory ID: VMSA-2006-0008
Synopsis: VMware ESX Server 2.0.2 Upgrade Patch 2
Patch URL:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- wp-include/functions.php line:2166 --
function load_template($file) {
global $posts, $post, $wp_did_header, $wp_did_template_redirect,
$wp_query,
$wp_rewrite, $wpdb;
extract($wp_query-query_vars);
require_once($file);
}
52 matches
Mail list logo