SQL injection digger is a command line program that looks for SQL
injections and common errors in websites.Current version looks for SQL
injections and common errors in website urls found by performing
a google search.
The use of google search SOAP API has been removed due to no more issuing of
Well, Just a warning b4 running the proof of concept... Make sure to close and
save useful stuff. It indeed works on xp sp2 and it will reboot your machiene.
I have to say, This would be trick to exploit another programs messagebox, and
wha joy could you possibly get out of restarting someone co
From: "Brian Eaton" <[EMAIL PROTECTED]>
To: "putosoft softputo" <[EMAIL PROTECTED]>
CC: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
Date: Wed, 20 Dec 2006 13:55:09 -0500
On 12/20/06, putosoft softputo <[E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0074
Package names: kernel, proftpd
Summary: Multiple vulnerabilities
Date: 2006-12-22
Affected versio
Dear List
JML> Severity score of the issue is 2.3, i.e. "Low":
JML>
http://nvd.nist.gov/cvss.cfm?name=CVE-2006-6077&vector=%28AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N%29
Somebody should learn how to use CVSS. The person rated
"Confidentiality impact" partially, NO Integrity impact, NO Impact value
weig
Description
---
There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the
Oracle Portal. The following is one that you may found in any version:
http:///webapp/jsp/container_tabs.jsp?tc=null%20=%20null;alert('Hello!');window.open('http://www.oracle.com/?fix_security
rPath Security Advisory: 2006-0234-1
Published: 2006-12-22
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.9-0.1-1
References:
http://www.cve.mitre.org/cgi-
Xt-News 0.1
---
Vendor site: http://dreaxteam.free.fr/forums/
Product: Xt-News 0.1
Vulnerability: SQL Injection Vulnerability & XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 10/12/06
Public disclosure: 22/12/06
Description:
SQL Injection Vulnerability:
http://[victim]/[script_n
> Holy mackerel! Instances of this bug date back to 1999!
Different bug. That appears to be a trivial exhaustion of CSRSS worker threads
through indiscriminate calls to MessageBox+MB_SERVICE_NOTIFICATION, which
causes a DoS as no threads are available to serve kernel-mode requests from
win32k,