SQID v0.2 - SQL Injection Digger.

SQL injection digger is a command line program that looks for SQL injections and common errors in websites.Current version looks for SQL injections and common errors in website urls found by performing a google search. The use of google search SOAP API has been removed due to no more issuing of

Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day

Well, Just a warning b4 running the proof of concept... Make sure to close and save useful stuff. It indeed works on xp sp2 and it will reboot your machiene. I have to say, This would be trick to exploit another programs messagebox, and wha joy could you possibly get out of restarting someone co

Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting

From: "Brian Eaton" <[EMAIL PROTECTED]> To: "putosoft softputo" <[EMAIL PROTECTED]> CC: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting Date: Wed, 20 Dec 2006 13:55:09 -0500 On 12/20/06, putosoft softputo <[E

TSLSA-2006-0074 - multi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2006-0074 Package names: kernel, proftpd Summary: Multiple vulnerabilities Date: 2006-12-22 Affected versio

Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip

Dear List JML> Severity score of the issue is 2.3, i.e. "Low": JML> http://nvd.nist.gov/cvss.cfm?name=CVE-2006-6077&vector=%28AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N%29 Somebody should learn how to use CVSS. The person rated "Confidentiality impact" partially, NO Integrity impact, NO Impact value weig

Oracle Applications/Portal 9i/10g Cross Site Scripting

Description --- There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the Oracle Portal. The following is one that you may found in any version: http:///webapp/jsp/container_tabs.jsp?tc=null%20=%20null;alert('Hello!');window.open('http://www.oracle.com/?fix_security

rPSA-2006-0234-1 firefox

rPath Security Advisory: 2006-0234-1 Published: 2006-12-22 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.9-0.1-1 References: http://www.cve.mitre.org/cgi-

Xt-News 0.1 : SQL Injection Vulnerability & XSS

Xt-News 0.1 --- Vendor site: http://dreaxteam.free.fr/forums/ Product: Xt-News 0.1 Vulnerability: SQL Injection Vulnerability & XSS Credits: Mr_KaLiMaN Reported to Vendor: 10/12/06 Public disclosure: 22/12/06 Description: SQL Injection Vulnerability: http://[victim]/[script_n

RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day

> Holy mackerel! Instances of this bug date back to 1999! Different bug. That appears to be a trivial exhaustion of CSRSS worker threads through indiscriminate calls to MessageBox+MB_SERVICE_NOTIFICATION, which causes a DoS as no threads are available to serve kernel-mode requests from win32k,