Re: [Full-disclosure] simplog 0.9.3.2 SQL injection

Javor, It seems rgod found this vulnerability back in April of 2006. http://www.milw0rm.com/exploits/1663 ii) http://[target]/[path]/index.php?blogid=[sql] http://[target]/[path]/archive.php?blogid=[sql] http://[target]/[path]/archive.php?m=[sql]

Re: [Full-disclosure] simplog 0.9.3.2 SQL injection

str0ke , looks like i reinvented the wheel :-)) . i didn't make any research. a friend of mine installed the latest version of this software and voila... str0ke wrote: Javor, It seems rgod found this vulnerability back in April of 2006. http://www.milw0rm.com/exploits/1663 ii)

FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution

Synopsis: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution Product: FreeRadius Version: =1.1.3 Issue: == A critical security vulnerability has been found in FreeRadius 1.1.3. Arbitrary code execution is possible due to improper bounds-checking.

lblog Remote Password Disclosure

#Aria-Security Team #Happy New Year!! #Aria-Security.com For English #Aria-Security.net For Parsi #Discovered: Aria-Security Team #Vendor: http://www.lblog.dk/ #Risk: Low #Type:Remote Database Download #PoC: # #http://TARGET/path/admin/db/newFolder/ THEN DOWNLOAD THE

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

This one time, at band camp, Chad Maron [EMAIL PROTECTED] wrote: As far as I'm concerned, PHP is one of the better languages out there it's just that lazy and incompetent pseudo-developers get their hands on tutorial code and copy-paste it into oblivion. agreed, however PHP core

Openforum Remote password Disclosure

#Aria-Security Team #Happy New Year!! #Aria-Security.com For English #Aria-Security.net For Parsi #Discovered: Aria-Security Team #Vendor: http://www.2enetworx.com/dev/projects/openforum.asp #Risk: Low #Type:Remote (Password Disclosure) #PoC: # #http://TARGET/path/openforum.mdb # #Contact: [EMAIL

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

In some mail from Jim Harrison, sie said: ..and similar statements can be made for Basic (pickyourflavor) as well. This argument proves my point that there is no such thing as a truly secure language; it's entirely dependent on the dev skills. I disagree. But then the above could be taken

AspBB Remote Password Disclosure

#Aria-Security Team #Happy New Year!! #Aria-Security.com For English #Aria-Security.net For Parsi #Discovered By: Aria-Security Team #Vendor: http://www.aspbb.org/ #Risk: Low #Type:Remote Password Disclosure #PoC: # #http://TARGET/PATH/db/aspbb.mdb #Contact: [EMAIL PROTECTED]

Re: PHP as a secure language? PHP worms?

Nobody has seen fit to point this out but there *are* secure languages. In general these languages have limited feature sets or, at least in the case of java, explicit sandbox features intended to stop bad things happenning. Groups of monks competing for an abacus are probably unable to read

RE: PHP as a secure language? PHP worms? [was: Re: new linux malware]

No; this wasn't flame-bait, although I'd be silly not to expect some. Let me make my position clear; the goals of secure coding and secure languages are both grand and well worth the time spent. There are two primary factors which make this an impossible task: 1. secure is moving, contextual

RE: PHP as a secure language? PHP worms?

Actually, that's my point. By definition, such a language would prevent any insecure coding. Simply making it difficult only increases the security index (new rating system?); it does not make the language secure. -Original Message- From: Duncan Simpson [mailto:[EMAIL PROTECTED] Sent:

Windows Vista 64bits and unexported kernel symbols

Hello, This article is talking about Windows Vista 64bits and its system structures which are proteged against rootkit. I also explain how these structures can be authentified without Pathguard. http://www.msuiche.net/papers/Windows_Vista_64bits_and_unexported_kernel_symbols.pdf Happy New Year

[ MDKSA-2007:001 ] - Update libmodplug packages fix buffer overflow vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:001 http://www.mandriva.com/security/

Nuked Klan = 1.7 Remote Cookie Disclosure Exploit

[-] Nuked Klan = 1.7 Remote Cookie Disclosure Exploit [-] Vendor : www.nuked-klan.org/ [-] Found by NeoSSJ Kad' [-] Full disclosure on 31 December 2006 [-] Notice : you only have to create a *.swf file, and you put on :

rPSA-2006-0234-2 firefox thunderbird

rPath Security Advisory: 2006-0234-2 Published: 2006-12-22 Updated: 2007-01-02 Added thunderbird to advisory Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: firefox=/[EMAIL

Windows NT Message Compiler 1.00.5239 arbitrary code execution

Synopsis: Windows NT Message Compiler 1.00.5239 arbitrary code execution Product: Microsoft Windows XP Issue: == A critical security vulnerability has been found in Windows NT Message Compiler. Arbitrary code execution might be possible (local exploitation possible only). Details:

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

In some mail from Jim Harrison, sie said: No; this wasn't flame-bait, although I'd be silly not to expect some. Let me make my position clear; the goals of secure coding and secure languages are both grand and well worth the time spent. There are two primary factors which make this an

[ MDKSA-2007:002 ] - Updated kernel packages fix multiple vulnerabilities and bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:002 http://www.mandriva.com/security/

Re: SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit

Thank you for your report. We will address this in a future version of FileUp. As you can expect, we do not recommend that our customers install the product samples and documentation on a production server. Regards, -David Wihl CEO