Javor,
It seems rgod found this vulnerability back in April of 2006.
http://www.milw0rm.com/exploits/1663
ii)
http://[target]/[path]/index.php?blogid=[sql]
http://[target]/[path]/archive.php?blogid=[sql]
http://[target]/[path]/archive.php?m=[sql]
str0ke ,
looks like i reinvented the wheel :-)) . i didn't make any research. a
friend of mine installed the latest version of this software and voila...
str0ke wrote:
Javor,
It seems rgod found this vulnerability back in April of 2006.
http://www.milw0rm.com/exploits/1663
ii)
Synopsis:
FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution
Product: FreeRadius
Version: =1.1.3
Issue:
==
A critical security vulnerability has been found in FreeRadius 1.1.3.
Arbitrary code execution is possible due to improper bounds-checking.
#Aria-Security Team
#Happy New Year!!
#Aria-Security.com For English
#Aria-Security.net For Parsi
#Discovered: Aria-Security Team
#Vendor: http://www.lblog.dk/
#Risk: Low
#Type:Remote Database Download
#PoC:
#
#http://TARGET/path/admin/db/newFolder/ THEN
DOWNLOAD THE
This one time, at band camp, Chad Maron [EMAIL PROTECTED] wrote:
As far as I'm concerned, PHP is one of the better languages out there it's
just that lazy and incompetent pseudo-developers get their hands on tutorial
code and copy-paste it into oblivion.
agreed, however PHP core
#Aria-Security Team
#Happy New Year!!
#Aria-Security.com For English
#Aria-Security.net For Parsi
#Discovered: Aria-Security Team
#Vendor: http://www.2enetworx.com/dev/projects/openforum.asp
#Risk: Low
#Type:Remote (Password Disclosure)
#PoC:
#
#http://TARGET/path/openforum.mdb
#
#Contact: [EMAIL
In some mail from Jim Harrison, sie said:
..and similar statements can be made for Basic (pickyourflavor) as well.
This argument proves my point that there is no such thing as a truly
secure language; it's entirely dependent on the dev skills.
I disagree. But then the above could be taken
#Aria-Security Team
#Happy New Year!!
#Aria-Security.com For English
#Aria-Security.net For Parsi
#Discovered By: Aria-Security Team
#Vendor: http://www.aspbb.org/
#Risk: Low
#Type:Remote Password Disclosure
#PoC:
#
#http://TARGET/PATH/db/aspbb.mdb
#Contact: [EMAIL PROTECTED]
Nobody has seen fit to point this out but there *are* secure languages. In
general
these languages have limited feature sets or, at least in the case of java,
explicit sandbox
features intended to stop bad things happenning. Groups of monks competing for
an abacus
are probably unable to read
No; this wasn't flame-bait, although I'd be silly not to expect some.
Let me make my position clear; the goals of secure coding and secure
languages are both grand and well worth the time spent.
There are two primary factors which make this an impossible task:
1. secure is moving, contextual
Actually, that's my point.
By definition, such a language would prevent any insecure coding.
Simply making it difficult only increases the security index (new
rating system?); it does not make the language secure.
-Original Message-
From: Duncan Simpson [mailto:[EMAIL PROTECTED]
Sent:
Hello,
This article is talking about Windows Vista 64bits and its system structures
which are proteged against rootkit. I also explain how these structures can
be authentified without Pathguard.
http://www.msuiche.net/papers/Windows_Vista_64bits_and_unexported_kernel_symbols.pdf
Happy New Year
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:001
http://www.mandriva.com/security/
[-] Nuked Klan = 1.7 Remote Cookie Disclosure Exploit
[-] Vendor : www.nuked-klan.org/
[-] Found by NeoSSJ Kad'
[-] Full disclosure on 31 December 2006
[-] Notice :
you only have to create a *.swf file, and you put on :
rPath Security Advisory: 2006-0234-2
Published: 2006-12-22
Updated:
2007-01-02 Added thunderbird to advisory
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
firefox=/[EMAIL
Synopsis: Windows NT Message Compiler 1.00.5239 arbitrary code execution
Product: Microsoft Windows XP
Issue:
==
A critical security vulnerability has been found in Windows NT Message Compiler.
Arbitrary code execution might be possible (local exploitation possible only).
Details:
In some mail from Jim Harrison, sie said:
No; this wasn't flame-bait, although I'd be silly not to expect some.
Let me make my position clear; the goals of secure coding and secure
languages are both grand and well worth the time spent.
There are two primary factors which make this an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:002
http://www.mandriva.com/security/
Thank you for your report. We will address this in a future version of FileUp.
As you can expect, we do not recommend that our customers install the product
samples and documentation on a production server.
Regards,
-David Wihl
CEO
19 matches
Mail list logo