Hello,
1. you didn't wrote OS specification. It was Win XP or Vista? Which language?
It was fully patched? DEP was turned on? Have you tried on privileged user?
2. Why did you wrote VERY HIGH threat? This is local buffer overflow. Moreover
user has to replace original file. This vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:231
http://www.mandriva.com/security/
___
CSRF can be used to cause denial-of-service attacks against mobile phones by
flooding the phone with SMS and service messages.
Mobile phone service providers in Israel, and throughout the world, provide
a web interface to send SMS messages. Fortunately, they limit the SMS
sending web interface to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory 1409[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
November 22, 2007
Team Vexillium
Security Advisory
http://vexillium.org/
Name : Gadu-Gadu
Class: Buffer Overflow
Threat level : VERY HIGH
Discovered : 2007-11-10
Published: 2007-11-22
Credit : j00ru//vx
Vulnerable : Gadu-Gadu 7.7 [Build 3669], prior versions may also be affect
[HSC]MySpace Scripts - Poll Creator JavaScript Injection Vulnerability
Our MySpace Poll Creator script is the ultimate addition to your MySpace
resource
site. The script enables your user to quickly and easily create a poll that
they
can post to profile or bulletin to all their friends. Ev
Opencosmo Security
http://www.opencosmo.com
http://www.opencosmo.com/news.php?readmore=15
VigileCMS <= 1.8 Stealth Remote Command Execution Exploit
Crediti: The:Paradox
Applicazione: VigileCMS
Versione: 1.8
Impatto: Remote Command Execution
Rischio: [3/5]
Exploit: #!/usr/bin/python
#-*
Do you know what kind of hash the passwords are stored as? Are they salted?
Hello,,
MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection ..
http://sourceforge.net/projects/myblog/
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
Exploit : -
#!/usr/bin/php -q -d short_open_tag=on
Hey, I'm releasing this new paper, not big deal but
interesting.
http://www.argeniss.com/research/Data0.pdf
Abstract:
This paper it's about Data0, a fictitious (or not)
simple PoC of new malware that after it's
deployed on a computer in an internal network it will
automatically hack database ser
"KB-Bestellsystem" is a domain order system written in Perl.
The "domain" and "tld" parameters in "kb_whois.cgi" are not filtering shell
metacharacters.
The following examples will show you the /etc/passwd file:
http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;ca
Hello,,
GetBlog local File inclusion ..
http://sourceforge.net/projects/geblog
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
Exploit : -
tpl/Default/index.php?tplname=../../../../../../../etc/passwd%00
#WwW.SoQoR
ECHO_ADV_85$2007
-
[ECHO_ADV_85$2007] alstrasoft E-Friends <= 4.98 (seid) Multiple Remote SQL
Injection Vulnerabilities
-
Aria-Security Net
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1099
Vendor: http://www.netauctionhelp.com
PoC:
search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=[SQL INJECTION]
search.asp?sort=ni&category=&categoryname=&kwsearch=&nse
Hello,,
Wheatblog (wB) Remote File inclusion ..
tested on 1.1 and older versions are injected
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
Remote File Inclusion
file : includes/sessions.php
line 2 :
code:-
inc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:224-1
http://www.mandriva.com/security/
___
16 matches
Mail list logo