-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:015
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:014
http://www.mandriva.com/security/
___
[+] Info:
[~] Software: Gradman <= 0.1.3
[~] HomePage: http://gradman.xe1ido.com.mx/
[~] Exploit: Local File Inclusion [High]
[~] Where: agregar_info.php?tabla=
[~] Bug Found By: Jose Luis Góngora Fernández | JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.c
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
===
Author: Janek Vind "waraxe"
Independent discovery: koziolek
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-61.html
For those of you logging ISA (or whatever) to SQL, you'll have no doubt
noted that the source and destination IP's are logged as long integers,
and not dot notation. While this is great for anyone using geo-ip data
for reporting (as in using "between" logic in your queries) it's not
human readabl
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10
===
Author: Janek Vind "waraxe"
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-62.html
Target software description:
3 191A4 E9+ jmp loc_405FFF
This will continue until heap chunks are overwritten at the users
control, which can be exploited to overwrite memory and further lead to
arbitrary code execution.
-- Vendor Response:
http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml
-- Disclosure
I've updated the HoG site to include Country-by-country sets for ISA
2004 for those still using that version of the product.
http://hammerofgod.com/download/ISASets2004/
Thanks.
t
###
Luigi Auriemma
Applications: BitTorrent and uTorrent
http://www.bittorrent.com
http://www.utorrent.com
Versions: BitTorrent <= 6.0 (build 5535)
uTorr
Author: BLaSTER a.K.a Gokhan
Title: mcGuestbook v1.2 Remote File Inc.
Download: http://www.hotscripts.com/jump.php?listing_id=13439&jump_type=1
Contact: [EMAIL PROTECTED]
ecrire.php
--
include "$lang"; > RFI
--
Exploit Code:
---
site/path
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager CTL
Provider Heap Overflow
Document ID: 100345
Advisory ID: cisco-sa-20080116-cucmctl
http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml
Revision 1.0
For Public
iDefense Security Advisory 01.15.08
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 15, 2008
I. BACKGROUND
Quicktime is Apple's media player product, and is used to render video
and other media. For more information visit the vendor's web site at
the following URL.
http://www.apple.c
Aria-Security Team,
http://Aria-Security.net
---
Shout Outs:
Vendor: http://www.site2nite.com/
Google Search: Website Development Provided By: Site2Nite
Username: anything' OR 'x'='x
Password: anything' OR 'x'='x
Regards,
The-0utl4w
Credits Goes To Aria-Se
8e6 Technologies R3000 Internet Filter Bypass by Request Split
Product:
8e6 Technologies R3000 Internet Filter
http://www.8e6.com/network-security/internet-filtering/internet-filtering.html
The HTTP URL filtering function provided by the 8e6 Technologies R3000 Internet
Filter can be bypas
TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/TPTI-08-01.html
January 15, 2008
-- CVE ID:
CVE-2008-0033
-- Affected Vendor:
Apple
-- Affected Products:
QuickTime Player 7.3
QuickTime PictureViewer 7.3
-- Vulnerabi
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-002
Application:aria-0.99-6 (Web based ERP)
Versions Affected: aria-0.99-6
Vendor URL: http://www.tucows.net/
Bug:Local File Include
Exploits:
rPath Security Advisory: 2008-0017-1
Published: 2008-01-15
Products:
rPath Appliance Platform Linux Service 1
rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect Deterministic Denial of Service
Updated Versions:
[EMAIL PROTECTED]:1/2.6.22-1.2-1
rPath Issue Tracking
rPath Security Advisory: 2008-0016-1
Published: 2008-01-15
Products:
rPath Linux 1
Rating: Minor
Exposure Level Classification:
Remote Deterministic Privilege Escalation
Updated Versions:
[EMAIL PROTECTED]:1/8.1.11-0.1-1
[EMAIL PROTECTED]:1/8.1.11-0.1-1
rPath Issue Tracking System
Aria-Security Team
http://Aria-Security.Net
---
Vendor: http://cPanel.com
cPanel Hosting Manager (dohtaccess.html) Cross-Site SCripting
Vulnerable File: /cpanelpro/dohtaccess.html
Use the information Below:
Url to redirect leech users to: ">alert('Discovered B
rPath Security Advisory: 2008-0015-1
Published: 2008-01-15
Products:
rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
[EMAIL PROTECTED]:1/1.0.2-1.4-1
rPath Issue Tracking System:
https://issues.rpath.com/b
[+] Info:
[~] Software: RichStrong CMS
[~] HomePage: http://www.hzrich.cn
[~] Exploit: Remote Sql Injection [High]
[~] Where: showproduct.asp?cat=
[~] Bug Found By: Jose Luis Góngora Fernández|JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[~] Dork: "P
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-003
Application:Blogcms
Versions Affected: Blogcms 4.2.1b
Vendor URL: http://blogcms.com/
Bugs: SQL Injestions, SiXSS, XSS
Exploits:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1464-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2008
Just to add to what has already passed, Security Focus has put up this
article regarding this issue.
http://www.securityfocus.com/news/11501
ys
On 13/01/2008, crazy frog crazy frog <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Recently on opening one of my site,my antivirus pops up saying that it
> has fo
Dear Jos?e M. Palazon Romero,
This approach is not new, it was demonstrated by ShAnKaR
against Simple Machines Forum 1.1.2 in June,
2007.
See:
http://securityvulns.ru/Rdocument271.html (in Russian)
http://securityvulns.ru/files/capcha.pl (Exploit code)
http://www.securityfocus.co
25 matches
Mail list logo