# UniversalFtp Server 1.0.44 Multiple Remote #Denial of service
#
[EMAIL PROTECTED] : This bug has been found with a brain , ten fingers, a
keyboard , and a laptop , one of my best Tool i ever tryed. Stay tuned for more
tools hint .
#
#
# Réponse: 226 Completed...
# Statut: List
ID : DOINGSOFT-2008-02-11-002
Discovered : 15/10/2007
Corrected : not knowned, vendors did not response to mail since
Decembre 2007
Publication :11/02/2008
Credits : Ha.ckers.fr Team
Affected Software : IPDiva VPNSSL
Versions :
* 2.2 branch < 2.2.8.84
* 2.3 branch < 2.3.2.14
V
There's allready an advisory for : Universalftp
http://milw0rm.com/exploits/2787
But there's a couple mores CMD FTP vulnerable added to this one .
Regards
PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability
download http://sourceforge.net/projects/plutostatus/
author muuratsalo
contactmuuratsalo[at]gmail.com
exploit
http://localhost/locator/index.php?page=../../../../../../../../../../etc/passwd%00
#Rosoft Media Player 4.1.8 Buffer Overflow (.M3U)
#
# @nolife : Pow...Pow ..If you are kind i'll show my set of supers mega Tools,
fuzzers ,and all the automated stuff i use For M3U/ASX/PLS Pow..Pow ...
# Nolifing is act
ID : DOINGSOFT-2008-02-11-001
Discovered : 15/10/2007
-
Corrected : 15/11/2007
Publication :11/02/2008
Affected Software : IPDiva VPNSSL
Versions :
Users who autenticate with login et passwd without OTP systems
* 2.2 branch < 2.2.8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-08:04.ipsec Security Advisory
The FreeBSD Project
Topic: I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-08:03.sendfile Security Advisory
The FreeBSD Project
Topic: s
Secure Network - Security Research Advisory
Vuln name: Philips VOIP841 Multiple Vulnerabilities
Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web
Server Version 1.5 (simple httpd)
Systems not affected: n/a
Severity: High
Local/Remote: Remote
Vendor URL: http://w
Affects: Joomla 1.0.13 - 1.0.14
Vulnerability: (remote) PHP file inclusion possible if old
configuration.php
Date: 14-feb-2008
Introduction:
Remote PHP file inclusion is possible when RG_EMULATION is not defined
in
configuration.php. This is typical when upgrading from an older version,
leaving
===
Ubuntu Security Notice USN-578-1 February 14, 2008
linux-source-2.6.15 vulnerabilities
CVE-2006-6058, CVE-2006-7229, CVE-2007-4133, CVE-2007-4997,
CVE-2007-5093, CVE-2007-5500, CVE-2007-6063, CVE-2007-6151,
CVE-2007-6206, CVE-200
Disclaimer:
This is not the first time this issue has been discussed. Andreas
Steinmetz posted about the problem for an Apache httpd release in 2003.
http://www.securityfocus.com/archive/1/339138
http://www.securityfocus.com/bid/8707
Philipp Krammer reported that he notifed the vendor over fiv
Homepage: http://www.etomite.com/
Tested Version: 0.6.1 Final
Exploit:http://localhost/etomite0614/index.php/%22%3E%3Cscript%3Ealert(%22test%22)%3C/script%3E/fill
This is a flaw because $_SERVER['PHP_INFO'] is being trusted.
$_SERVER['PHP_INFO'] will contain this value when the exploit url is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200802-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Basically a dup of http://packetstormsecurity.org/0608-exploits/vwar150multi.txt
On Wed, Feb 13, 2008 at 10:50:53AM -, [EMAIL PROTECTED] wrote:
> Vendor : Www.Vwar.De
> Credits : Pouya_Server
> Vuln. Ver : v1.5.0
> Http://pouya-server.blogfa.com
> [EMAIL PROTECTED]
> -
artmedic weblog multiple local file inclusion vulnerabilities
download http://artmedic-phpscripts.de/index.php?did=artmedic_weblog.zip
author muuratsalo
contactmuuratsalo[at]gmail.com
exploits
http://localhost/artmedic_weblog/index.php?ta=../../../../../../../../../../etc/passwd%00
htt
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-011 | FIX
INFORMATION
Application:Astrosoft HelpDesk
Versions Affected: < 1.95.228
Vendor URL: http://astrosoft.ru/
Bugs: Multiple XSS Injections
Exp
__FBSDID("$FreeBSD: src/usr.bin/elfdump/elfdump.c, v 1.12.8.2 2006/01/28
18:40:55 marcel Exp $");
--
+ EVIL ELF GENERATOR FOR ELFDUMP - [EMAIL PROTECTED]
+ David Reguera Garcia - INTECO-CERT
---
JSPWiki Multiple Vulnerabilities
Vendor:
Janne Jalkanen JSPWiki – http://www.jspwiki.org
Application Description:
From JSPWiki website - “JSPWiki is a feature-rich and extensible
WikiWiki engine built around a standart J2EE components (Java, servlets,
JSP).”
Tested versions:
JSPWiki v2.4.10
Hello all,
There is a bug in "Log" function of Search Unleashed by John Godley,
version 0.2.10.
This plug-in stores search queries but does not validates stored data
and put them back "raw" to browser.
HTML and Java Script can be injected with search request:
/blog/?s=%3Ctextarea+onmouseover%3D%
20 matches
Mail list logo