UniversalFtp Server 1.0.44 Multiple Remote Denial of service

# UniversalFtp Server 1.0.44 Multiple Remote #Denial of service # [EMAIL PROTECTED] : This bug has been found with a brain , ten fingers, a keyboard , and a laptop , one of my best Tool i ever tryed. Stay tuned for more tools hint . # # # Réponse: 226 Completed... # Statut: List

DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks

ID : DOINGSOFT-2008-02-11-002 Discovered : 15/10/2007 Corrected : not knowned, vendors did not response to mail since Decembre 2007 Publication :11/02/2008 Credits : Ha.ckers.fr Team Affected Software : IPDiva VPNSSL Versions : * 2.2 branch < 2.2.8.84 * 2.3 branch < 2.3.2.14 V

Re: UniversalFtp Server 1.0.44 Multiple Remote Denial of service

There's allready an advisory for : Universalftp http://milw0rm.com/exploits/2787 But there's a couple mores CMD FTP vulnerable added to this one . Regards

PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability

PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability download http://sourceforge.net/projects/plutostatus/ author muuratsalo contactmuuratsalo[at]gmail.com exploit http://localhost/locator/index.php?page=../../../../../../../../../../etc/passwd%00

Rosoft Media Player 4.1.8 Buffer Overflow ( .M3U)

#Rosoft Media Player 4.1.8 Buffer Overflow (.M3U) # # @nolife : Pow...Pow ..If you are kind i'll show my set of supers mega Tools, fuzzers ,and all the automated stuff i use For M3U/ASX/PLS Pow..Pow ... # Nolifing is act

DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack

ID : DOINGSOFT-2008-02-11-001 Discovered : 15/10/2007 - Corrected : 15/11/2007 Publication :11/02/2008 Affected Software : IPDiva VPNSSL Versions : Users who autenticate with login et passwd without OTP systems * 2.2 branch < 2.2.8

FreeBSD Security Advisory FreeBSD-SA-08:04.ipsec

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-08:04.ipsec Security Advisory The FreeBSD Project Topic: I

FreeBSD Security Advisory FreeBSD-SA-08:03.sendfile

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-08:03.sendfile Security Advisory The FreeBSD Project Topic: s

Philips VOIP841 Multiple Vulnerabilities

Secure Network - Security Research Advisory Vuln name: Philips VOIP841 Multiple Vulnerabilities Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 (simple httpd) Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://w

Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php

Affects: Joomla 1.0.13 - 1.0.14 Vulnerability: (remote) PHP file inclusion possible if old configuration.php Date: 14-feb-2008 Introduction: Remote PHP file inclusion is possible when RG_EMULATION is not defined in configuration.php. This is typical when upgrading from an older version, leaving

[USN-578-1] Linux kernel vulnerabilities

=== Ubuntu Security Notice USN-578-1 February 14, 2008 linux-source-2.6.15 vulnerabilities CVE-2006-6058, CVE-2006-7229, CVE-2007-4133, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-200

Apache web server 2.2: htpasswd predictable salt weakness

Disclaimer: This is not the first time this issue has been discussed. Andreas Steinmetz posted about the problem for an Apache httpd release in 2003. http://www.securityfocus.com/archive/1/339138 http://www.securityfocus.com/bid/8707 Philipp Krammer reported that he notifed the vendor over fiv

etomite xss

Homepage: http://www.etomite.com/ Tested Version: 0.6.1 Final Exploit:http://localhost/etomite0614/index.php/%22%3E%3Cscript%3Ealert(%22test%22)%3C/script%3E/fill This is a flaw because $_SERVER['PHP_INFO'] is being trusted. $_SERVER['PHP_INFO'] will contain this value when the exploit url is

[ GLSA 200802-07 ] Pulseaudio: Privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200802-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Re: Vwar New Bug

Basically a dup of http://packetstormsecurity.org/0608-exploits/vwar150multi.txt On Wed, Feb 13, 2008 at 10:50:53AM -, [EMAIL PROTECTED] wrote: > Vendor : Www.Vwar.De > Credits : Pouya_Server > Vuln. Ver : v1.5.0 > Http://pouya-server.blogfa.com > [EMAIL PROTECTED] > -

artmedic weblog multiple local file inclusion vulnerabilities

artmedic weblog multiple local file inclusion vulnerabilities download http://artmedic-phpscripts.de/index.php?did=artmedic_weblog.zip author muuratsalo contactmuuratsalo[at]gmail.com exploits http://localhost/artmedic_weblog/index.php?ta=../../../../../../../../../../etc/passwd%00 htt

[DSECRG-08-011 | FIX INFORMATION] Astrosoft HelpDesk Multiple XSS

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-011 | FIX INFORMATION Application:Astrosoft HelpDesk Versions Affected: < 1.95.228 Vendor URL: http://astrosoft.ru/ Bugs: Multiple XSS Injections Exp

ELFdump crash when analyzing crafted ELF file.

__FBSDID("$FreeBSD: src/usr.bin/elfdump/elfdump.c, v 1.12.8.2 2006/01/28 18:40:55 marcel Exp $"); -- + EVIL ELF GENERATOR FOR ELFDUMP - [EMAIL PROTECTED] + David Reguera Garcia - INTECO-CERT ---

JSPWiki Multiple Vulnerabilities

JSPWiki Multiple Vulnerabilities Vendor: Janne Jalkanen JSPWiki – http://www.jspwiki.org Application Description: From JSPWiki website - “JSPWiki is a feature-rich and extensible WikiWiki engine built around a standart J2EE components (Java, servlets, JSP).” Tested versions: JSPWiki v2.4.10

Search Unleashed 0.2.10 JavaScript injection (Wordpress plugin)

Hello all, There is a bug in "Log" function of Search Unleashed by John Godley, version 0.2.10. This plug-in stores search queries but does not validates stored data and put them back "raw" to browser. HTML and Java Script can be injected with search request: /blog/?s=%3Ctextarea+onmouseover%3D%