Re: AS/400 Vulnerabilities

2008-06-16 Thread Marco Ivaldi
Hello Bugtraq, On Fri, 13 Jun 2008, security curmudgeon wrote: I would guess there is little research being done on them. The odds of a box falling over due to a few malformed TCP packets, but being resistant or not vulnerable to more complex attacks seems pretty far fetched. While this

Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

2008-06-16 Thread Eduardo Jorge
== Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) == Author: Eduardo Neves a.k.a _eth0_ Date: 14 june 2008 Site: http://webappsecurity.wordpress.com ==

E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability

2008-06-16 Thread sys-project
[+] Info: [~] Bug found by Jose Luis Góngora Fernández (JosS) [~] sys-project[at]hotmail.com [~] http://www.spanish-hackers.com/ [~] Spanish Hackers Team - [SHT] [~] EspSeC Hack0wn!. [~] Software: E-SMART CART (payment) [~] HomePage: http://www.preproject.com/ [~] Exploit: Remote SQL

DUC NO-IP Local Password Information Disclosure Vulnerability

2008-06-16 Thread glafkos
/* * DUC NO-IP Local Password Information Disclosure * Author(s): Charalambous Glafkos *George Nicolaou * Date: March 11, 2008 * Site: http://www.astalavista.com * Mail: [EMAIL PROTECTED] * [EMAIL PROTECTED] * * Synopsis: DUC NO-IP is prone to an information

Denial of Service in S.T.A.L.K.E.R. 1.0006

2008-06-16 Thread Luigi Auriemma
### Luigi Auriemma Application: S.T.A.L.K.E.R.: Shadow of Chernobyl http://www.stalker-game.com Versions: = 1.0006 Platforms:Windows Bug: Denial of Service

PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability

2008-06-16 Thread sys-project
[+] Info: [~] Bug found by Jose Luis Góngora Fernández (JosS) [~] sys-project[at]hotmail.com [~] http://www.spanish-hackers.com/ [~] Spanish Hackers Team - [SHT] [~] EspSeC Hack0wn!. [~] Software: PHP JOBWEBSITE PRO (payment) [~] HomePage: http://www.preproject.com/ [~] Exploit: Remote

[ECHO_ADV_97$2008] Pre News Manager = 1.0 (index.php id) Sql Injection Vulnerability

2008-06-16 Thread erdc
ECHO_ADV_97$2008 - [ECHO_ADV_97$2008] Pre News Manager = 1.0 (index.php id) Sql Injection Vulnerability - Author :

Returnil Virtual System 2008 - Password Disclosure Issue

2008-06-16 Thread mikuvoli
Returnil Virtual System 2008 - Password Disclosure Issue -===[ Vulnerable ]- Product: Returnil Virtual System 2008 [+] Personal Edition 2.0.0.5011 Final [+] Premium Edition 2.0.0.5007 Final

VistaReseller Panel BETA Xss Vulnerability

2008-06-16 Thread irancrash
## # VistaReseller Panel BETA Xss Vulnerability ## # Discovered By Khashayar Fereidani Or Ircrash # Our Team : IRCRASH # IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm -

[ MDVSA-2008:116 ] - Updated x11-server packages fix several vulnerabilities

2008-06-16 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:116 http://www.mandriva.com/security/

[ MDVSA-2008:115 ] - Updated x11-server packages fix several vulnerabilities

2008-06-16 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:115 http://www.mandriva.com/security/