#!/usr/bin/perl -w
# Hex Workshop v6 ColorMap files .cmap Invalid Memory Reference crash POC
# Discovred by : DATA_SNIPER
# for more information vist my blog:http://datasniper.arab4services.net/
# the Exploit it's very hard to implemented,if we can make the reference
point to valid memory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Summary
===
Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl,
generated insufficiently random numbers, resulting in all random
The incidents reported on WHID (the web hacking incidents database) last
week where:
* WHID 2009-15: Kanye West has been Hacked
(http://whid.xiom.com/whid/2009/15/Kanye_West_has_been_hacked):
Rappers hacking problems seem never stop
* WHID 2009-14: My.BarackObama.com Infects Visitors
## NaviCopa webserver 3.0.1 Multiple Vulnerabilities
#
# By: e.wiZz!Bosnian Idiot FTW!
# Mail: ew...@hotmail.com
# Greetz goes to GYEZ(you know who you are lol)
In the wild...
#
SMF 1.1.7 (simplemachines.org) XSS
Exploitation:
If you can modify the censor on a SMF forum, then you can make it
execute arbitrary JS code.
http://SMF.Forum.com/index.php?action=postsettings;sa=censor
Just add the following entry:
http://www.test.xss/ = http://www.test-xss/;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01662367
Version: 1
HPSBUX02407 SSRT080107 rev.1 - HP-UX Running IPv6, Remote Denial of Service
(DoS) and Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted
# Nokia Multimedia Player version 1.1 .m3u Heap Overflow PoC exploit
# by 0in aka zer0in from Dark-Coders Group! [0in.email[at]gmail.com] /
0in[at]dark-coders.pl]
# http://www.Dark-Coders.pl
# Special thx to doctor ( for together analyse this shi*) and sun8hclf ( for
tell me.. to unicode.)
#
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
January 29, 2009
Risk Level:
High
Affected versions:
Oracle Database Server version 9iR2
Remote exploitable:
Yes (Authentication to Database Server is
Dear colleagues,
this is a short message just to reconfirm that the deadline for
submission of speech and training proposals for SEaCURE.IT is set to
February 10th, and not to Jan 31st as originally noted in the website.
We have received many excellent submission, besides the invited speakers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Advisory
SQL Injection in Oracle Enterprise Manager (TARGET Parameter)
January 29, 2009
Risk Level:
Medium
Affected versions:
Oracle Enterprise Manager 10g Grid Control 10.2.0.4 and previous patchsets
Remote exploitable:
Yes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
VNC Multiple Integer Overflows
1. *Advisory Information*
Title: VNC Multiple Integer Overflows
Advisory ID: CORE-2008-1009
Advisory
11 matches
Mail list logo