Veeam Backup & Replication Local Privilege Escalation Vulnerability

2015-10-09 Thread ascii
/A:L Vendorhttp://www.veeam.com/ Advisory http://www.ush.it/team/ush/hack-veeam_6_7_8/veeam.txt Authors Pasquale "sid" Fiorillo (sid AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Antonio &qu

Vtiger CRM 5.2.0 Multiple Vulnerabilities

2010-11-19 Thread ascii
OUND No fix available. VI. VENDOR RESPONSE "We were able to reproduce the issues you reported on 5.2, and are working on releasing a security update shortly. We expect to release this update within the next 3 to 4 weeks, after running some more tests." VII. CVE INFORMATION CVE-2010-3909

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

2010-01-11 Thread ascii
/ Advisory http://www.ush.it/team/ush/hack_httpd_escape/adv.txt Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it) Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it) Francesco "ascii" Onga

Jetty 6.x and 7.x Multiple Vulnerabilities

2009-10-26 Thread ascii
/ Advisory http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt Authors Francesco "ascii" Ongaro (ascii AT ush DOT it) Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it) Antonio "s4tan" Para

Vtiger CRM 5.0.4 Multiple Vulnerabilities

2009-08-18 Thread ascii
://www.vtigercrm.com Advisory http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it) Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Onga

PHP filesystem attack vectors - Take Two

2009-07-27 Thread ascii
aliv3" Pellerano (evilaliv3 AT ush DOT it) Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it) Date

SugarCRM 5.2.0e Remote Code Execution

2009-06-15 Thread ascii
Advisory http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt Authors Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT i

Re: FormMail 1.92 Multiple Vulnerabilities

2009-05-13 Thread ascii
we tested FormMail and want to warn people who deployed FormMail and will deploy FormMail we posted an advisory for FormMail. Hope this open your mind. Bye, ascii ush.it

FormMail 1.92 Multiple Vulnerabilities

2009-05-12 Thread ascii
://www.scriptarchive.com/formmail.html Advisory http://www.ush.it/team/ush/hack-formmail_192/adv.txt Authors Francesco "ascii" Ongaro (ascii AT ush DOT it) Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it) Antonio "s4tan&quo

Zabbix 1.6.2 Frontend Multiple Vulnerabilities

2009-03-03 Thread ascii
://www.zabbix.com/ Advisory http://www.ush.it/team/ush/hack-zabbix_162/adv.txt Authors Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Giovanni "evilaliv3

PHP filesystem attack vectors

2009-02-09 Thread ascii
PHP filesystem attack vectors Name PHP filesystem attack vectors Systems Affected PHP and PHP+Suhosin Vendorhttp://www.php.net/ Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad.txt Authors Francesco "ascii" Ongaro (ascii AT

Moodle 1.9.3 Remote Code Execution

2008-12-12 Thread ascii
://www.ush.it/team/ush/hack-moodle193/moodle193.txt Authors Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Giovanni "evilaliv3" Pellerano (evilaliv3 AT

Collabtive 0.4.8 Multiple Vulnerabilities

2008-11-10 Thread ascii
-dyn.de/ Advisory http://www.ush.it/team/ush/hack-collabtive048/adv.txt Authors Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Giovanni "evilaliv3

Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities

2008-05-20 Thread ascii
://www.mantisbt.org/ Advisory http://www.ush.it/team/ush/hack-mantis111/adv.txt Authors Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Date 20080520 I. BACKGROUND From the Mantis web site: "

WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities

2008-04-11 Thread ascii
ttp://www.wikidsystems.com/ Advisory http://www.ush.it/team/ush/hack-wclient/wikid.txt AuthorFrancesco "ascii" Ongaro (ascii AT ush DOT it) Antonio "s4tan" Parata (s4tan AT ush DOT it) Date 20080411 I. BACKGROUND From the Wi

Original Photo Gallery Remote Command Execution

2007-10-02 Thread ascii
Original Photo Gallery Remote Command Execution Name Original Photo Gallery Remote Command Execution Systems Affected Original 0.11.2 version and below Severity High Vendorhttp://jimmac.musichall.cz/original.php Advisory http://www.ush.it/team/ascii/hack

Re: [Full-disclosure] Cross Domain XMLHttpRequest

2007-04-17 Thread ascii
;-- --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- this is basically a proxy, it can make get/post requests to http only hosts, saturate the server bandwidth *PLUS* naturally fetch any local file : ) http://sectroyer.

Re: Php Nuke POST XSS on steroids

2007-03-12 Thread ascii
more than an XSS, this is just an example advisory on an example product See you, Francesco `ascii` Ongaro http://www.ush.it/

Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite

2007-03-10 Thread ascii
t...) the just fixed _POST and so on? nice : ) i really appreciate your work with php, keep up with the disclosure! Regards, Francesco 'ascii' Ongaro http://www.ush.it/ ps: add some smiles in your mails or people will get confused about the tone of your speaking : )

Php Nuke POST XSS on steroids

2007-03-09 Thread ascii
http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/ Authors Francesco `ascii` Ongaro ([EMAIL PROTECTED]) Stefano `wisec` di Paola ([EMAIL PROTECTED]) Date 20070307 I. BACKGROUND Php Nuke is a CMS written in PHP. This advisory is just an example on how to exploit

Re: WordPress Search Function SQL-Injection

2007-02-27 Thread ascii
Justin Frydman - Thinkweb Media wrote: > Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then? i have the same feeling tested on multiple wp instances and can't reproduce on >= 2.0.1 <= 2.0.7 regards, Francesco 'ascii' Ongaro http://www.ush.it/

Re: Universal XSS with PDF files: highly dangerous

2007-01-03 Thread ascii
pdf isn't enough to metabolize all that stuff regards, Francesco 'ascii' Ongaro http://www.ush.it/ ps: flash 8 is fixed : )

Milkeyway Multiple Vulnerabilities

2006-03-16 Thread ascii
http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt AuthorFrancesco "aScii" Ongaro (ascii at katamail . com) Date 20060316 I. BACKGROUND Milkeyway is a software for the management and administration of internet access within public structures and framewo

Re: [KAPDA::#16] - SMF SQL Injection

2005-12-12 Thread ascii
ng passed to the db and cast integers (int)intval($_GET['id']) seems KAPDA Researchers researched this 'vuln' too fast : ) ascii - http://www.ush.it

Re: WebCalendar Multiple Vulnerabilities

2005-11-30 Thread ascii
http://sourceforge.net/mailarchive/forum.php?thread_id=9091328&forum_id=46247 http://sourceforge.net/mailarchive/forum.php?thread_id=9089995&forum_id=46247 ascii - http://www.ush.it

Free Web Stat Multiple XSS Vulnerabilities

2005-11-28 Thread ascii
/ AuthorFrancesco "aScii" Ongaro (ascii at katamail . com) Date 20051125 FreeWebStat 1.0 rev37 (the last version at the write time) is vulnerable to multiple XSS. The impact is a little bigger since datas will be stored in a flat file and the result of a single

Php Web Statistik Multiple Vulnerabilities

2005-11-28 Thread ascii
-statistik/ AuthorFrancesco ‘aScii’ Ongaro (ascii at katamail . com) Date 20051119 PHP Web Statistik is vulnerable to javascript and HTML injection using the unchecked $lastnumber variable, proper input validation will fix. Just place an intval() at the right row. Other

WebCalendar Multiple Vulnerabilities

2005-11-28 Thread ascii
-multiple-vulnerabilities/ Advisory http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt AuthorFrancesco "“aScii"” Ongaro (ascii at katamail . com) Date 20051128 WebCalendar is vulnerable to four SQL Injection (files activity_log.php, admin_h