/A:L
Vendorhttp://www.veeam.com/
Advisory http://www.ush.it/team/ush/hack-veeam_6_7_8/veeam.txt
Authors Pasquale "sid" Fiorillo (sid AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Antonio &qu
OUND
No fix available.
VI. VENDOR RESPONSE
"We were able to reproduce the issues you reported on 5.2,
and are working on releasing a security update shortly.
We expect to release this update within the next 3 to 4 weeks,
after running some more tests."
VII. CVE INFORMATION
CVE-2010-3909
/
Advisory http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it)
Francesco "ascii" Onga
/
Advisory http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Para
://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Onga
aliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it)
Date
Advisory http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT i
we tested FormMail and want to warn people who deployed FormMail and
will deploy FormMail we posted an advisory for FormMail. Hope this open
your mind.
Bye,
ascii
ush.it
://www.scriptarchive.com/formmail.html
Advisory http://www.ush.it/team/ush/hack-formmail_192/adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan&quo
://www.zabbix.com/
Advisory http://www.ush.it/team/ush/hack-zabbix_162/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3
PHP filesystem attack vectors
Name PHP filesystem attack vectors
Systems Affected PHP and PHP+Suhosin
Vendorhttp://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad.txt
Authors Francesco "ascii" Ongaro (ascii AT
://www.ush.it/team/ush/hack-moodle193/moodle193.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT
-dyn.de/
Advisory http://www.ush.it/team/ush/hack-collabtive048/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3
://www.mantisbt.org/
Advisory http://www.ush.it/team/ush/hack-mantis111/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Date 20080520
I. BACKGROUND
From the Mantis web site: "
ttp://www.wikidsystems.com/
Advisory http://www.ush.it/team/ush/hack-wclient/wikid.txt
AuthorFrancesco "ascii" Ongaro (ascii AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Date 20080411
I. BACKGROUND
From the Wi
Original Photo Gallery Remote Command Execution
Name Original Photo Gallery Remote Command Execution
Systems Affected Original 0.11.2 version and below
Severity High
Vendorhttp://jimmac.musichall.cz/original.php
Advisory
http://www.ush.it/team/ascii/hack
;--
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
this is basically a proxy, it can make get/post requests to http
only hosts, saturate the server bandwidth *PLUS* naturally fetch any
local file : )
http://sectroyer.
more than an XSS, this is just an example advisory on an example product
See you,
Francesco `ascii` Ongaro
http://www.ush.it/
t...)
the just fixed _POST and so on? nice : )
i really appreciate your work with php, keep up with the disclosure!
Regards,
Francesco 'ascii' Ongaro
http://www.ush.it/
ps: add some smiles in your mails or people will get confused about the
tone of your speaking : )
http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/
Authors Francesco `ascii` Ongaro ([EMAIL PROTECTED])
Stefano `wisec` di Paola ([EMAIL PROTECTED])
Date 20070307
I. BACKGROUND
Php Nuke is a CMS written in PHP. This advisory is just an example on
how to exploit
Justin Frydman - Thinkweb Media wrote:
> Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then?
i have the same feeling
tested on multiple wp instances and can't reproduce on >= 2.0.1 <= 2.0.7
regards, Francesco 'ascii' Ongaro
http://www.ush.it/
pdf isn't
enough to metabolize all that stuff
regards,
Francesco 'ascii' Ongaro
http://www.ush.it/
ps: flash 8 is fixed : )
http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt
AuthorFrancesco "aScii" Ongaro (ascii at katamail . com)
Date 20060316
I. BACKGROUND
Milkeyway is a software for the management and administration of
internet access within public structures and framewo
ng passed to the db
and cast integers (int)intval($_GET['id'])
seems KAPDA Researchers researched this 'vuln' too fast : )
ascii - http://www.ush.it
http://sourceforge.net/mailarchive/forum.php?thread_id=9091328&forum_id=46247
http://sourceforge.net/mailarchive/forum.php?thread_id=9089995&forum_id=46247
ascii - http://www.ush.it
/
AuthorFrancesco "aScii" Ongaro (ascii at katamail . com)
Date 20051125
FreeWebStat 1.0 rev37 (the last version at the write time) is vulnerable
to multiple XSS. The impact is a little bigger since datas will be
stored in a flat file and the result of a single
-statistik/
AuthorFrancesco aScii Ongaro (ascii at katamail . com)
Date 20051119
PHP Web Statistik is vulnerable to javascript and HTML injection using
the unchecked $lastnumber variable, proper input validation will fix.
Just place an intval() at the right row. Other
-multiple-vulnerabilities/
Advisory
http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt
AuthorFrancesco "aScii" Ongaro (ascii at katamail . com)
Date 20051128
WebCalendar is vulnerable to four SQL Injection (files activity_log.php,
admin_h
28 matches
Mail list logo