Re: [Full-disclosure] WordPress Search Function SQL-Injection

2007-02-27 Thread Matthew Flaschen
Justin Frydman - Thinkweb Media wrote: > Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then? Clearly you didn't read the disclaimer... Matt signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it

Re: [Full-disclosure] WordPress Search Function SQL-Injection

2007-02-27 Thread Justin Frydman - Thinkweb Media
chie Research Labs proudly presents . . . > +--- -- - - > | Application: wordpress > | Version: <= 2.1.1 > | Vuln./Exploit Type: SQL-Injection > | Status: 0day > +- -- - - > | Discovered by:

[Full-disclosure] rPSA-2007-0043-1 php php-mysql php-pgsql ISSUE=4168 PROJ=30

2007-02-27 Thread supportdb
When replying, type your text above this line. -- Notification of Issue Registration Project: ThreatManagement Issue: rPSA-2007-0043-1 php php-mysql php-pgsql Issue Number: 4168 Priority: 1 Status: Request Date: 02/27/2007

[Full-disclosure] rPSA-2007-0043-1 php php-mysql php-pgsql

2007-02-27 Thread rPath Update Announcements
rPath Security Advisory: 2007-0043-1 Published: 2007-02-27 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: php=/[EMAIL PROTECTED]:devel//1/4.3.11-15.9-1 php-mysql=/[EMAIL PROTECTED]:devel//1/4.3

Re: [Full-disclosure] WordPress Search Function SQL-Injection

2007-02-27 Thread ascii
Justin Frydman - Thinkweb Media wrote: > Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then? i have the same feeling tested on multiple wp instances and can't reproduce on >= 2.0.1 <= 2.0.7 regards, Francesco 'ascii' Ongaro http://www.ush.it/ _

[Full-disclosure] [NETRAGARD-20070220 SECURITY ADVISORY] [McAfee VirusScan for Mac (Virex) Local root exploit and Scan Bypass]

2007-02-27 Thread Netragard Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Netragard, L.L.C Advisory* *** Strategic Reconnaissance Team http://www.netragard.com --

[Full-disclosure] iDefense Security Advisory 02.27.07: Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability

2007-02-27 Thread iDefense Labs
Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability iDefense Security Advisory 02.27.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 27, 2007 I. BACKGROUND Computer Associates eTrust Intrusion Detection is a network intrusion management and prevention sys

[Full-disclosure] Nullsoft ShoutcastServer Persistant XSS - 0day

2007-02-27 Thread SaMuschie
tested) | Vuln./Exploit Type: Persistant XSS | Status: -0day +- -- - - | Discovered by: Muschiemann | Released: 20070227 | SaMuschie Release Number: 3 +--- - -- - It is possible to inject scriptcode into the applications logfile

[Full-disclosure] WordPress Search Function SQL-Injection

2007-02-27 Thread SaMuschie
day +- -- - - | Discovered by: Samenspender | Released: 20070227 | SaMuschie Release Number: 2 +--- - -- - Searching for a single ,,comma,, generates a sql error message. e.g.: http://wordpress-deutschland.org/?s=, results

[Full-disclosure] Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities

2007-02-27 Thread Stefan Friedli
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities scip AG Vulnerability ID 2962 (02/27/2007) http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2962 I. INTRODUCTION "WordPress is a state-of-the-art semantic personal publishing platform with a

Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)

2007-02-27 Thread Richard Moore
Michal Zalewski wrote: > I can't really comment on whether > this fixes the problem once and for all, because I haven't really examined > the changes implemented for 364692, but yeah, my example no longer crashes > the browser for me. I think there are still underlying problems in the code as th

[Full-disclosure] Disabling Google Desktop Link Integration In Google Pages

2007-02-27 Thread Debasis Mohanty
GDS Desktop Link and Google.com Integration - Bad Design or Necessary Evil? The recent security advisory on Google Desktop Search (GDS) published by Watchfire did not really surprised me as I was expecting more like this in past 2 years. However, the fact that intrigued me to write this article is

Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)

2007-02-27 Thread Richard Moore
Resent as I realised I'm not subscribed here Michal Zalewski wrote: > I can't really comment on whether > this fixes the problem once and for all, because I haven't really examined > the changes implemented for 364692, but yeah, my example no longer crashes > the browser for me. I think there are

[Full-disclosure] [ GLSA 200702-12 ] CHMlib: User-assisted remote execution of arbitrary code

2007-02-27 Thread Raphael Marichez
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200702-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200702-11 ] MPlayer: Buffer overflow

2007-02-27 Thread Raphael Marichez
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200702-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Re: [Full-disclosure] Kiwi CatTools TFTP server path traversal

2007-02-27 Thread 3APA3A
Probably, it's same or related issue for reported by nicob at nicob.net. http://securityvulns.com/news/KIWI/CatTools/DT.html CVE-2007-0888 --Wednesday, February 28, 2007, 12:47:17 AM, you wrote to bugtraq@securityfocus.com: n> Path traversal security vulnerability in Kiwi CatTools TFTP up to 3.

Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)

2007-02-27 Thread Michal Zalewski
On Tue, 27 Feb 2007, Richard Moore wrote: > > > http://slashdot.org/";>http://slashdot.org/ > > Yeah, and the other way round: http://lcamtuf.coredump.cx/ietrap/, when used with FF 2.0.0.2, puts you on a page that: 1) Has URL bar data and favicon from the target site, 2) Views source of

Re: [Full-disclosure] Extracting files from SMB packet captures

2007-02-27 Thread Thorolf
Jim O'Gorman wrote: > Does anyone have good sources of examples on pulling files out of SMB > packet captures I can use as a reference? Tools or write ups would be > great. search for smbspy http://www.google.com/search?q=smbspy /rl ___ Full-Disclo

Re: [Full-disclosure] Extracting files from SMB packet captures

2007-02-27 Thread Zed Qyves
Not SMB specific, however it should do the job. http://tcpxtract.sourceforge.net/ Regards, ZQ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Multiple SQL Injection bugs in TCS website

2007-02-27 Thread Scarlet Pimpernel
Hello list, The website of TCS (Tata Consultancy Services) is prone to multiple SQL injection bugs. I already sent them an email back in December 2006. They have not fixed the bug just yet, so Iam going to disclose the details here. http://kishfellow.blogspot.com The scripts are prone to multi

[Full-disclosure] Kiwi CatTools TFTP server path traversal

2007-02-27 Thread noreply
Path traversal security vulnerability in Kiwi CatTools TFTP up to 3.2.8 server can lead to information disclosure and remote code execution Risk: High DISCUSSION Kiwi CatTools TFTP server doesn't properly verify filename in PUT and GET request which can be used to download/upload any file from/

Re: [Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke

2007-02-27 Thread Matthew Flaschen
[EMAIL PROTECTED] wrote: > SEC Consult Security Advisory 20070226-0 > === > title: File Disclosure in Pagesetter for PostNuke > program: Pagesetter page creation module > vulnerable version: 6

Re: [Full-disclosure] Extracting files from SMB packet captures

2007-02-27 Thread Mike Vasquez
While I haven't done anything specifically with SMB, I did come up with the following a few years back: it might prove useful in your research: http://www.adminprep.com/articles/default.asp?action=show&articleid=52 It covers taking an ethereal data cap, and taking portions of it to come up with