Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE

The same thing as the CCbill, CEO has denied that their portal has been hacked/ had SQL injection vulnerabilities. - MG Wiadomość napisana przez w0lf w dniu 2011-05-07, o godz. 11:53: Hi The company CEO denies the attack claims that the images posted are fake :)

Re: [Full-disclosure] IBM DeveloperWorks Pwned and Defaced

@Shinnok We have informed IBM about vulnerabilities in http://www.ibm.com/developerworks/ http://publib.boulder.ibm.com http://www.ibm.com (mustlive discovery) , Over 7 months ago, they did not take it seriously. regards, Maciej Gojny Wiadomość napisana przez Shinnok w dniu 2011-01-09, o

[Full-disclosure] CCBILL critical vulnerability story part II

hello FULL DISCLOSURE! We have found nice story about our previous ccbill advisory: http://gfy.com/showthread.php?t=982701page=2 CCBILL CEO Ron C has written: This report was a complete joke. This was just a variation of a Nigerian scam. We contacted the website and they responded via GMAIL

[Full-disclosure] adobe.com important subdomain SQL injection again!

hello full disclosure! After six months from the first contact with Adobe security team, important adobe.com subdomain is still vulnerable to SQL injection attacks. We hope that this time, serious people will try to solve the problem. proof: http://blog.ariko-security.com/ regards,

[Full-disclosure] new facebook SQL injection vulnerability

Hello Full Disclosure ! Today i have found next SQL injection in facebook.com Details: http://blog.ariko-security.com/?p=82 Full advisory will be released soon! Regards, Maciej Gojny Ariko-Security Rynek Glowny 12 32-600 Oswiecim tel:. +48 33 4741511 mobile: +48 784086818 (Mo-Fr 10.00

Re: [Full-disclosure] new facebook SQL injection vulnerability

. Cant wait to see The Register report about this. 2010/11/30 Maciej Gojny v...@ariko-security.com Hello Full Disclosure ! Today i have found next SQL injection in facebook.com Details: http://blog.ariko-security.com/?p=82 Full advisory will be released soon! Regards, Maciej Gojny

Re: [Full-disclosure] new facebook apps SQL injection vulnerability

as finding a SQL injection in facebook.com's actual code. Apps are not run by facebook, so it's unsurprising that some random app would have a SQL injection vulnerability. ~reed On Wed, 1 Dec 2010 00:51:35 +0100 Maciej Gojny v...@ariko-security.com wrote: Benji@ I dont understand You, I

[Full-disclosure] ASPilot Pilot Cart 7.3 multiple vulnerabilities addition to CVE-2008-2688

: # Input validation of all vulnerable parameters should be corrected. Credit: # Discoverd By: Maciej Gojny / Ariko-Security 2010 Advisory: # http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html Ariko-Security Sp. z o.o. Rynek Glowny 12 32-600 Oswiecim tel:. +48 33 4741511

[Full-disclosure] XSS, SQL injection vulnerability in WMSCMS

(Mo-Fr 10.00-20.00 CET) Ariko-Security Maciej Gojny v...@ariko-security.com tel.: +48512946012 (Mo-Fr 10.00-20.00 CET) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored

[Full-disclosure] SQL injection vulnerability in wILD CMS

be corrected. Vulnerabilities: # http://[site]/page.php?page_id=139[SQLi] Credit: # Discoverd By: MG # Advisory: http://www.ariko-security.com/mar2010/ad526.html # Contacts: support[-at-]ariko-security.com Ariko-Security Maciej Gojny v...@ariko-security.com tel.: +48512946012 (Mo-Fr 10.00-20.00 CET

[Full-disclosure] SQL injection and XSS vulnerability in NATYCHMIAST CMS

By: MG # Website: http://www.ariko-security.com/mar2010/ad519.html # Contacts: support[-at-]ariko-security.com Ariko-Security Maciej Gojny v...@ariko-security.com tel.: +48512946012 (Mo-Fr 10.00-20.00 CET) ___ Full-Disclosure - We believe

[Full-disclosure] SQL injection vulnerability in WebAdministrator Lite CMS

. Vulnerability: # http://[site]/download.php?s=[SQLi]id=2324 Credit: # Discoverd By: MG # Website: http://Ariko-security.com # Contacts: support[-at-]ariko-security.com Ariko-Security Maciej Gojny v...@ariko-security.com tel.: +48512946012 (Mo-Fr 10.00-20.00 CET

[Full-disclosure] SQL injection vulnerability in Amelia CMS

# Title: [SQL injection vulnerability in Amelia CMS] # Date: [10.02.2010] # Author: [Ariko-Security] # Software Link: [http://www.ameliadesign.eu/] # Version: [ALL] # Tested on: [freebsd / ubuntu] { Ariko-Security - Advisory #3/2/2010 } = SQL injection

[Full-disclosure] Pogodny CMS Vulnerabilities

# Exploit Title: [Pogodny CMS SQL injection] # Date: [08.02.2010] # Author: [Ariko-Security] # Software Link: [http://www.cms.michalin.pl/moduly/pogodny/] # Version: [ALL] # Tested on: [freebsd / ubuntu] { Ariko-Security - Advisory #2/2/2010 } = SQL injection

[Full-disclosure] SQL injection vulnerability in apemCMS

{ Ariko-Security - Advisory #1/2/2010 } = SQL injection vulnerability in apemCMS Vendor's Description of Software: # http://apem.com.pl/?sc=oferta Dork: #Powered by apemCMS Application Info: # Name: apemCMS # Versions: ALL Vulnerability Info: # Type: SQL