regards,
Maksymilian Arciemowicz ( http://cifrex.org/ )
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
It's not a 0day. Allegro is not a software vendor. It's a website.
--
Best regards,
Maksymilian Arciemowicz ( http://cvemap.org/ )
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
FreeBSD 9.1 ftpd Remote Denial of Service
Maksymilian Arciemowicz
http://cxsecurity.org/
http://cxsec.org/
Public Date: 01.02.2013
URL: http://cxsecurity.com/issue/WLB-2013020003
Affected servers:
- ftp.uk.freebsd.org,
- ftp.ua.freebsd.org,
- ftp5.freebsd.org,
- ftp5.us.freebsd.org,
- ftp10
://cxsecurity.com/cifrex_download/1.1/run.txt
CWE Dictionary
http://cxsecurity.com/allcwe/
CVE Full Map
http://cxsecurity.com/cvemap/
More about project
http://cxsecurity.com/cifrex/
http://cxsecurity.com/
--
Best Regards
Maksymilian Arciemowicz (CXSecurity.com)
pub 4096R/D6E5B530 2010-09-19
uid
[ PHP 5.4/5.3 deprecated eregi() memory_limit bypass ]
Author: Maksymilian Arciemowicz
Website: http://cxsecurity.com/
Date: 30.03.2012
Original link:
http://cxsecurity.com/issue/WLB-2012030272
PoC's:
memory_limit poc
http://cxsecurity.com/issue/WLB-2012030271
open_basedir poc
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.3.8 Multiple vulnerabilities ]
Author: Maksymilian Arciemowicz
Website: http://cxsecurity.com/
Date: 14.01.2012
CVE:
CVE-2011-4153 (zend_strndup)
Original link:
http://cxsecurity.com/research/103
[--- 1. Multiple NULL Pointer Dereference
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Multiple BSD libc/regcomp(3) Multiple Vulnerabilities ]
Author: Maksymilian Arciemowicz
http://www.netbsd.org/donations/
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 05.10.2011
- - Pub.: 04.11.2011
CVE: CVE-2011-3336
Affected
=tmp
- --
Best Regards
pub 4096R/D6E5B530 2010-09-19
uid Maksymilian Arciemowicz (cx) m...@cxib.net
sub 4096R/58BA663C 2010-09-19
-BEGIN PGP SIGNATURE-
iQIcBAEBAgAGBQJOouW2AAoJEIO8+dzW5bUwz5IP/2zd8n7txMETl/t1wHvvhnXV
YhyfSCSxxnYXh7Us9T
++ - OP_TYPESTAR;
that is the same problem.
- --
Best Regards
pub 4096R/D6E5B530 2010-09-19
uid Maksymilian Arciemowicz (cx) m...@cxib.net
sub 4096R/58BA663C 2010-09-19
-BEGIN PGP SIGNATURE-
iQIcBAEBAgAGBQJOo1mUAAoJEIO8+dzW5bUwMBwP/3M0LD5DaXzuwvT3jhmuxi+m
aQ8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.3.6 ZipArchive invalid use glob(3) ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://securityreason.net/
http://cxib.net/
Date:
- - Dis.: 01.04.2011
- - Pub.: 19.08.2011
CVE: CVE-2011-1657
Affected Software (verified):
PHP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.3.6 multiple null pointer dereference ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://securityreason.net/
http://cxib.net/
Date:
- - Dis.: 20.07.2011
- - Pub.: 19.08.2011
Affected Software (verified):
PHP 5.3.6 and prior
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ NetBSD 5.1 libc/net multiple functions stack buffer overflow ]
Author: Maksymilian Arciemowicz
http://netbsd.org/donations/
Date:
- - Dis.: 01.04.2011
- - Pub.: 01.07.2011
CVE: CVE-2011-1656
CWE: CWE-121
Affected software:
- - NetBSD 5.1 (fixed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Multiple Vendors libc/fnmatch(3) DoS (incl apache poc) ]
Author: Maksymilian Arciemowicz
http://netbsd.org/donations/
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 29.01.2011
- - Pub.: 13.05.2011
CVE: CVE-2011-0419
CWE: CWE-399
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion ]
Author: Maksymilian Arciemowicz
http://netbsd.org/donations/
http://securityreason.com/
http://cxib.net/
Date:
- Dis.: 19.01.2011
- Pub.: 02.05.2011
CVE: CVE-2011-0418
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 03.01.2011
- - Pub.: 18.03.2011
CVE: CVE-2011-0421
CERT: VU#325039
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ vsftpd 2.3.2 remote denial-of-service ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 23.12.2010
- - Pub.: 01.03.2011
CVE: CVE-2011-0762
CERT: VU#590604
Fix: vsftpd 2.3.4 (15.02.2011)
Affected
this issue
--
Best Regards
pub 4096R/D6E5B530 2010-09-19
uid Maksymilian Arciemowicz (cx) m...@cxib.net
sub 4096R/58BA663C 2010-09-19
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.3.5 grapheme_extract() NULL Pointer Dereference ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 09.12.2010
- - Pub.: 17.02.2011
CVE: CVE-2011-0420
CERT: VU#210829
Affected Software:
- - PHP
/D6E5B530 2010-09-19
uid Maksymilian Arciemowicz (cx) m...@cxib.net
sub 4096R/58BA663C 2010-09-19
-BEGIN PGP SIGNATURE-
iQIcBAEBAgAGBQJNLKCKAAoJEIO8+dzW5bUw3JcP/jnau2AewihKbwSjQB5x3Civ
fDL/LS2i+HRP+lMsmVsGqMpZN3kebdhm4M4/ZqTxQsVdAkBA9Ky5qL61nvz/BnVq
IAU/JYd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ GNU libc/regcomp(3) Multiple Vulnerabilities ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 01.10.2010
- - Pub.: 07.01.2011
CERT: VU#912279
CVE:
CVE-2010-4051
CVE-2010-4052
Affected (tested
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Apache Insecure mod_rewrite PCRE Resource Exhaustion ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 19.09.2010
- - Pub.: 21.12.2010
Affected (tested):
- - NetBSD 5.0.2 (Apache 2.2.17 PHP 5.3.4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 11.11.2010
- - Pub.: 10.12.2010
CERT: VU#479900
CVE: CVE-2010-4409
CWE: CWE-189
Status: Fixed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 14.09.2010
- - Pub.: 05.11.2010
CVE: CVE-2010-3709
CWE: CWE-476
Status: Fixed in CVS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Multiple Vendors libc/glob(3) resource exhaustion (+0day remote
ftpd-anon) ]
Author: Maksymilian Arciemowicz
http://netbsd.org/donations/
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 06.11.2009
- - Pub.: 07.10.2010
CVE: CVE-2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ FreeBSD 8.1/7.3 vm.pmap kernel local race condition ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
http://lu.cxib.net
Date:
- - Dis.: 09.07.2010
- - Pub.: 07.09.2010
Affected Software (verified):
- - FreeBSD 7.3/8.1
Original URL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 17.04.2010
- - Pub.: 21.05.2010
Affected Software:
- - Sun Solaris 10 10/09
Original URL:
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Sun Solaris 10 libc/*convert (*cvt) buffer overflow ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 15.04.2010
- - Pub.: 21.05.2010
Affected Software:
- - Sun Solaris 10 10/9
Original URL:
http://securityreason.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 01.04.2010
- - Pub.: 23.04.2010
CVE: CVE-2010-0105
Risk: Medium
Affected Software:
- - MacOS 10.6 (tested
,
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
c...@securityreason.com
sub 4096g/0889FA9A 2008-08-22
http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
signature.asc
Description: OpenPGP digital signature
Stachowiak
Written by: Maksymilian Arciemowicz
Fixed by : Ilia Alshanetsky
--- 4. Contact ---
Email:
- Grzegorz.Stachowiak
stachowiak [a,t} analogicode (d_0t} pl
- Maksymilian Arciemowicz
cxib {a.t] securityreason [d0_t} com
GPG:
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
http
Joshua Levitsky wrote:
On Thu, Jan 7, 2010 at 7:20 PM, Maksymilian Arciemowicz
c...@securityreason.com mailto:c...@securityreason.com wrote:
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
CVE: CVE
printf %0.4194310f, 0x0.0x41414141;
Perl will crash with
esi = 0x41414141
edi = 0x15
-Josh
--
Best Regards,
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
c...@securityreason.com
sub 4096g/0889FA9A 2008
[ J 6.02.023 Array Overrun (code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 08.01.2010
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- J 6.02.023 Array Overrun (code execution)
NOTE: Prior
[ Matlab R2009b Array Overrun (code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 08.01.2009
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- Matlab R2009b
NOTE: Prior versions may also be affected
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 08.01.2010
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- MacOS 10.6
NOTE: Prior versions may also be affected
[ Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- Flock 2.5.2
Fixed in:
- Flock 2.5.5
NOTE
[ Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- Camino 1.6.10
Fixed in:
- Camino 2.0
[ Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code
execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- Thunderbird 2.0.0.23
Fixed
[ Sunbird 0.9 Array Overrun (code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-199
Risk: High
Remote: Yes
Affected Software:
- Sunbird 0.9
NOTE: Prior versions may also be affected
Maksymilian Arciemowicz (cxib)
c...@securityreason.com
sub 4096g/0889FA9A 2008-08-22
http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
signature.asc
Description: OpenPGP digital signature
___
Full-Disclosure - We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- - K
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Opera 10.01 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.2.11/5.3.0 Multiple Vulnerabilities ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 01.10.2009
- - Pub.: 13.11.2009
Risk: Medium
Affected Software:
- - PHP 5.3.0
- - PHP 5.2.11
Original URL:
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 29.06.2009
- - Pub.: 30.10.2009
We are going inform all vendors, about this problem
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[libc:fts_*() Multiple Denial of Service ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 03.08.2009
- - Pub.: 02.10.2009
We are going inform all vendors, about this problem.
Affected Software (official):
- - OpenBSD 4.5 (fix
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ glibc x=2.10.1 stdio/strfmon.c Multiple vulnerabilities ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 10.03.2008
- - Pub.: 17.09.2009
CVE: CVE-2008-1391
Risk: High
Affected Software (tested 27.08.2009):
- - Fedora 11
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 10.07.2009
- - Pub.: 19.08.2009
Risk: Medium
Affected Software (tested):
- - Kaspersky Internet Security 2010 9.0.0.459
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.3.0 (main.c) open_basedir bypass ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - - Dis.: 26.05.2009
- - - Pub.: 06.08.2009
Risk: Medium
Affected Software:
PHP 5.3.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.2.10/5.3.0 (zend_ini.c) Memory Disclosure ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - - Dis.: 10.07.2009
- - - Pub.: 06.08.2009
Risk: High
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Multiple Vendors libc/gdtoa printf(3) Array Overrun ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 25.06.2009
CVE: CVE-2009-0689
Risk: High
Affected Software (12.06.2009):
- - OpenBSD 4.5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ IPFilter (ippool) 4.1.31 lib/load_http.c buffer overflow ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com/
Date:
- - Dis.: 05.03.2009
- - Pub.: 22.05.2009
CVE: CVE-2009-1476
Risk: Low
Original URL:
http://securityreason.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.2.9 curl safe_mode open_basedir bypass ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 31.12.2008
- - Pub.: 10.04.2009
Original URL:
http://securityreason.com/achievement_securityalert/61
- --- 0.Description
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[libc:fts_*():multiple vendors, Denial-of-service ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 21.10.2008
- - Pub.: 04.03.2009
CVE: CVE-2009-0537
We are going informing all vendors, about this problem.
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ SecurityReason.com : PHP 5.2.6 SAPI php_getuid() overload ]
Author: Maksymilian Arciemowicz
securityreason.com
Date:
- - Written: 20.11.2008
- - Public: 05.12.2008
SecurityReason Research
SecurityAlert Id: 59
SecurityRisk: High
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ SecurityReason.com : PHP 5.2.6 SAPI php_getuid() overload ]
Author: Maksymilian Arciemowicz
securityreason.com
Date:
- - Written: 20.11.2008
- - Public: 05.12.2008
SecurityReason Research
SecurityAlert Id: 59
SecurityRisk: High
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ]
Author: Maksymilian Arciemowicz
http://securityreason.com
Date:
- - Written: 10.11.2008
- - Public: 28.11.2008
SecurityReason Research
SecurityAlert Id: 58
SecurityRisk: Medium
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ SecurityReason.com PHP 5.2.6 (error_log) safe_mode bypass ]
Author: Maksymilian Arciemowicz (cXIb8O3)
securityreason.com
Date:
- - Written: 10.11.2008
- - Public: 20.11.2008
SecurityReason Research
SecurityAlert Id: 57
CWE: CWE-264
SecurityRisk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ multiple vendor ftpd - Cross-site request forgery ]
Author: Maksymilian Arciemowicz
securityreason.com
Date:
- - Written: 03.09.2008
- - Public: 26.09.2008
SecurityReason Research
SecurityAlert Id: 56
CVE: not assigned
SecurityRisk: Low
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[WLB-2008080064: inet_net_pton() integer overflow ]
Author: Maksymilian Arciemowicz (cxib)
SecurityReason.com
Date:
- - Written: 02.08.2008
- - Public: 22.08.2008
SecurityRisk: Low
It is a bug, without a high security risk. We are going informing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.6 posix_access() (posix ext) safe_mode bypass ]
Author: Maksymilian Arciemowicz (cXIb8O3)
SecurityReason.com
Date:
- - Written: 10.05.2008
- - Public: 17.06.2008
SecurityReason Research
SecurityAlert Id: 54
CVE: CVE-2008-2665
CWE: CWE-264
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass ]
Author: Maksymilian Arciemowicz (cXIb8O3)
securityreason.com
Date:
- - Written: 10.05.2008
- - Public: 17.06.2008
SecurityReason Research
SecurityAlert Id: 55
CVE: CVE-2008-2666
CWE: CWE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ *BSD libc (strfmon) Multiple vulnerabilities ]
Author: Maksymilian Arciemowicz (cxib)
SecurityReason.com
Date:
- - Written: 10.03.2008
- - Public: 25.03.2008
SecurityReason Research
SecurityAlert Id: 53
CVE: CVE-2008-1391
SecurityRisk: High
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.5 and prior : *printf() functions Integer Overflow ]
Author: Maksymilian Arciemowicz (cXIb8O3)
SecurityReason.com and SecurityReason.pl
Date:
- - Written: 01.03.2008
- - Public: 20.03.2008
SecurityReason Research
SecurityAlert Id: 52
CVE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.5 cURL safe_mode bypass ]
Author: Maksymilian Arciemowicz (cXIb8O3)
SecurityReason
Date:
- - Written: 21.08.2007
- - Public: 22.01.2008
SecurityReason Research
SecurityAlert Id: 51
CVE: CVE-2007-4850
SecurityRisk: Medium
Affected Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Source: http://securityreason.com/achievement_securityalert/45
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass
Vulnerability ]
Author: Maksymilian Arciemowicz (cXIb8O3
Source: http://securityreason.com/achievement_securityalert/45
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability ]
Author: Maksymilian Arciemowicz (cXIb8O3)
SecurityReason
Date:
- - Written: 10.02.2007
- - Public
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.0 session.save_path safe_mode and open_basedir bypass]
Author: Maksymilian Arciemowicz (SecurityReason)
Date:
- - Written: 02.10.2006
- - Public: 08.12.2006
SecurityAlert Id: 43
CVE: CVE-2006-6383
SecurityRisk: High
Affected Software: PHP
Source: http://securityreason.com/achievement_securityalert/42
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- - Written: 05.09.2006
- - Public: 09.09.2006
SecurityAlert Id: 42
CVE
Source: http://securityreason.com/achievement_securityalert/41
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 10.6.2006
- -Public: 26.06.2006
from SECURITYREASON.COM
CVE-2006-3011
Source: http://securityreason.com/achievement_securityalert/40
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[tempnam() Bypass unique file name PHP 5.1.4]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 22.5.2006
- -Public: 11.6.2006
from SECURITYREASON.COM
CVE-2006-2660
- --- 0
Source: http://securityreason.com/achievement_securityalert/39
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 15.5.2006
- -Public: 27.5.2006
from SECURITYREASON.COM
CVE-2006-2563
- --- 0
Source: http://securityreason.com/achievement_securityalert/38
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[phpBB 2.0.20 Full Path Disclosure and SQL Errors]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 1.5.2006
- -Public: 5.5.2006
from SecurityReason.Com
CVE:
- - CVE-2006
Source: http://securityreason.com/achievement_securityalert/34
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 26.2.2006
- -Public: 8.4.2006
from SecurityReason.Com
CVE-2006-0996
Source: http://securityreason.com/achievement_securityalert/35
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[function *() php/apache Crash PHP 4.4.2 and 5.1.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 21.3.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1549
Source: http://securityreason.com/achievement_securityalert/36
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 26.3.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1494
Source: http://securityreason.com/achievement_securityalert/37
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 2.4.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1608
- --- 0
Maksymilian Arciemowicz (cXIb8O3) [EMAIL PROTECTED]
sub 2048g/AE816DB6 2005-09-21
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Source: http://securityreason.com/achievement_securityalert/33
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[Multiple vulnerabilities in PostNuke = 0.761]
SecurityAlert SA033
Author: Maksymilian Arciemowicz (cXIb8O3)
Date: 19.2.2006
from SecurityReason.Com
- --- 0.Description ---
PostNuke
Orginal Source: http://securityreason.com/achievement_securityalert/31
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date: 3.2.2006
from SecurityReason.Com
CVE-2006-0437 for the XSS issues
CVE
won't work with
phpBB, due to the missing Session ID in the links.
--
pub 1024D/7FDF4CEE 2005-09-21
uid Maksymilian Arciemowicz (cXIb8O3) [EMAIL PROTECTED]
sub 2048g/AE816DB6 2005-09-21
___
Full-Disclosure - We believe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[phpBB 2.0.18 XSS and Full Path Disclosure cXIb8O3.22]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date: 16.12.2005
from securityreason.com TEAM
- --- 0.Description ---
phpBB is a high powered, fully scalable, and highly customizable Open Source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[Bypass XSS filter in PHPNUKE 7.9=x cXIb8O3.21]
Author: Maksymilian Arciemowicz ( cXIb8O3 )
Date: 14.12.2005
from SECURITYREASON.COM
- --- 0.Description ---
PHP-Nuke is a Web Portal System, storytelling software, news system, online
community
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[phpBB 2.0.18 SQL Query problem cXIb8O3.19]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date: 11.11.2005
from securityreason.com TEAM
- --- 0.Description ---
phpBB is a high powered, fully scalable, and highly customizable Open Source
bulletin boar
d
.
http://securityreason.com/achievement_securityalert/1
Maksymilian Arciemowicz [EMAIL PROTECTED]
SecurityReason.Com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFDW8673Ke13X/fTO4RAsbzAKCv8tkGfD5dAbliWlaLMkfLkYnVfgCgs9RE
HllDGmvD6iOQiSeH9Sk4WCQ=
=9U2v
-END PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[phpMyAdmin Local file inclusion 2.6.4-pl1]
Author: Maksymilian Arciemowicz ( cXIb8O3 ).18
Date: 10.10.2005
from SECURITYREASON.COM
- --- 0.Description ---
phpMyAdmin 2.6.4 is a tool written in PHP intended to
handle the administration of MySQL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[GeSHi Local PHP file inclusion 1.0.7.2]
Author: Maksymilian Arciemowicz ( cXIb8O3 ).17
Date: 21.9.2005
from SECURITYREASON.COM
- --- 0.Description ---
GeSHi started as a mod for the phpBB forum system, to enable highlighting of
more languages
88 matches
Mail list logo
