Hi,
> Looked through the archives here and didn't see this one yet..
>
> http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
There is also an article in Slashdot ( i've been out of the list and
possibly others sent the link , anyway i'm pasting it here ):
http://slashdot.org/article
; Hash: SHA1
>
> On Sunday 07 December 2003 13:22, Lorenzo Hernandez Garcia-Hierro wrote:
> > Hi again,
> >
> > I am looking for good information ( and documents ) about the CSS
> > encryption ( protection ) used in DVD Disks .
> >
> There isn't that muc
ecurity.com/Nasa.gov-MV/screenshots/XSS-LARC.gif
>
>
>
> Lorenzo Hernandez Garcia-Hierro wrote:
>
> >Hi all,
> >Sure the readers of FD have seen this week my messages against a
boiler
> >that posted false claims and "flaws" in my sites and blamed me and
Hi again,
I am looking for good information ( and documents ) about the CSS
encryption ( protection ) used in DVD Disks .
I don't want information for de-protection , i want to know if someone
have seen info at dvd.sf.net of this and the current status of linux css
support.
Best regards.
and join [not-security-adolescents], please.
and you ?
[EMAIL PROTECTED]
>
> P.D.: And, yes I know what is mozilla , but you ??? --->
> http://advisories.nsrg-security.com/Nasa.gov-MV/screenshots/XSS-LARC.gif
;-) :
>
> Lorenzo Hernandez Garcia-Hierro wrote:
>
> >Hi
or the people that toll me to stop
this and ignore boilers/kiddies by revenge/ etc .
--
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP
Hi Terry,
Yes , my last two posts are completely off topic ( and agressive ), i am
sorry but i can't allow
a stupid kiddieboiler/lier saying false and completely non-sense things
about me and the NSRG .
I know FD people ignore normally these things , any way if somebody
wants to contact the Netsy
on't know what are you saying about .
Sure you blame so much other people...
stupid boy .
> - Original Message -
> From: "Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]>
>
> > Hi,
> > I think you are a little stuck wth honeypots:
> >
> Lorenzo Hernandez Garcia-Hierro wrote:
>
> > Hi,
> > I think you are a little stuck wth honeypots:
> > http://www.nsrg-security.com/kiddies.txt
> > The only thing is not there is a photo of you ?face?
> >
>
> I'm on the list and I think it'
ity.com
>advisories.nsrg-security.com
>
> Look through web sites and learn about horatio.
>
> >>>>>>>>>>>>>>>>>>>>>>>> Quote from "Lorenzo Hernandez Garcia-Hierro" to
"gazpa"
>
>
don't think that we can discuss private ? i think the people
of FD don't want to see us writing no-sense e-mail against others ( this
time you )
If you want we can continue this by private email between us but not
disturbing a public list.
----
>From quotd
"gazpa"-cho
pdates from official
repositories.
i was using freebsd 5.1 but i like debian more , debian is best of best
:)
a message for everyone: laptops with linux sound like the voice of a
policeman saying "no problem"
best regars to all,
ps: merry christmas :)
Lorenzo Hernandez Gar
for fun and for show others what kiddies think they are ) .
PS: christmas are very near :) has someone a cheap wishlist ? :)
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
0->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**
\x6e\x73\x72\x6
->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**
\x6e\x73\x72\
at
[EMAIL PROTECTED]
Best regards,
- ---
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62
rus activity.
i don't know which virus is this.
xD
Best regards ,
-----------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP: Keyfingerprint
4AC
;
___/snippet___
I hope this post will help you a little to take the correct way for portect
your webserver :)
Best regards to all FD,
-----------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outsid
----
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**
\x6
Yeah,
check the keyboard keys , there are some broken or , crazy dosed by
malicious fingers ?
best regards,
- Original Message -
From: "David Vincent" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 30, 2003 7:25 PM
Subject: RE: [Full-Disclosure] Shortcut.. may caus
and you want to learn spanish before saying ole! ?
;-)
and you want to learn Deutsch before saying Da Kannst du nicht !
best regards,
PS: do you want to continue with chinese ? japanese ? portuguese ? caló ?
jajajajajaja
---
0x00->Lorenzo Hernandez Garcia-Hierro
0
real , tru and correct things !
best regards -------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F45
checking my signatures , etc,
Best regards to all,
---
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D
ng in this life has a final mean , in this case : web
security must be treated as other security issues , if not , you are
in risk
How much times i must rewrite this mail ?
Best regards and thanks to all members of Ful-Disclosure,
- ---
0x00->Lorenzo Hernandez Garci
mpa-wumpa xD i don't know that
expression.
best regards !
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__
PGP: Keyfingerprint
4ACC D892 05F
sorry , i sent the message only to nathan, ;-)
here is it.
best regards.
- Original Message -
From: "Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 24, 2003 6:56 PM
Subject: Re: [Full-Disclosure] About eMule web s
ll in port 77~~ ( i
don't remember ) but it was really funny !
mein Gott !
Best regards,
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
ghting on the
loud ? xD a stupid question i know !
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__
PGP: Keyfingerprint
4ACC D892 05F
ommunication with me,
Best regards,
---------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0
staff and me.
__ ACCESS INFORMATION __
Advisory access:
http://advisories.nsrg-security.com/Nasa.gov-MV/
Mail & Action & Advisory Log :
http://advisories.nsrg-security.com/Nasa.gov-MV/mail-log.txt
ScreenShots:
http://advisories.nsrg-security.com/Nasa.gov-MV/screenshots/
__ <<
ROTECTED]>
To: "Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]>
Sent: Tuesday, October 21, 2003 8:48 PM
Subject: RE: [Full-Disclosure] Tanato WarGame , notes and news
> I had a question for you about the NGsec wargame. I assume that you
> played it and reached the
best way to
treat this,
---
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E
erful people in this list ( no exceptions
;-),
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__
PGP: Keyfingerprint
4ACC D892 05F
me to make public the report.
Thanks to everybody in this list.
Best regards to all and have nice time !
---
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03->
Yes.
My report of Geeklog was bounced about 30 times !
Check the message headers.
Possible the server is really busy ( full-disclosure generates high mail
traffic ) and it resends the messages for be sure that them are
delivered/received.
I don't know sure.
( NOTE: this problem was affcting my site
istrator).
-
CONTACT INFO:
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F45
stion,
---
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F
CK ).
- Original Message -
From: "petard" <[EMAIL PROTECTED]>
To: "Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]>
Cc: "Full-Disclosure" <[EMAIL PROTECTED]>
Sent: Wednesday, October 15, 2003 8:10 PM
Subject: Re: [Full-Disclosure] Supposed Sa
FINAL DECODE SEQUENCE
// Decode sequence
$tbl = array_fill($i_min, $i_max - $i_min + 1, 0);
while (list($k,$v) = each($table))
$tbl[$v] = $k;
$tbl = implode(",", $tbl);
$fi = ",p=0,s=0,w=0,t=Array({$tbl})";
$f = "w|=(t[x.charCodeAt(p++)-{$i_min}])<Lorenzo He
remember that security is a mind status !
Greetings to all the community: morning-wood for his arin.net greeting to me
, cyrus-tc , etc.
---
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03->
Hi all again,
http://liftoff.msfc.nasa.gov/toc.asp?s=Tracking'
admits sql characters injection but seems not easy to include successful
queries
security of nasa websites sucks ( sucks the web app security...)
best regards,
---
0x00->Lorenzo Hernandez Garcia-Hie
: attacking possibilities are related with FPExtensions in the
directories.
VENDOR NOTICED: No contat info found
NOTE 2: OPEN AN ACCOUNT FOR SECURITY ISSUES
Best regards,
---
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=preten
rt("The%20XSS%20Prince\nOnce%20upon%20a%20time%20there%20was%20a%20prince\nthat%20liked%20so%20much%20XSS%20exploits");&Go.y=13
Remember: website security cannot be real if maintainers don't know how much
danger is a xss hole ;-)
contact info:
__
----
for INCLUDE MY EXPLOIT !!
-off-topic-
i'm preparing new releases , more professional and real useful functions !
-<<
To: "Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]>
Sent: Tuesday, October 14, 2003 7:26 PM
Subject: Re: [Full-Disclosure] morning_wood , i discovered t
it's the truth ,
i'm sad ;-)
i discovered one month ago the arin bug , believe
in me.
next time i will be the first one.
;-) good shoot !
;-)
contact me please , i want to talk with you about
some interesting things!
best regards to all !
---0x00->Lorenzo
Hernandez
up XSS-TST-STANDARD )
http://test-zone.nsrg-security.com/xss/?XSS-TST-STANDARD
*//*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
* REFERENCES -> ONLINE
/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
http://advisories.nsrg-security.com/FileDonkey.com-XSS
---
| CONTACT |
---
---
0x00->Lorenzo Hernandez Garcia-Hi
\AOL Instant Messenger (TM)\CurrentVersion\Misc
BaseDataPath
Z Software\America Online\AOL Instant Messenger(TM)\CurrentVersion\Login:
Screen Name -> info.htm
/\INFO.HTM/\
< f o n t s i z e = 5 > < b > < A H R E F = " H T T P : / / W W W . R E
A L P H X . C O M "
lots of times.
Best Regards.
PS: he patched it but he didn't say , ok , i will patch it , no i'm sure !
hahahha
---
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03->
y high risk (
direct access to server's files , command execution , etc )
--
The best regards for all ,
- Original Message -
From: "morning_wood" <[EMAIL PROTECTED]>
To: "Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]>
Sent: Saturday, October 11, 20
Here is it !! :
";
exit("WE SAY: DO NOT EAT DRUGS , THEY ARE BAD FOR YOUR MONKEY BRAIN.");
}
?>
And
CREATE TABLE banninip (
ip char(20) NOT NULL default '0',
PRIMARY KEY (ip)
) TYPE=MyISAM;
Enjoy.
Best regards.
-----------
0x00->
person in Full-Disclosure ?
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
***
o ".
Ha Ha Ha.
best regards,
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56
secvalue)) ||
(eregi("\"", $secvalue))) {
// NEW PREVENTION SYSTEM , USE THIS ONE
// proactive ;-)
include ("toban.php");
// My old prevention system
// die (";-) whereis lammer lammer: you");
}
}
/\<< XSS attacks attempting.
Etc.
I think that i mu
-.-.-.
LET'S USE PHP FILE M. FUNCTIONS -
write to BANED.TXT the attacker ip.
and then go to the die routine ( end the app ).
die .-.. your die message -.-.-.
[<<Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which s
Hi there friends,
I've seen the supposed ( and a little silly thing )
Windows XP LOCAL DoS , and i was looking at the website , i'm not sure because i
didn't try to test it but i seems completely false and funny joke .
Ok , but , what are the original conditions of the
system that the author
lots of times... it is not a funny joke.
the best regards,
-------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->Security Consultant
__
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
***
Hi friends,
I'm not very happy with this , i have done an online test for eject cds in a
MS Internet Explorer
and i have tested it in all the computers of my house but i was surprised
when i checked that the
last version of MSIE allows the execution of the script in the following
sec. zones:
eople for be patient with these
last weeks and the Geeklog issues.
--------------
Lorenzo Hernandez Garcia-Hierro
--- Security Consultant ---
--NSRGroup---
PGP: Keyfingerprint
D185 3555 8ECD 3921 6B21
If you use the fix in your lib-common.php you will damage your geeklog
installation.
Use instead in lib-security.php ;-) at the [your geeklog core files , not
html]/system
Include the fix after ]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*ifra
The proccess is the same for fix all the geeklog portal, instead of editing
index.php , edit lib-common.php and insert the code of the first fix at the
first line after http://www.nsrg-security.com
__
___
Full-Disclosure - We believe
e)) ||
(eregi("+", $secvalue)) ||
(eregi("\"", $secvalue))) {
die (";-) whereis lammer lammer: you");
}
}
-xss fix end -
2.- Patch against SQL Injection vulnerabilities:
The xss fix is hybrid fix because you block ` ´ ' with it.
Go the the dir of the geelog
vulnerable versions range.
- - -
| VENDOR STATUS |
- - -
Ok -> Warned / Contacted
([EMAIL PROTECTED])
- ---
| CONTACT |
- - ---
- ------
Lorenzo Hernandez Garcia-Hierro
- ---
rable versions range.
- -
| VENDOR STATUS |
- -
Ok -> Warned / Contacted
([EMAIL PROTECTED])
---
| CONTACT |
- -------
Lorenzo Hernandez Garcia-Hierro
- ---Security Consultant---
- NSRGroup-
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0
05-a mrs nadie por su excelente trabajo.
NOTE: This is the first time that i write greetings but i want to do it more
, it is excelent for
the spanish poxo-family.
---
| CONTACT |
---
--
Lorenzo He
ssibilities , if the url is encoded ? does Apache check
correctly this when it is encoded ?
One thing is sure: this can not affect ip based rules such as deny
or allow
PS: can be this related with the mod_write vulnerabilities ?
Regards,
- -----------
05-a mrs nadie por su excelente trabajo.
NOTE: This is the first time that i write greetings but i want to do it more
, it is excelent for
the spanish poxo-family.
---
| CONTACT |
---
--
Lorenzo He
05-a mrs nadie por su excelente trabajo.
NOTE: This is the first time that i write greetings but i want to do it more
, it is excelent for
the spanish poxo-family.
---
| CONTACT |
---
--
Lorenzo He
money for the projects
of my group , we are going to put an online donation system.
The best regards from me and all of my
group,
Yours gracefully,
------------------Lorenzo
Hernandez Garcia-Hierro--- Security
Consultant
hout
encoding or ciphering.
-
| SOLUTIONS |
-
- Use a strong chipering method for the admin password in
WinMySQLAdmin and keep passwords with other type of storage.
---
| CONTACT |
---
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--
e called about://
urls vulnerability .
3.- This vulnerability only concerns the about:blank url .
---
| CONTACT |
-------
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Projects Professional Coding--
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0
tor-
v2.0.html>
- Proof of Concepts: -
1.- Check a PostNuke portal.
2.- Check if the Downloads / Web_Links modules are active and..
3.- modify the ttitle variable using "%3e and write a xss attack for
test it.
4.- that's all folks
---
| CONTACT |
---
Lorenzo Hernan
r prevent XSS attacks.
3.- Turn php_error_flags to Off .
4.- Use in addition an external module if you are using apache like
mod_security .
5.- If you are paranoic don't use PHP , MySQL , Windows , Linux ,
computers , tcp/ip , netbios , games , asp ,
Apache.. nothing !
WAR
go):
> http://phpwebsite.appstate.edu/
>
> -Jack Whitsitt
>
>
> - Original Message -
> From: "Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, August 10, 2003 6:15 PM
> Subject: [Full-Dis
//
//\ \ \
with:
---
--->
////////////
\
$FF_authFailedURL = $FF_authFailedURL .
$FF_qsChar . "accessdenied=Your attempt was reco
Flase?
Ummm.
i don't think that.
do you want to get more proof of concepts ?
reagards,
PD: i observed an automatic update in my Gator Software... xP
--
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Pro
-
| CONTACT |
---
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Projects Professional Coding--
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
**
security.novappc.com
Are you
hine
must be restarted. The search.pl script doesn't have a limit of characters
in the query.
---
| CONTACT |
---
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Projects Professional Coding--
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 401
First: Redefine the errors flags in php.ini to Off. [Path Disclosures]
- Second: Use a partial / secure encoding for athentication tokens like
RadiX64 ( not very secure but an attacker
can think that is a more secure algorithm , obscurity ;-D ) .
- Three: Review the db_details_importdocsql.php
false,
if you send a large request in the GET mode , the script makes a pick up in
the server and the server becomes unstable , ok ?
and if you only modify the user variable , you can acces another users
accounts!.
regards,
--
Lorenzo Hernandez
tp://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL=";>XSS in Lycos
Authenticating Servershttp://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL=";>alert(document.
cookie);
--
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--N
thanks for the sphera corp contact info, KF
.
the operators of Shpera has been
contacted.
bye!
regards,
--Lorenzo
Hernandez Garcia-Hierro--- Computer Security Analyzer -Nova Projects
Professional Coding--PGP: KeyfingerprintB6D7 5FCC
KF, send me the Sphera Corp email contact , please.
regards,
--
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Projects Professional Coding--
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
Product: SPHERA HostingDirector and Final User (VDS) Control Panel ( Hosting
Control Panel )
Vendor: SPHERA
Versions:
VULNERABLE
- 3.x
- 2.x
- 1.x
NOT VULNERABLE
- ?
-
Description:
HostingDirector co
Product: SPHERA HostingDirector and Final User (VDS) Control Panel ( Hosting
Control Panel )
Vendor: SPHERA
Versions:
VULNERABLE
- 3.x
- 2.x
- 1.x
NOT VULNERABLE
- ?
-
Description:
HostingDirector co
- REPORT -
Vuln name: PHP and JS Remote cookie retrieval
Risk (1-10): 9
Systems affected: IE 6.0.2600.x (without SP1)
IE 5.0.x (without patches)
Windows XP
Windows NT x
Windows 2003 Server
Windows 9x
Systems i
Gator eWallet Insecure User Data files Encryption and Gator BackUp / Banner
Server Access/File retrieving
Product: Gator eWallet
Vendor: Gator Corporation
Web: www.gator.com
Risk:7
Description:
Gator eWallet is a software for save your form data and login dat
--
Product: PostNuke
Vendor: PostNuke WWW.POSTNUKE.COM
Versions Vulnerable:
PostNuke Phoenix 0.7.x.x
Phoenix 0.7.2.3 with patches ( in all versions )
Phoenix 0.7.2.3 without patches (in all versions )
0.7.2.1
(All prior versions of 0.7.2.3 with/witho
---
Product: PHP-Nuke
Vendor: Francisco Burzi
Versions Vulnerable:
Francisco Burzi PHP-Nuke 6.0
Francisco Burzi PHP-Nuke 6.5 RC3
Francisco Burzi PHP-Nuke 6.5 RC2
Francisco Burzi PHP-Nuke 6.5 RC1
Francisco Burzi PHP-Nuke 6.5 FINAL
Francisco Burzi PHP-Nuke 6.5 BETA 1
Francisco Burzi PHP-Nuke 6.5
Product: PSOFT H-Sphere ( Hosting Control Panel )
Vendor: PSOFT ( Positive Software Corporation )
Versions:
VULNERABLE
- 2.3.x
- 2.2.x
- 2.1.x
- 2.0.x
NOT VULNERABLE
- ?
-
Description:
H-Sph
ility is the
ancient and older type of vulnerability and the only possible solution
is...
- Change the path and directory of the sambar server user files!
- the developers of sambar server can change the code and develop a module
for examine the trafic of user files and buffers of form transfer in POST
or GET mode.
CONTACT:
NAME: Lorenzo Hernandez Garcia-Hierro
MAIL: [EMAIL PROTECTED]
WEBSITE: www.lorenzohgh.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
90 matches
Mail list logo