Hi!
>LanGuard (3.3 is free for scanning unlimited IP's, it only
>costs if you want software/patch deployment and custom reporting).
Maxpatrol demo version (also free for scanning unlimited IP's!) is more
functional, than Languard "Free Version".
-Original Message-
From: insecure [mail
MySQL 4.1/5.0 zero-length password auth. bypass - modified MySQL client
autor: RusH security team, http://rst.void.ru
Usage:
F:\>mysql -uroot -pr57
Welcome to the MySQL monitor.
>>Little cool edit by RusH security team =) http://rst.void.ru
Commands end with ; or \g.
Your MySQL connection id is 2
Hi all!
Very interesting program from Russia:
Anti-Cracker Shield
Introduction:
The program is designed for protection from "exploits" (attacks possible
because of vulnerabilities either of the operational systems, or of
application software components) of different kinds. Multilevel security
sy
Hi all!
Microsoft Windows XP Task Scheduler (.job) Universal Exploit
* Tested on:
*- Internet Explorer 6.0 (SP1) (iexplore.exe)
*- Explorer (explorer.exe)
*- Windows XP SP0, SP1
*
* ---
* Compile:
*Win32/VC++
SecurityLab.ru report: The Most Critical Vulnerabilities in July 2004
Web application
. Easy Chat Server Multiple Denial Of Service Vulnerabilities , Bugtraq ID
10649
. New Atlanta ServletExec Unauthorized Access Vulnerability, Bugtraq ID
10639
. Two Vulnerabilities in Anton Raharja PlaySMS., Bu
Buffer overflow in MDaemon 6.5.1 in SAML, SOML, SEND, MAIl command in SMTP
server and in LIST command in IMAP server.
Exploit:
http://www.securitylab.ru/_Exploits/2004/09/mdaemon_rcpt.c
http://www.securitylab.ru/_Exploits/2004/09/mdaemon_imap.c
More information (In Russian!): http://www.securit
URL: http://www.pd9soft.com
Tested megabbs 2.1
1. HTTP Response Splitting
http://www.pd9soft.com/megabbs/forums/thread-post.asp?action=writenew&fid=%0
d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20
text/html%0d%0aContent-Length:%2033%0d%0a%0d%0a%3chtml%3eScanned%20b
BroadBoard Instant ASP Message Board
URL: http://www.broadboard.com/
1. software does not properly validate user-supplied input in the 'keywords'
parameter in search.asp:
http://broadboard/forum/search.asp?archives=1&action=1&keywords=['SQL
code]&method=1&method=1&body=1&subject=1&board=1&resul
PTms04-030 - tool for checking WebDAV XML DoS vulnerability.
More information and download:
http://www.securitylab.ru/tools/48998.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Hi!
New Demo version includes intelligent algorithms for detection of Cross-site
scripting, SQL-injection, PHP including, HTTP Response Splitting and similar
vulnerabilities in ANY (including custom) web-applications. (No details on
found vulnerabilities are provided)
Latest Discovered Vulnerabi
phpBB 2.0.10 execute command by pokleyzz
http://www.securitylab.ru/49574.html
Cybercrime in cyberspace: Russian virus writers pay $1 to revenge
Kaspersky Lab
More Information: (In Russian)
http://www.securitylab.ru/49674.html
Translate:
http://www.online-translator.com/text.asp?lang=en
___
Full-Disclosure - We believe
XSS was found in the nested BB tag in many forum:
Invision Power Board:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`
style=background:url(javascript:alert()) [/COLOR]
vBulletin
[EMAIL=[URL=s [EMAIL PROTECTED]:[EMAIL PROTECTED]
sss[/URL][/EMAIL]` style=`background:url(javaSCrip
t:alert(/Hi_fro
cool. Tested on AMD64 with DEP enabled.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, January 28, 2005 5:41 PM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] [ Positive Technologies ] Defeating
MicrosoftW
14 matches
Mail list logo
