PAFileDB SQL Injection Vulnerability Ratings Cheat Fix

I recently found out that someone I knew was running this vuln application. After informing them it was vuln they were dissapointed at the fact that they could no longer use the program as the author has not supplied a fix. Anyway, here is a quick fix i threw together to take care of the

Algorimic Complexity Attacks

Hello. This is to announce a new class of attack which we have named 'Algorithmic Complexity Attack'. These attacks can perform denial of service and/or cause the victim to consume more CPU time than expected. We have a website for our research paper and project and tentative source code

Another ZEUS Server web admin XSS!

Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 (webadmin-4.2r2) on Linux x86 This is not the same issue as bid 6144 (index.fcgi), now is on vs_diag.cgi. Exploit is simple: http://target:9090/apps/web/vs_diag.cgi?server=YOUR_CODE I have read this

Multiple Vulnerabilities In P-Synch Password Management

Multiple Vulnerabilities In P-Synch Password Management --- The other night I came across a server running P-Synch. I had never heard of it so i was curious to poke around on it a bit. Within an hour i found the vulns listed below. Im pretty

PHRACK MAGAZINE Call for Papers (#61)

[-]=[-] P H R A C K : R E L O A D E D : CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS -

Geeklog 1.3.7sr1 and below multiple vulnerabilities.

Products: Geeklog 1.3.7sr1 and below (http://www.geeklog.net) Date: 29 May 2003 Author: pokleyzz pokleyzz_at_scan-associates.net Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: Geeklog

b2 cafelog 0.6.1 remote command execution.

Products: b2 cafelog 0.6.1 (http://cafelog.com/) Date: 29 May 2003 Author: pokleyzz pokleyzz_at_scan-associates.net Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: b2

[slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01) Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability. Here are the details from the Slackware 9.0 ChangeLog:

Philboard Forum Vulnerability

Philboard Vulnerability Severity : High (Possible gain administrator/users access on Forum Board) Systems Affected: Philboard up to v1.14 Vendor URL: http://www.youngpip.com/philboard.asp Vuln Type : Cookie Injection Status: Vendor contacted, fixed version is not available (cause they didn't

BAZARR CODE NINER PINK TEAM GO GO GO

dave pointed out dat i forgot to send da attached .c in my first post. dis proves dat im so bizy dat i forget to send other half of email to bugtraq. attached is a local root xploit for eterm. and on default install of debian it be a local gid utmp xploit. hi martin dis is a nice change up from

[SECURITY] [DSA-307-1] New gps packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 307-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman May 27th, 2003

ICQLite executable trojaning

bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet

Webfroot Shoutbox 2.32 directory traversal and code injection.

Products: Webfroot Shoutbox v 2.32 and below (http://shoutbox.sf.net) Date: 09 May 2003 Author: pokleyzz pokleyzz_at_scan-associates.net Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: