EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)

#!/usr/bin/perl # EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)

cevado technologies real estate CMS SQL injection

I'm back, and I got more. SQL injection within some real estate CMS software. The vulnerability is present because of a failure to strip characters from the variables page_id and site_id resulting in exploitation by some simple blind SQLI. heres an example:

[SECURITY] [DSA 1533-2] New exiftags packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1533-2 [EMAIL PROTECTED] http://www.debian.org/security/ Devin Carraway April 01, 2008

[ GLSA 200804-01 ] CUPS: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: Internet explorer 7.0 spoofing

Doesn't work on FF3.0b1 or b2. On 3/29/08, mouss [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: This problem is not specific to IE. It works on Firefox too. just tested on FF 2.0.0.13 and it doesn't work.

Re: Re: Internet explorer 7.0 spoofing

I too tested on the same version of Firefox but it worked in my case! What address did you use as main URL. Was it google.com? You can find the snap of the spoofed URL captured in Firefox here: hxxp://img249.imageshack.us/my.php?image=spoofzg2.png

Re: Hamachi Password Disclosure Vulnerability

This is a bogus vulnerability. Ability to dump the process memory for a random system account implies that the system is fully compromised. Besides Hamachi 1.x does not use password-based login authentication as it's clearly stated in a product description.