===
Vulnerable Product: Cisco WLC 4402 (most likely among many others)
Vulnerability discovered: January 2009
Reported to vendor: Jan 01, 2009
Fix available: not yet
===
TIMELINE:
PHP filesystem attack vectors - Take Two
Name PHP filesystem attack vectors - Take Two
Systems Affected PHP and PHP+Suhosin
Vendorhttp://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad_2.txt
Authors Giovanni evilaliv3
Hello Michal!
First I note, that when I'll find time, I'll answer at your previous comment
about redirection to javascript: URIs in different browsers.
Second I note, that, please, write about something new, not about that I
already mentioned in my advisory ;-).
Refresh or Location
###
#
# Aiocp 1.4.001 Remote File Inclusion vulnerability
#
# Found by : Hadi Kiamarsi
#
# Contact : hadikiamarsi [at] hotmail.com
#
# Download :
rPath Security Advisory: 2009-0111-1
Published: 2009-07-24
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 2
Rating: Severe
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
Original advisory at:
http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/
Ref. [DSF-03-2009] – IXXO Cart! Standalone and Joomla Component SQL Injection
Vendor: IXXO Internet Solutions
Status: Patched by vendor
IXXO Cart!
IXXO Cart is an extremely
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-1841-1secur...@debian.org
http://www.debian.org/security/ Nico Golde
July 25th, 2009
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:159
http://www.mandriva.com/security/
Hello Bugtraq!
As I checked this DoS vulnerability today, it also works in IE7, besides
IE6.
Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous
versions (and potentially next versions).
P.S.
Also I wrote to Ruben Reguero two days ago, and told him that it was strange
that
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Internet
Explorer.
Today I additionally checked these vulnerabilities in IE and found that they
also work in IE7, besides IE6.
DoS vulnerabilities in Firefox, Internet Explorer and Opera
Hi,
I am glad to release sqlmap version 0.7.
Introduction
sqlmap is an open source command-line automatic SQL injection tool.
Its goal is to detect and take advantage of SQL injection
vulnerabilities in web applications. Once it detects one or more SQL
injections on the target
As Secunia has already confirmed version 3.5.1 is vulnerable too.
I tested it earlier and your proof of concept works 100%.
Very nice find :-)
Best Regards,
MaXe
hi ,jplopezy:
IN http://hi.baidu.com/xisigr/blog/item/edbcba00011864de267fb55a.html;,
127.0.0.1 is just a fictitious example.
See real examples:http://xisigr.googlepages.com/firefoxspoofing,test 1
is my,test 2 is your.some %20 for display a white space in the
Status Bar.
On Mon, Jul 27, 2009
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN
Controllers
Advisory ID: cisco-sa-20090727-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
Revision 1.0
For Public Release 2009 July 27 1600 UTC (GMT
Advisory:
The Movie Player and VLC Media Player Real Data Transport
parsing integer underflow.
Affected products:
The Movie player svn r29438 [1]
VLC media player = 1.0.0 [2]
Possible others applications that use the xine lib code [3].
Discovred by:
NcFTPd = 2.8.5 remote jail breakout
Discovered by:
Kingcope
Contact: kcope2atgooglemail.com / http://isowarez.de
Date:
27th July 2009
Greetings:
Alex,Andi,Adize,wY!,Netspy,Revoguard
Prerequisites:
Valid user account.
Demonstration on FreeBSD
Great!
We should fill up %20 as many as possible to hide the payloads in
some wider screens.
The JavaScript Test 2 example is great for stealth phishing attacks
while status bar spoofing is great for hiding our attack payload.
I also made a record for hiding XSS payload.
Good day to all of you,
I'm having loads of troubles finding computer crimes' statistics (crimes
that are related to physical security - eg. Login, root access, ntlm/sam,
etc). I did some search on google and many other websites. But I've yet to
encounter a statistics or survey for the mentioned
autor : bikolinux
Vuln: cross site scripting the browser google chrome
Download: http://www.google.com/chrome
error local
EMAIL m...@bikolinux.net bikoli...@gmail.com
vercion test 2.0.172.37
You probably will have more look searching databases provided by your local
library. If your local University has a data librarian they might be able to
help find sources of data (if they even exist). A reference librarian can
show you how to search various databases of scholarly research to see
Hello list.
Just to clarify the NcFTPd vulnerability affects all operating systems
that NcFTPd runs on,
not just FreeBSD.
Cheers,
kcope
2009/7/27 Kingcope kco...@googlemail.com:
NcFTPd = 2.8.5 remote jail breakout
Discovered by:
Kingcope
Contact: kcope2atgooglemail.com /
This also seems to be working in Safari Version 4.0.1 (5530.18)
On Mon, Jul 27, 2009 at 9:44 AM, secur...@intern0t.net wrote:
As Secunia has already confirmed version 3.5.1 is vulnerable too.
I tested it earlier and your proof of concept works 100%.
Very nice find :-)
Best Regards,
MaXe
22 matches
Mail list logo