Overview:
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup, which could be exploited by an anonymous attacker in order to execute
arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Message Engine
Hello,
I found a vulnerability in btitracker (a tool for create a bittorrent tracker
written in php
).
This vulnerability can remove physically uploaded files .torrent
video : http://aeroxteam.free.fr/btitracker.html
exploit(not to diffuse) :
form
Overview:
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup, which could be exploited by an anonymous attacker in order to execute
arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Discovery Service
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
FreeForum 0.9.7 (fpath) Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by XORON(turkish hacker)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
phpBB User Viewed Posts Tracker Version = 1.0 [phpbb_root_path] File Include
Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by
Overview:
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup, which could be exploited by an anonymous attacker in order to execute
arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Message Engine
# ~~~
# Cahier de textes
# Pierre Lemaitre - St Lô (France) - Ver 2.0
#
# Remote SQL injection Exploit
#
# Discovred By s4mi
# s4mi[at]linuxmail[dot]org
XSS IN FastFind...
DORK:
Powered by FastFind - Search Engine Script
Exploit:
http://[target]/[path]/index.php?query=scriptalert(1)/scripttype=simple
references:
http://www.interspire.com/fastfind/
Example:
In response to the message sent on 10/4...
The vendor has released a fix. It has also been
discovered that this affects previous versions.
Vulnerable:
Invision Power Board 2.0.x
Invision Power Board 2.1.0 - 2.1.7
Invision Power Board 2.2 Beta 1
Not Vulnerable:
Invision Power Board 2.1.7 (ID:
Hi,
in Windows Vista Microsoft plans to introduce a security concept they call
Mandatory integrity control (MIC) which is described here:
[1] http://blogs.technet.com/steriley/archive/2006/07/21/442870.aspx
As this sounds like a promising feature I did some testing with Vista RC1 that
gave
It is worth of contacting the author of this blog entry:
http://grownupgeek.blogspot.com/2006/08/myspace-closes-giant-security-hole.html
related to serious information disclosure case during this summer.
- Juha-Matti
E Mintz [EMAIL PROTECTED] wrote:
Does anyone have a security contact for
btw// these real-world analogies are like guinea pigs.
They haven't a darn thing to do with the subject.
The subject is the law, which is not clearly defined on
these matters, but in the US you'll get a smattering of
wire-related laws, intention, and intended use interpretations.
If intended
According to this article it was a hoax... So who is telling the truth,
and what sort of fall out will come from this?
http://www.betanews.com/article/Firefox_Flaw_a_Hoax_Admits_Speaker/1159903320
Tom Walsh
[EMAIL PROTECTED] wrote:
http://www.gnucitizen.org/projects/javascript-spider/
During the last couple of days I have been testing several attack
vectors to circumvent the browser security sandbox also known as the
same origin policy. There is a lot involved into this subject and I
will present my notes very soon.
The
Robert,
It is not illegal to pen-test web applications on your classroom
servers, and then as an exercise, check for web sites running the
vulnerable apps and send emails telling them of the vulnerability.
This is not like pen-testing the company's web site without permission,
and your students
15 matches
Mail list logo