good morning folks,
... "With AltaVista Search Software, you can create your own search and
retrieval Web site with the same relevancy, performance, and efficiency of
the powerful AltaVista Search engine (www.altavista.com) used to index the
World Wide Web" ...
yes thats true .. but,
if you
hola,
more bugs in the AV-Search thing ..
using uri-encoded strings it is possible to view "any" file on the system ..
examples:
unixxxsss ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd
or on an micro$oft IIS ...
hola friends,
found some interesting things in the "old" UltraBoard-Forum scripts
(UltraBoard V 1.6)
class:Input Validation Error
remote:Yes
vulnerable:UltraBoard V1.*
vendor: www.ultrascripts.com || www.ub2k.com
Description:
By using the good old NullByte(\000) its possible to open "any" file
hola friends,
while i was participating on the openhack contest
i found a couple of serious security-holes within ibm s
so called "netcommerce" thing which seems to be a mixture of
websphere, net.data, servlets, jsp s and db2?
however..summary:
class: input validation error
remote: yes
local:
Those look really funny, anyone know the what algorythm is used, i suppose
it's the standard db2 function, but haven't tried that yet.
.. because of the column type this is just a hexadecimal representation ..
you can easily convert it to char ...
3) "Password-Reminders"
Actually these are
good morning buqtraq,
gmx.net is a european-based free web-mail-, web-community system comparable
with hotmail.com.
like many other web-mail systems gmx.net has a problem filtering java-script
in html-based mail-messages.
this enables an attacker to create html-messages with malicious
hola friends,
getAccess[tm] is used as a single-sign-on system often used for large
internet-portals.
--- snip (http://www.entrust.com) ---
Entrust GetAccess[tm] offers the most comprehensive solution for
consistently deploying and enforcing
basic and enhanced security across online
