contacted
2014-03-10: Vendor replies, confirms issue
2014-03-12: Vendor publishes fixed version
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
___
Full-Disclosure - We believe
phplist: cross site request forgery (CSRF), CVE-2011-0748
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2748
http://int21.de/cve/CVE-2011-0748-phplist.html
Description
phplist is a mailing list software written in PHP.
Up to version 2.10.12, it provided no protection
/exploit/target
I tried to reproduce this on Gentoo and it fails at this point. It seems the
reason is that suid-binaries are not world-readable on Gentoo (on Debian they
are) - this seems to be a useful security measure.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20
Am Freitag 03 September 2010 schrieb Hacxx 20:
Do you have virus archived? Submit them to all major antivirus companies.
Visit http://virus-submission.tk
Any reason the only free software antivirus, clamav, is missing?
--
Hanno Böck Blog: http://www.hboeck.de/
GPG
report.
Disclosure Timeline
2010-04-19: Vendor contacted
2010-05-07: Published advisory
Credits
This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of
schokokeks.org webhosting.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber
2010-05-01: Vendor released 1.7.1 with fix
2010-05-07: Published advisory
Credits
This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of
schokokeks.org webhosting.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha
this
remotely through CSRF even without Remote Management option?
(i.e. put some javascript on a webpage sending a post request to the default
ip of the router?)
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http
Damn, subject is obviously wrong, it's mantis, gallery was already
CVE-2008-3662. Rest of the advisory is correct though.
Sorry for the confusion.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
commons attribution license.
Hanno Boeck, http://www.hboeck.de
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
-23 Published advisory
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
It's licensed under the creative commons attribution license.
Hanno Boeck, http://www.hboeck.de
--
Hanno Böck Blog: http://www.hboeck.de/
GPG
to give me credits.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
___
Full-Disclosure - We believe
-20 Published advisory
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
It's licensed under the creative commons attribution license.
Hanno Boeck, http://www.hboeck.de
--
Hanno Böck Blog: http://www.hboeck.de/
GPG
.
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
It's licensed under the creative commons attribution license.
Hanno Boeck, 2008-09-18, http://www.hboeck.de
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20
commons attribution license.
Hanno Boeck, 2008-09-04, http://www.hboeck.de
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
)
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
___
Full-Disclosure - We believe in it.
Charter: http
standardizes names for security problems.
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
It's licensed under the creative commons attribution license.
Hanno Boeck, 2008-04-xx, http://www.hboeck.de
--
Hanno Böck Blog
Am Dienstag 22 April 2008 schrieb Hanno Böck:
Two smaller issues in s9y, published here:
http://int21.de/cve/CVE-2008-1386-s9y.html
http://int21.de/cve/CVE-2008-1387-s9y.html
Damn, it was too early in the morning.
The correct CVEs (as listed in the advisory below) are CVE-2008-1385 and
CVE
(http://cve.mitre.org/), which standardizes names for security problems.
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
It's licensed under the creative commons attribution license.
Hanno Boeck, 2008-04-16, http://www.hboeck.de
--
Hanno Böck
/), which standardizes names for security problems.
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
It's licensed under the creative commons attribution license.
Hanno Boeck, 2008-03-17, http://www.hboeck.de
--
Hanno Böck Blog
-02-26, http://www.hboeck.de
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
___
Full-Disclosure - We believe
of schokokeks.org webhosting.
It's licensed under the creative commons attribution license.
Hanno Boeck, 2008-01-12, http://www.hboeck.de
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
Description
-mplayer.mpg lol-mplayer.ogg
lol-ogg123.flac lol-vlc.aac lol-xine.aac
xine crash by lol-mplayer.wmv lol-ffplay.m2v lol-ffplay.ogg lol-ffplay.wmv
lol-gstreamer.avi lol-ogg123.flac lol-vlc.aac lol-xine.mpg
firefox crash by lol-firefox.gif
--
Hanno Böck Blog: http://www.hboeck.de
://www.hboeck.de
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
___
Full-Disclosure - We believe in it.
Charter: http
Source:
http://int21.de/cve/CVE-2007-3694-bm.html
Cross site scripting (XSS) in broadcast machine
References
http://www.getmiro.com/create/broadcast/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3694
Description
Cross site scripting describes attacks that allow to insert malicious
://www.eselfilme.com/newsletter/newsletter.php?action=signemail=;scriptalert(1)/script
http://www.region-stuttgart.de/sixcms/rs_suche/?_suche=;scriptalert(1)/script
http://reports.internic.net/cgi/whois?whois_nic=;scriptalert(1)/scripttype=domain
--
Hanno Böck Blog: http
http://int21.de/cve/CVE-2007-3693-gobi.txt
Cross site scripting and information disclosure in gobi/helma
security advisory
References:
http://gobi.helma.org/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3693
Description:
Cross site scripting describes attacks that allow to insert
Cross site scripting in chcounter 3.1.3
security advisory
References:
http://chcounter.org/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1871
Description:
Cross site scripting describes attacks that allow to insert malicious
html or javascript code via get or post forms. This can
Cross site scripting in toendaCMS 1.5.3
security advisory
References:
http://www.toendacms.com/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872
Description:
Cross site scripting describes attacks that allow to insert malicious
html or javascript code via get or post forms. This
Cross site scripting in mephisto 0.7.3
security advisory
References:
http://www.mephistoblog.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1873
Description:
Cross site scripting describes attacks that allow to insert malicious
html or javascript code via get or post forms. This
=adac.de/
/form
form method=post
action=http://www.tu-berlin.de/www/software/java/cgi-bin/search.pl;
input type=hidden NAME=terms value='scriptalert(1)/script'/
input type=submit value=hoax-info.de/
/form
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber
brachmann, www.bitsploit.de.
All have been reported to E-Plus before.
Blog-entry english:
http://www.hboeck.de/item/458
Blog-entry german (more detailed):
http://www.hboeck.de/item/457
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber: [EMAIL PROTECTED
31 matches
Mail list logo
