|
|
Colapse all |
Post message
F5 BIG-IP Web Management Audit Log XSS 2008-03-23 nnposter disclosed not F5 BIG-IP Web Management Audit Log XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a persistent cross-site scripting vulnerability in the audit log facility. Log entries are output raw, without being HTML-encoded first. This allows [ more ] [ reply ] ircu/snircd remote crash vulnerability 2008-03-24 Chris Porter (cdp34 cam ac uk) Affected software ----------------- ircu (upto and including 2.10.12.12) snircd (upto and including 1.3.4) and many other ircu derivatives Vulnerability details --------------------- send_user_mode in s_user.c does not check that the argument after a +r mode is present, if it is not than the NUL [ more ] [ reply ] EfesTech E-Kontör (id) Remote SQL INJECTION 2008-03-23 dj_remix_20 hotmail com ############################################################## $Author = RMx $home page = www.coderx.org $thanks = Dynamic , TR_IP , Liz0zim $Script name = Efestech E-Kontör (tr) $script test = http://www.aspindir.com/Goster/5145 $script sales = 750 YTL ############################## [ more ] [ reply ] Alkacon OpenCms users_list.jsp searchfilter XSS 2008-03-23 nnposter disclosed not Alkacon OpenCms users_list.jsp searchfilter XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the user management function. Input to parameter searchfilter in page opencms/system/workplace/admin/accounts/users_list.jsp is not su [ more ] [ reply ] Google SoC 2008: Security Projects 2008-03-22 jkouns (jkouns opensecurityfoundation org) Just a quick heads up in case you have been hiding under a rock..... Google's Summer of Code 2008 is officially on. Full details at http://code.google.com/soc/2008/ Google will begin accepting student applications on Monday, March 24, 2008! Please help spread the word and encourage all eligible [ more ] [ reply ] Safari browser 3.1 (525.13) spoofing 2008-03-21 jplopezy gmail com Hello everybody, this time writing to inform them of a vulnerability in the Safari browser for Windows 3.1 which allows falsify the web address and enter another page or content that we want. Below I attach a proof of concept so they can see what it is doing so simple and so dangerous because it [ more ] [ reply ] hacking the mitsubishi GB-50A 2008-03-22 Chris Withers (chris simplistix co uk) Hi All, Well, it's been over 4 months since my plea for a security contact at Mitsubishi Electric to come forward. Since no one has, I thought I'd release a POC for hacking one. It's not exactly hard, the web controller uses a nasty set of Java applets to interact with itself. The shocking thin [ more ] [ reply ] Fedora, Ubuntu publish wrong advisories for CVE-2007-6318 2008-03-21 Abel Cheung (abelcheung gmail com) I have just found some false changelogs and advisories published about a WordPress vuln I published a while ago. Fedora: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg 00079.html Ubuntu: https://bugs.launchpad.net/debian/+source/wordpress/+bug/181416 What they have fixed [ more ] [ reply ] rPSA-2008-0118-1 bzip2 2008-03-21 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2008-0118-1 Published: 2008-03-21 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Minor Exposure Level Classification: Indirect Deterministic Denial of Service Updated Versions: bzip2=conary.rpath.com@rpl:1/1.0.4-1.1-1 rPath Issue T [ more ] [ reply ] rPSA-2008-0116-1 unzip 2008-03-21 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2008-0116-1 Published: 2008-03-21 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect Deterministic Denial of Service Updated Versions: unzip=conary.rpath.com@rpl:1/5.52-4.1-1 rPath Issue Tracking System: https://issues.rpath.com/b [ more ] [ reply ] Safari 3.1 for windows download bug 2008-03-21 jplopezy gmail com This is another flaw I found in the Safari browser for Windows, the fault lies when trying to download a file with a very long name that causes the program is broken and pull the following exception. Access violation when reading[11b5c539] If the file is filled with more letters to cause an ex [ more ] [ reply ] XSS in cPanel 11.x 2008-03-21 xx_hack_xx_2004 hotmail com Hello I Discovered a new bug in cPanel ( xss ) Exploit : http://example.com:2082/frontend/x/manpage.html?[XSS] Example : 1- http://example.com:2082/frontend/x/manpage.html?<script>alert(LeZr)</scr ipt> 2- http://example.com:2082/frontend/x/manpage.html?<script>alert(document.c ookie) [ more ] [ reply ] {securityreason.com}PHP 5 *printf() - Integer Overflow 2008-03-21 cxib securityreason com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [PHP 5.2.5 and prior : *printf() functions Integer Overflow ] Author: Maksymilian Arciemowicz (cXIb8O3) SecurityReason.com and SecurityReason.pl Date: - - Written: 01.03.2008 - - Public: 20.03.2008 SecurityReason Research SecurityAlert Id: [ more ] [ reply ] webutil.pl is still vulnerable against Remote Command Execution. 2008-03-21 zero-x linuxmail org Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$(cat$IFS/etc/passwd)": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois (Version 2.3 only) Type in the following url (Version 2.7 only): http: [ more ] [ reply ] [MSA01240108] IE7 Transfer-Encoding: chunked allows RequestSplitting/Smuggling. 2008-03-21 Minded Security Research Labs (research mindedsecurity com) [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow 2008-03-21 infocus (infocus infigo hr) MS08-014 2008-03-21 Anonymous Anonymous com MS08-014 I got the sample two weeks ago and I modified it into the useful exploit. Tested on: Microsoft Windows XP SP2 && Microsoft Offset 2003 < SP3 or No MS08-014 Patch http://www.chroot.org/exploits/zha0_ms08_014.rar Email: mycutefish (at) gmail (dot) com [email concealed] zha0 (at) chroot (dot) org [email concealed] [ more ] [ reply ] DotNetNuke Default Machine Key Exposure 2008-03-21 labs gdssecurity com =========================================================== DotNetNuke Default Machine Key Exposure Public Release Date: March 20, 2008 Brian Holyfield - Gotham Digital Science (labs (at) gdssecurity (dot) com [email concealed]) Affected Software: DotNetNuke <= 4.8.1 Severity: Critical ================================= [ more ] [ reply ] CanSecWest 2008 PWN2OWN - Mar 26-28 2008-03-21 Dragos Ruiu (dr kyx net) Calendar Notes: =========== PacSec 2008 will be on November 12/13 in Tokyo at Aoyama Diamond Hall. EUSecWest 2008 will be on May 21/22 at a fun new venue in central London. (We cooked this schedule up so it will enable people to fly to Berlin on the 23rd and make FX's ph-neutral on Saturday the 2 [ more ] [ reply ] [MSA02240108] IE7 allows overwriting of several headers leading toHttp request Splitting and smuggling. 2008-03-21 Minded Security Research Labs (research mindedsecurity com) [ MDVSA-2008:074 ] - Updated audacity package fixes insecure temporary directory creation 2008-03-20 security mandriva com [ MDVSA-2008:073 ] - Updated perl-Net-DNS packages fix DoS vulnerability 2008-03-20 security mandriva com [USN-589-1] unzip vulnerability 2008-03-20 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-589-1 March 20, 2008 unzip vulnerability CVE-2008-0888 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 [ more ] [ reply ] |
|
Privacy Statement |
Product Information
Product Name: SPA-2102 Serial Number: FM500G582390
Software Version: 3.3.6 Hardware Version: 1.2.5(a)
Another device hit with the PoD!
ping -l 65500 192.168.0.1
Only seems to work on the internal networ
[ more ] [ reply ]