|
|
Colapse all |
Post message
3proxy[v0.5.3g]: (linux/win32 service) remote buffer overflow exploits. 2007-04-30 v9 (v9 fakehalo us) GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability 2007-04-30 crazy_king eno7 org (1 replies) By Cr@zy_King crazy_king (at) eno7 (dot) org [email concealed] Biyosecurity.Net & Expw0rm.Com Thanks : Liz0 & DarkXBoyZ & Eno7 & ApAci & Uyuss & Crackers_Child & Th3_43k1R & Xoron & Ajannn Portal : GHH Wersion : 1.1 GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability Demo : http://ghh.sourceforge.net/de [ more ] [ reply ] Re: GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability 2007-04-30 Jamie Riden (jamie riden gmail com) [security bulletin] HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), Local Execution of Arbitrary Code with Root Privileges 2007-04-30 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00819543 Version: 1 HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), Local Execution of Arbitrary Code with Root Privileges NOTICE: The information in this Securi [ more ] [ reply ] [SECURITY] [DSA 1283-1] New php5 packages fix several vulnerabilities 2007-04-29 Moritz Muehlenhoff (jmm debian org) Flaw in about.r OS and Progress version disclosure 2007-04-29 suresync gmail com about.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1 h [ more ] [ reply ] please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB" 2007-04-28 Simson Garfinkel (simsong acm org) (1 replies) Dear Tim, Please issue a statement retracting your "security vulnerability" CV2-2007-2056. Your alleged vulnerability in aimage is not a bug because the function getlock() is never called. Although I appreciate the fact that you have done a security audit on my code, many of the bugs that y [ more ] [ reply ] Re: please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB" 2007-04-29 Tim (tmorgan vsecurity com) Seir Anphin (file.php a[filepath]) Remote File Disclosure Vulnerability 2007-04-28 ilkerkandemir mynet com ------------------------------------------------------------------------ ---------- AYYILDIZ.ORG PreSents... Script: Seir Anphin Script Download: http://www.anphin.com/index.php?m=file&op=download&id=1 Dork:"Powered by Seir Anphin" Contact: ilker Kandemir <ilkerkandemir[at]mynet.com> info: */S [ more ] [ reply ] Sphider Version 1.2.x (include_dir) file include 2007-04-28 1one1 lifeisbeginer org # Sphider Version 1.2.x (include_dir) remote file include # script Vendor: http://cs.ioc.ee/~ando/sphider/ # Discovered by: IbnuSina found on index.php $include_dir = "./include"; <--- no patch here $language_dir = "./languages"; include "$include_dir/index_header.inc"; include "$include_dir/conf.p [ more ] [ reply ] AFFLIB(TM): Multiple Shell Metacharacter Injections 2007-04-27 VSR Advisories (advisories vsecurity com) AFFLIB(TM): Time-of-Check-Time-of-Use File Race 2007-04-27 VSR Advisories (advisories vsecurity com) Security Concerns in Web 2.0 2007-04-27 dharmeshmm gmail com Hi, I did get a chance to submit a paper on security concerns in Web 2.0 This paper has been published by OWASP now and is available at link below: PDF version: http://www.owasp.org/index.php/Category:OWASP_Papers HTML version: http://www.owasp.org/index.php/OWASP_Papers/Jeopardy_in_Web_2_0 Happ [ more ] [ reply ] iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability 2007-04-27 iDefense Labs (labs-no-reply idefense com) Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability iDefense Security Advisory 04.26.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 26, 2007 I. BACKGROUND Symantec Norton Ghost is a backup and recovery application designed to allow users to completely r [ more ] [ reply ] iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability 2007-04-27 iDefense Labs (labs-no-reply idefense com) Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability iDefense Security Advisory 04.26.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 26, 2007 I. BACKGROUND Symantec Norton Ghost is a backup and recovery application designed to allow users to completely restore the [ more ] [ reply ] [USN-454-1] PostgreSQL vulnerability 2007-04-27 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-454-1 April 26, 2007 postgresql-8.1, postgresql-8.2 vulnerability CVE-2007-2138 =========================================================== A security issue affects the following Ubuntu releases: Ub [ more ] [ reply ] [USN-455-1] PHP vulnerabilities 2007-04-27 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-455-1 April 27, 2007 php5 vulnerabilities CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1824, CVE-2007-1887, CVE-2007 [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 2007-04-26 FreeBSD Security Advisories (security-advisories freebsd org) iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability 2007-04-26 iDefense Labs (labs-no-reply idefense com) Novell eDirectory NCP Fragment Denial of Service Vulnerability iDefense Security Advisory 04.26.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 26, 2007 I. BACKGROUND Novell eDirectory is a cross-platform lightweight directory access protocol (LDAP) server. In addition to LDAP, eDir [ more ] [ reply ] [SECURITY] [DSA 1282-1] New php4 packages fix several vulnerabilities 2007-04-26 Moritz Muehlenhoff (jmm debian org) Re: Steganos Encrypted Safe NOT so safe 2007-04-26 support steganos com In response to frankrizzo604?s comment, Steganos would like to dispel the rumor that its Steganos Safe encryption software is easily cracked. Steganos Safe enables users to create any number of secure virtual drives in which data is safely stored and encrypted. However frankrizzo604 goes through sev [ more ] [ reply ] Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability 2007-04-26 dj_remix_20 hotmail com $ Credits = RMx $ My Page = www.Expw0rm.com $ Script = Burak Yılmaz Blog (tr) v1.0 $ Download = http://aspindir.com/indir.asp?id=4854 $ Thanx My Friend = Liz0zim and CodexpLoder'tq $ Exploit = http://site.com/[path]/bry.asp?islem=yazidevam&id=-1+union+select+0,0,0, 0,0,0,sifre,0+from+admin #Reg [ more ] [ reply ] modbuild >> 4.1 Remote File Inclusion 2007-04-25 s433d_only_linux yahoo de #################################################### modbuild >> 4.1 Remote File Inclusion #################################################### Affected Software .: Download..: Risk ..............: high Date .........: 26/4/2007 Found by ..........: s433d_only_linux Contact ......... [ more ] [ reply ] |
|
Privacy Statement |
original exploit references:
http://fakehalo.us/x3proxy-win32.c
http://fakehalo.us/x3proxy.c
example(win32 service):
------------------------------------------------------------------------
-
[v9@fhalo v9]$ gcc x3proxy-win32.c -o x3proxy-win32
[v9@fhalo v9]$ ./x3proxy-win32 -h
[ more ] [ reply ]