[ Bug : SQL Injection " Input string "

By : Hackerz.ir
Link :
http://hide_your_url_plz.com ]
--------------------------------------------------

this is a simple error ...
( try with /default.aspx?page=Document&app=Documents )
there's totally no injection in this case

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00815112
Version: 1

HPSBUX02178 SSRT061267 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

[ more ]  [ reply ]

well actually there no injection sql in the var :
-page
-block

it's just an error for type mismatch ...
( Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "query_blabla"]'

i think those guys ( aria ) doesn't understand the difference between an error sql and a injection sql

[ more ]  [ reply ]

http://eeyeresearch.typepad.com/blog/
http://research.eeye.com/html/alerts/zeroday/index.html

"If something is reported as a non-exploitable bug, we'll make sure to
exhaust the flaw for exploitability, as we have shown with the ASX
Playlist and the ADODB.Connection ActiveX zero-day vulnerabilities.

[ more ]  [ reply ]

Name : Matrix (S.B)

Bug : SQL Injection " Input string "

vendor : EasyPage

By : Hackerz.ir

Link :
http://www.easypage.org/sptrees/default.aspx?page=Document&app=Documents
&docId=#

[ more ]  [ reply ]

> >> we've found local privilege escalation in Symantec LiveState agent.
> >>
> >> PoC:
> >>
> >> 1. kill shstart.exe process
>
> MS> Wouldn't you have to be administrator to kill shstart.exe?
>
> LocalSystem account has more privilegies then administrator's one.

I don't think so. I thin

[ more ]  [ reply ]

On 12/5/06 11:16 AM, "eugeny gladkih" <john (at) drweb (dot) com [email concealed]> spoketh to all:

>>>>>> "MS" == Michael Scheidell <scheidell (at) secnap (dot) net [email concealed]> writes:
>
>>> we've found local privilege escalation in Symantec LiveState agent.
>>>
>>> PoC:
>>>
>>> 1. kill shstart.exe process
>
> MS> Wouldn't you have to be adm

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1228-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 5th, 2006

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00760969
Version: 2

HPSBUX02145 SSRT061202 rev.2 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access

NOTICE: The information in this Secur

[ more ]  [ reply ]

(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_A
rbitrary_File_Removal.pdf )

CYBSEC S.A.
www.cybsec.com

Pre-Advisory Name: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal
=======

[ more ]  [ reply ]

(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocume
nted_Features.pdf )

CYBSEC S.A.
www.cybsec.com

Pre-Advisory Name: SAP Internet Graphics Service (IGS) Undocumented Features
==================

Vuln

[ more ]  [ reply ]

We at freerainbowtables.com are happy to announce the release of DistrRTgen 1.0
DistRTgen is a distributed rainbowtables generator client based on the
work of Zhu Shuanglei (http://www.antsight.com/zsl/rainbowcrack/).
www.freerainbowtables.com provides rainbowtables for download for
free, and now Di

[ more ]  [ reply ]

Name: Matrix (S.B)

Vendor : yahoo.com

Bug : URL Redirection

Link:
http://rds.yahoo.com/_ylt=Ah0geusyaM2xEzqMAjS9XNyoA/SIG=11do5qdq6/EXP=11
48028186/**http%3a//www.hackerz.ir

http://search.yahoo.com/preferences/preferences?pref_done=http%3a//www.h
ackerz.ir

[ more ]  [ reply ]

Aria,

> index.asp?Block=1&page=[SQL INJECTION]

How is this SQL injection? Looking at the code in 'index.asp' shows
that the 'page' parameter is not used in the SQL statement:

strSQL = "SELECT message.* FROM message ORDER BY msg_id DESC;"

Stuart

[ more ]  [ reply ]

> -----Original Message-----
> From: ss_team [mailto:ssteam.pl (at) gmail (dot) com [email concealed]]
> Sent: Monday, December 04, 2006 11:28 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Symantec LiveState Agent for Windows vulnerability -
> Local Privilege Escalation
>
>
> hello,
>
> we've found local privilege escalat

[ more ]  [ reply ]

KOffice Security Advisory: KOffice olefilters integer overflow
Original Release Date: 2006-12-04
URL: http://www.kde.org/info/security/advisory-20061204-1.txt

0. References

CVE-2006-6120

1. Systems affected:

KOffice 1.4.x and 1.6.0. 1.5.x releases are unaffected as well

[ more ]  [ reply ]

We have fixed the (original) viewcart.asp?zoneid one, that was a legitimate sql injection hole.

The (other) products.asp?pa rtno is not a sql-injection vulnerability. However it does put up a sql error message if an unknown partno is passed. So the researcher would have put in an apostrophe int

[ more ]  [ reply ]

Usually, in every medium/high size company Network,
there's a firewall conecting the corporative LAN/WAN
to the Internet with a set of rules that only allows
specific traffic, such as HTTP, HTTPS. FTP or POP3 /
SMTP. A malicious internal user, could take advantage
of these open ports, and use them t

[ more ]  [ reply ]

TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow
Vulnerabilities
http://www.tippingpoint.com/security/advisories/TSRT-06-14.html
December 4, 2006

-- CVE ID:
CVE-2006-5855

-- Affected Vendor:
IBM

-- Affected Products:
Tivoli Storage Manager <5.2.9
Tivoli Storage Manager <

[ more ]  [ reply ]

**************************************************
**************************************************
******

mowdBB forums

**************************************************
**************************************************
******

* mowdBB RC-6 ;

* Class = XSS ;

* Found by = ScReAmDz

* cont

[ more ]  [ reply ]

this is already reported on 2006-03-25

see -> http://www.securityfocus.com/bid/17250
or http://www.milw0rm.com/exploits/1611

[ more ]  [ reply ]

rPath Security Advisory: 2006-0211-2
Published: 2006-11-15
Updated:
2006-12-04 added doxygen to advisory
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect Deterministic Denial of Service
Updated Versions:
libpng=/conary.rpath.com@rpl:devel//1/1.2.13-0.1-1

[ more ]  [ reply ]

Script Name: JAB Guest Book
Authors: Barnz (at) hotmail.co (dot) uk [email concealed]
Website: James Barnsley
Bug Report: NetJackal (nj[AT]hackerz[DOT]ir & nima_501[AT]yahoo[DOT]com)
Status: Patch not released
First i should apologize for my bad english.
Intro:
JAB Guest Book is a free guest book written in PHP, it works using

[ more ]  [ reply ]

hello,

we've found local privilege escalation in Symantec LiveState agent.

PoC:

1. kill shstart.exe process
2. from symantec livestate agent icon in systray choose "Web Self-Service"
3. New browser window will open, it is running with SYSTEM privileges.

tested on fully patched Win XP SP2, Symant

[ more ]  [ reply ]