|
|
Colapse all |
Post message
Re: Security contact for Myspace/Fox? 2006-10-02 Juha-Matti Laurio (juha-matti laurio netti fi) It is worth of contacting the author of this blog entry: http://grownupgeek.blogspot.com/2006/08/myspace-closes-giant-security-ho le.html related to serious information disclosure case during this summer. - Juha-Matti E Mintz <net4n6 (at) gmail (dot) com [email concealed]> wrote: > > Does anyone have a security contact for [ more ] [ reply ] RE: Informing Companies about security vulnerabilities... 2006-10-05 Wolf Halton (saphil yahoo com) Robert, It is not illegal to pen-test web applications on your classroom servers, and then as an exercise, check for web sites running the vulnerable apps and send emails telling them of the vulnerability. This is not like pen-testing the company's web site without permission, and your students wi [ more ] [ reply ] Observations on Mandatory Integrity Control (MIC) in Windows Vista 2006-10-06 Enno Rey (erey ernw de) Hi, in Windows Vista Microsoft plans to introduce a security concept they call "Mandatory integrity control" (MIC) which is described here: [1] http://blogs.technet.com/steriley/archive/2006/07/21/442870.aspx As this sounds like a promising feature I did some testing with Vista RC1 that gave inter [ more ] [ reply ] JavaScript Spider (code that can traverse the web) 2006-10-06 pdp (architect) (pdp gnucitizen googlemail com) http://www.gnucitizen.org/projects/javascript-spider/ During the last couple of days I have been testing several attack vectors to circumvent the browser security sandbox also known as the same origin policy. There is a lot involved into this subject and I will present my notes very soon. The Java [ more ] [ reply ] PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability 2006-10-07 paisterist nst gmail com /* -------------------------------------------------------- [N]eo [S]ecurity [T]eam [NST] - Advisory #25 - 08/10/06 -------------------------------------------------------- Program: PHP Live! Homepage: http://www.phplivesupport.com/ Vulnerable Versions: 3.1 and prior Risk: High! Impact: Critical Ris [ more ] [ reply ] Sorry....My Message With Out Live Site.... 2006-10-07 Dr Ninux hotmail com XSS IN FastFind... DORK: "Powered by FastFind - Search Engine Script" Exploit: http://[target]/[path]/index.php?query=<script>alert(1)</script>&type=si mple references: http://www.interspire.com/fastfind/ Example: http://www.target.com/fastfind/index.php?query=%3Cscript%3Ealert%281%29% 3C%2Fscript%3E [ more ] [ reply ] phpBB User Viewed Posts Tracker Version <= 1.0 [phpbb_root_path] File Include Vulnerability 2006-10-06 x0r0n hotmail com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-= phpBB User Viewed Posts Tracker Version <= 1.0 [phpbb_root_path] File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-= Discovered by XORON(tur [ more ] [ reply ] FreeForum 0.9.7 (fpath) Remote File Include Vulnerability 2006-10-07 x0r0n hotmail com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-= FreeForum 0.9.7 (fpath) Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-= Discovered by XORON(turkish hacker) -=-=-=-=-=-=-=-=-=-= [ more ] [ reply ] LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability 2006-10-07 advisories lssec com (1 replies) Overview: LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Message Engine (msgeng.exe) due [ more ] [ reply ] Vulnerability in Btitracker 2006-10-06 aeroxteam gmail com Hello, I found a vulnerability in btitracker (a tool for create a bittorrent tracker written in php?). This vulnerability can remove physically uploaded files .torrent video : http://aeroxteam.free.fr/btitracker.html exploit(not to diffuse) : <form action="http://127.0.0.1/btitracker/include/prune_ [ more ] [ reply ] LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability 2006-10-07 advisories lssec com Overview: LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Message Engine (msgeng.exe) due [ more ] [ reply ] LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability 2006-10-07 advisories lssec com Overview: LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Discovery Service (casdscsvc.ex [ more ] [ reply ] phponline <= (LangFile) Remote File Inclusion Exploit 2006-10-05 xp1o msn com #======================================================================= ======================= #phponline <= (LangFile) Remote File Inclusion Exploit #======================================================================= ======================== #Bug in :index.php # #Vlu Code : #--------------- [ more ] [ reply ] Emek Portal v2.1 SQL Injection 2006-10-06 dj_remix_20 hotmail com # BiyoSecurity.Org # script name : Emek Portal v2.1 (tr) # Script Download : http://www.aspindir.com/indir.asp?id=2728 # Risk : High # Regards : Dj ReMix # Thanks : Korsan , Liz0zim , Tr_IP # Vulnerable file : giris_yap.asp Manual connect : Go to Admin Panel Login -----> http://victim.com/[p [ more ] [ reply ] Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit 2006-10-06 Steven M. Christey (coley mitre org) There are some important errors in this post that appear to stem from incomplete editing of a previous advisory for an unrelated product, webnews (CVE-2006-5100). The subject line says 1.4, but the version referenced at the end of the post is 1.2.3, which is dated October 2, 2006; so there doesn't [ more ] [ reply ] Details of Lotus Notes Java Applet vulnerabilities 2006-10-06 Jouko Pynnonen (jouko iki fi) OVERVIEW ======== Lotus Notes is a groupware/e-mail system developed by Lotus Software. Due to its security and collaboration features it's used particularly by large organizations, government agencies, etc. IBM estimates it is used by 60 million people. Out of academic interest, I'm posting some [ more ] [ reply ] FreeWPS File Upload Command Execution 2006-10-05 security soqor net Hello,, Free WPS File upload Command execution Vulnerability Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] exploit : #!/usr/bin/php -q -d short_open_tag=on <? /* /* Free WPS Command execution /* This exploit should al [ more ] [ reply ] rPSA-2006-0182-1 php php-mysql php-pgsql 2006-10-05 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2006-0182-1 Published: 2006-10-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: php=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1 php-mysql=/conary.rpath.com@rpl:devel//1 [ more ] [ reply ] TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities 2006-10-05 TSRT 3com com TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities http://www.tippingpoint.com/security/advisories/TSRT-06-11.html October 5, 2006 -- CVE ID: CVE-2006-5143 -- Affected Vendor: Computer Associates -- Affected Products: BrightStor ARCserve Backup [ more ] [ reply ] rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server 2006-10-05 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2006-0185-1 Published: 2006-10-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: gnome-ssh-askpass=/conary.rpath.com@rpl:devel//1/4.4p1-0.1-1 openssh=/conary.rpath.com@rpl:devel//1/4.4 [ more ] [ reply ] rPSA-2006-0183-1 nss_ldap 2006-10-05 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2006-0183-1 Published: 2006-10-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Deterministic Unauthorized Access Updated Versions: nss_ldap=/conary.rpath.com@rpl:devel//1/239-9.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi? [ more ] [ reply ] TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability 2006-10-05 TSRT 3com com TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability http://www.tippingpoint.com/security/advisories/TSRT-06-12.html October 5, 2006 -- CVE ID: CVE-2006-5142 -- Affected Vendor: Computer Associates -- Affected Products: BrightStor ARCserver Backup R11.5 [ more ] [ reply ] [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation 2006-10-05 Reversemode (advisories reversemode com) ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability 2006-10-05 zdi-disclosures 3com com ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-031.html October 5, 2006 -- CVE ID: CVE-2006-5143 -- Affected Vendor: Computer Associates -- Affected Products: BrightStor ARCserve Backup R11.5 [ more ] [ reply ] |
|
Privacy Statement |
websites for the purpose of learning about security vulnerabilities? Sounds like you/your company need to speak
with a lawyer.
- Robert
http://www.cgisecurity.com/ Application Secur
[ more ] [ reply ]