|
|
Colapse all |
Post message
FrontRange iHeat Vulnerability 2006-05-16 mcdanielar hushmail com A vulnerability has been found in FrontRange's iHeat product that allows users to gain access to the host machine through a logged on session or execute arbitrary code while using the active-x version of the product. To reproduce the exploit, first upload a file with an extension that has not bee [ more ] [ reply ] XSS in orkut.com 2006-05-15 Rohin Koul (rohin koul gmail com) Hi, I found this little XSS thing with the search.aspx page of orkut.com. The page uses GET method to get user criteria for searching the profiles of people. The fields textboxAgeFrom and textboxAgeTo in the URL are not verified and one can inject any html code using these parameters. Proof of conce [ more ] [ reply ] Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise 2006-05-15 Joachim Schipper (j schipper math uu nl) On Mon, May 15, 2006 at 07:58:10AM -0500, Dixon, Wayne wrote: > So what can be done about this exploit? Does 4.1.2 protect against this > vulnerability? And what other mitigation procedures are available for > this? The best solution is not to run a VNC service using no more than it's own authent [ more ] [ reply ] [SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution 2006-05-18 joey infodrom org (Martin Schulze) Gmail/Gtalk web client DoS 2006-05-16 dan pathology washington edu Gmail/Gtalk web client DoS Summary It is trivial to freeze the browser of a known user who is currently using Gmail with the Gtalk feature enabled. This could lead to a denial of service attack against any user of Gmail who is using the web client. Technical Details Gtalk within Gmail c [ more ] [ reply ] AspBB Forum "profile.asp & default.asp" XSS Vulnerability 2006-05-18 TeufeL Online (teufel hotmail com) This xss works on Aspbb Forums Homapage : http://www.aspbb.org Version : 0.5.2 Exploit: http://www.example.com/default.asp?action="><script>alert('Xss Vulnerability');</script> http://www.example.com/profila.asp?get="><script>alert('Xss Vulnerability');</script>&URL=%2FDefault%2Easp%3F Teuf [ more ] [ reply ] [Info Disclosure] Diesel PHP Job Site Latest Version 2006-05-18 Matt Gibson (diwelf gmail com) Subject: [Info Disclosure] Diesel PHP Job Site Latest Version Severity: Pretty Bad Title: Diesel PHP Job Site Latest Version Information Disclosure Home Page: http://www.dieselscripts.com/ Product Page: http://www.dieselscripts.com/diesel-job-site.html Date: May 17, 2006 Synopsis: ========= When [ more ] [ reply ] [cosmoshop again] sql injection + view all files as admin user 2006-05-18 innate gmx de i am: l0om page: www.excluded.org product: cosmoshop 1) show all files as admin-user 2) sql injection Cosmoshop - Lse (<= )V8.11.106 1) Show all files as an admin-user: /cgi-bin/admin/bestellvorgang/edit_mailtexte.cgi?file=../../../../../../ ../../../etc/passwd%00 /cgi-bin/admin/bestm [ more ] [ reply ] Multiple Vulns in Bitrix CMS 2006-05-18 Gogi The Georgian (gogi__ mail ru) Multiple Vulns in Bitrix CMS Vendor bitrix.com Version The latest one (4.1.x) Severity Medium Patched: No Multiple vulnerabilities discovered in Bitrix CMS. A remote attacker can conduct XSS attacks and compromise vulnerable system. 1. A remote attacker can get information about version history an [ more ] [ reply ] CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload 2006-05-17 CodeScan Labs (advisories codescan com) ======================================================================== = CodeScan Advisory, codescan.com <advisories (at) codescan (dot) com [email concealed]> = http://www.codescan.com/Advisories/CodeScanLabs_AvatarMod.html = = Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload = = Vendor Website: = http://www. [ more ] [ reply ] Gawab.com Register Xss Bugtraq 2006-05-15 rootter hackmaster us Script: Gawab.com Mail Services Portal System Version: ? Language: PHP Problem: Xss Vendor: http://www.HackMaster.Us Discovered by: rootter(at)hackmaster(dot)us Example: http://gawab.com/webfront/register.php?formAction=start&newDomain=i%20fo und%20a%20xss%20vuln.%20%20%3Cscript%3Ea [ more ] [ reply ] RadLance Local Inclusion Exploit 2006-05-14 Hussain Salim (bo_ali90 hotmail com) Discovered And Coded By Mr.CrackerZ Exploit Code ___________ #!/usr/bin/perl #Discovered and coded by Mr.CrackerZ ( Security Team ) #Contact me ( bo_ali90 (at) hotmail (dot) com [email concealed] ) #Usage: radlance.pl <victim> <local file to read> #Google: Powered by: RadLance Gold v7 #Tested Under RadLance Gold v7 ( Loc [ more ] [ reply ] Two heap overflow in libextractor 0.5.13 (rev 2832) 2006-05-17 Luigi Auriemma (aluigi autistici org) Re[2]: The Weakness of Windows Impersonation Model 2006-05-17 Brian L. Walche (gsw gentlesecurity com) Just one important note regarding Database Security Brief: http://www.databasesecurity.com/dbsec/db-sec-tokens.pdf "Why should I never logon to a Windows database server if I've got admin privileges?" We describe a little different problem for MS SQL. MS SQL gets privileged context on its own fro [ more ] [ reply ] Firefox (with IETab Plugin) Null Pointer Dereferences Bug 2006-05-17 Debasis Mohanty (debasis hackingspirits com) Firefox (with IETab Plugin) Null Pointer Dereferences Bug ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Vendor: Mozilla Product: FireFox with IE Tab Tested On: FireFox Version 1.5.0.3 + IE Tab Version 1.0.9 + Windows (XP / 2K) Introduction: IETab (https://addons.mozilla.org/firefox/ [ more ] [ reply ] Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability 2006-05-17 Secunia Research (remove-vuln secunia com) What's Up Professional Spoofing Authentication Bypass 2006-05-17 Kenneth F. Belva (ken ftusecurity com) What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and log [ more ] [ reply ] Re[2]: The Weakness of Windows Impersonation Model 2006-05-16 Brian L. Walche (gsw gentlesecurity com) thanks for reference David. As advisory notes impersonation implications are not something new. We would like to stress the fact of how easy it is to exploit by two notable samples. - An attacker can reliably elevate a context running on behalf of Network Service acccount. For example, by default, [ more ] [ reply ] |
|
Privacy Statement |
The exploit that i publish for freeSSHd 1.0.9 will
work against freeFTPd 1.0.10 as well. Upgrade to the
lattest version of freeFTPd.
http://www.securityfocus.com/data/vulnerabilities/exploits/2680392359-ss
h.py
Disclaimer:
All the information and exploit in this mail and the
previous are prov
[ more ] [ reply ]