|
|
Colapse all |
Post message
VNC_bypauth: vnc scanner multithreaded linux & windows 2006-05-17 ad (at) heapoverflow (dot) com [email concealed] (ad heapoverflow com) Newsportal <= 0.36 Remote File Inclusion Vulnerability 2006-05-17 philipp niedziela gmx de Newsportal <= 0.36 Remote File Inclusion Vulnerability [+] Affected Software: Newsportal <= 0.36 + register_globals=on [+] Vendor: http://florian-amrhein.de/newsportal [+] Contact. philipp.niedziela (at) gmx (dot) de [email concealed] [+] Vuln discovered by: Florian Amrhein [+] PoC by: Philipp Niedziela // CODE [newsp [ more ] [ reply ] iDefense Q2 2006 Vulnerability Challenge 2006-05-17 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) iDefense Labs is pleased to announce the launch of next installment in our quarterly vulnerability challenge. Last quarter's challenge focused on critical vulnerabilities in Microsoft products and was a great success. We would like to thank everyone that forwarded submissions prior to the deadline o [ more ] [ reply ] Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability 2006-05-17 Secunia Research (remove-vuln secunia com) Re: Checkpoint SYN DoS Vulnerability 2006-05-16 sanjay naik (sanjaynaik hotmail com) Hi David, The firewalls are not configured to confuse the scanner. The configurations have been checked by the Checkpoint Tech Support and the Checkpoint SMEs from our team. This is not a mis-configuration issue and SYNdefender is disabled. Regards, Sanjay Naik, CISSP Sr. Security Consultant [ more ] [ reply ] Maksymilian Arciemowicz 2006-05-16 cxib securityreason com Trust unworthy variables in PHP by SecurityReason.Com Maksymilian Arciemowicz max [at] jestsuper [dot] pl cxib [at] securityreason [dot] com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg Recently, I have published a simple 'Full Path Disclosure and SQL Errors' bug, which has p [ more ] [ reply ] Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability. 2006-05-17 Mustafa Can Bjorn IPEKCI (nukedx nukedx com) --Security Report-- Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 17/05/06 05:37 AM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: Quezza (http://www.quezza.com/) Version: [ more ] [ reply ] ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow 2006-05-16 Sune Kloppenborg Jeppesen (jaervosz gentoo org) DeluxeBB <= v1.06 attachment mod_mime exploit 2006-05-16 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "DeluxeBB <= v1.06 attachment mod_mime exploit\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "tested & working against a fresh deluxebb installation\r\n\r\n"; if ($argc<4) { echo "Usage: php [ more ] [ reply ] UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage 2006-05-16 Sune Kloppenborg Jeppesen (jaervosz gentoo org) PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure 2006-05-16 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "PHP-Fusion <= v6.00.306 \"srch_where\" SQL Injection/Admin credentials disclosure\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; if ($argc<5) { echo "Usage: php ".$argv[0]." host path user pass [ more ] [ reply ] The Weakness of Windows Impersonation Model 2006-05-16 Brian L. Walche (gsw gentlesecurity com) The Weakness of Windows Impersonation Model <http://www.gentlesecurity.com/04302006.html> Summary 1. Network Service account?s context is elevated to LocalSystem. 2. A context of MS SQL service running as unique user account is elevated up to LocalSystem. 3. Any service?s context could be elevated [ more ] [ reply ] vulnerability details 2006-05-16 Arnold Grossmann (arnold grossmann gmail com) Release Date: 03/01/2006 Affected Applications: SAP WebAS Kernel up to version 7.00 Affected Platforms: Platform-Independant Local / Remote: Remote Severity: Medium to High Author: A. Grossmann arnold.grossmann (at) gmail.com Vendor Status: Confirmed Product Overview ( cited from SAP ): ==== [ more ] [ reply ] ScanAlert Security Advisory 2006-05-16 Joseph Pierini (joep scanalert com) ScanAlert Security Advisory http://www.scanalert.com Caucho Resin Multiple Vulnerabilities - Arbitrary File Access & Information Disclosure Date: 5/16/06 Vendor: Caucho Package: Resin Version: 3.0.17 and 3.0.18 ? Vendor Confirmed Credit: ScanAlert?s Security and Enterprise Services Teams. Risk: C [ more ] [ reply ] Checkpoint SYN DoS Vulnerability 2006-05-16 sanjay naik (sanjaynaik hotmail com) (2 replies) Hello, I have recently come across a strange behavior observed on the Nokia Checkpoint Firewall. Nokia as well as Checkpoint have no clue as to why this is occuring and have not provided any resolution to this. We have been having multiple Vulnerability Scanner failures on the Intranet of the c [ more ] [ reply ] Re: Checkpoint SYN DoS Vulnerability 2006-05-16 Pawel Worach (pawel worach gmail com) (1 replies) Newsportal: code injection vulnerability 2006-05-16 newsportal florian-amrhein de Hello, there is a code injection vulnerability in NewsPortal that could give everyone the ability to execute php code on the webserver where newsportal is installed. This bug should only occur if "register_globals=on" is set in the php.ini. To remove the problem: - install the recent ver [ more ] [ reply ] re: RealVNC 4.1.1 Remote Compromise 2006-05-16 plato dodgeit com Wow, 1 line of code addition to exploit: secType=1; Since I'm sure many have already discovered this (since it is so trivial), I leave it up to the devious reader to find out where to insert this. BTW: RealVNC 4.1.2 is not affected by this bug. ** Disclaimer: If you find out how to exploit thi [ more ] [ reply ] RE: Is MS06-018 a DoS or a system compromise ? 2006-05-15 Hayes, Bill (Bill Hayes owh com) The answer seems to be "it depends". There are really two MSDTC flaws, CVE-2006-0034 and CVE-2006-1184 that are being discussed. Secunia rates the cumulative security risk as "Moderately Critical" and weighs the DoS attack as the dominate effect for modern Windows OSes. FRSIRT rates the cumulative [ more ] [ reply ] YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability 2006-05-15 geinblues gmail com Title : YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability ------------------------------------------ Author : x90c(Kyong Joo, Jung) Published : 2006.5.16 E-mail : geinblues [at] gmail.com Site : http://www.chollian.net/~jyj9782 ------------------------------------------ 0x01 Sum [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
windows: http://heapoverflow.com/vnc_reloaded/VNC_bypauth-win32.rar
linux: http://heapoverflow.com/vnc_reloaded/VNC_bypauth-linux.tar.gz
comments: http://heapoverflow.com/viewtopic.php?p=1729
Hello J.Weatherall :)
-----BEGIN PGP SIGNATURE-----
Versio
[ more ] [ reply ]