|
|
Colapse all |
Post message
announcement: reporting and mitigating botnets 2006-02-24 Gadi Evron (ge linuxbox org) Hi guys. There have been numerous queries about the subject of reporting and mitigating botnets in the last few mounths. I promised I would get back to all of you, here we go. We started a new PUBLIC and OPEN mailing list where anyone can join in and report a botnet command and control (C&C) ser [ more ] [ reply ] PwsPHP Injection SQL on Index.php 2006-02-25 papipsycho hotmail com --------------------Summary---------------- Software: Pwsphp CMS Sowtware's Web Site: http://www.pwsphp.com/ Versions: ALL Type: Injection SQL Class: Remote Status: Unpatched. No reply from developer(s) Exploit: Available Solution: Not Available Discovered by: papipsycho SITE : (papipsycho.com & W [ more ] [ reply ] [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 2006-02-25 come2waraxe yahoo com SQL Injection in DCI-Taskeen 2006-02-25 xx_hack_xx_2004 hotmail com Hello Vulnerable: DCI-Taskeen v1.03 http://www.dci-designs.com Exploit : http://example.com/basket.php?action=addex&id=[SQL] http://example.com/basket.php?action=[SQL] http://example.com/basket.php?action=addr&id=[SQL] http://example.com/cat.php?do=cat&page=1&id=[SQL] http://example/cat.ph [ more ] [ reply ] ArGoSoft FTP server remote heap overflow 2006-02-25 Jerome Athias (jerome athias free fr) -- Title: ArGoSoft FTP server remote heap overflow -- Affected Products: ArGoSoft FTP server 1.4.3.5 (current) and prior -- Affected Vendor: ArGoSoft - http://www.argosoft.com -- Impact: DoS, Arbitrary Code Execution -- Where: >From remote -- Type: Heap Overflow -- Vulnerability Details: A rem [ more ] [ reply ] [FLSA-2006:176731] Updated perl packages fix security issue 2006-02-25 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:158543] Updated gaim package fixes security issues 2006-02-25 Marc Deslauriers (marcdeslauriers videotron ca) NSA Group Security Advisory NSAG-¹202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3 2006-02-25 NSA Group (vulnerability nsag ru) Advisory: NSAG-¹202-25.02.2006 Research: NSA Group [Russian company on Audit of safety & Network security] Site of Research: http://www.nsag.ru or http://www.nsag.org Product: WEBSITE GENERATOR 3.3 Site of manufacturer: http://freehostshop.com The status: 19/11/2005 - Publication is postponed [ more ] [ reply ] Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSSvulnerability 2006-02-25 nukedx nukedx com --Security Report-- Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSS vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 01:43 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com Web: http://www.nukedx.com } --- Vendor: eZ systems (ht [ more ] [ reply ] Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.aspnewsid) Remote SQL Injection Vulnerability 2006-02-25 nukedx nukedx com --Security Report-- Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL Injection Vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 06:08 AM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Ve [ more ] [ reply ] Advisory: Pentacle In-Out Board <= 6.03 (login.asp) AuthencationByPass Vulnerability 2006-02-25 nukedx nukedx com --Security Report-- Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 05:56 AM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com Web: http://www.nukedx.com } --- Vendor: G [ more ] [ reply ] NSA Group Security Advisory NSAG-¹201-25.02.2006 Vulnerability SPiD v1.3.1 2006-02-25 NSA Group (vulnerability nsag ru) Advisory: NSAG-¹201-25.02.2006 Research: NSA Group [Russian company on Audit of safety & Network security] Site of Research: http://www.nsag.ru or http://www.nsag.org Product: SPiD v1.3.1 Site of manufacturer: http://spid.adnx.net/ The status: 19/01/2006 - Publication is postponed. 14/02/2006 [ more ] [ reply ] [FLSA-2006:138098] Updated nfs-utils package fixes security issues 2006-02-25 Marc Deslauriers (marcdeslauriers videotron ca) [ MDKSA-2005:048 ] - Updated mplayer packages fix integer overflow vulnerabilities 2006-02-25 security mandriva com iDefense Security Advisory 02.24.06: SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability 2006-02-24 labs-no-reply (labs-no-reply idefense com) SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability iDefense Security Advisory 02.24.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=395 February 24, 2006 I. BACKGROUND SCO Unixware is a Unix operating system that runs on many OEM platforms. More informatio [ more ] [ reply ] fwd: SuSE Security Announcement: heimdal (SUSE-SA:2006:011) 2006-02-24 Dave McKinney (dm securityfocus com) Note: this is the correct version of the previously approved heimdal advisory from earlier today. SUSE re-released this advisory as SUSE-SA:2006:011, which is the correct advisory number. The only difference to the content is the advisory number. ----- Forwarded message from Thomas Biege <thoma [ more ] [ reply ] RE: Vulnerabilites in new laws on computer hacking 2006-02-22 dave (fla linux gmail com) You don't have 300 dollars for vmware so you break into others people systems to learn...That makes no since. If breaking into another persons computer doesn't seem wrong then applying a serial/crack found at astalavista.com or the bugs etc should not seem out of the question. Better to screw a [ more ] [ reply ] [eVuln] Guestex XSS Vulnerability 2006-02-24 alex evuln com New eVuln Advisory: Guestex XSS Vulnerability http://evuln.com/vulns/77/summary.html --------------------Summary---------------- eVuln ID: EV0077 CVE: CVE-2006-0776 Software: Guestext Sowtware's Web Site: http://www.teca-scripts.com/ Versions: 1.0 Critical Level: Harmless Type: Cross-Site Scripting [ more ] [ reply ] Mambo Multiple Vulnerabilities 2006-02-24 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research February 24, 2006 ########################################################## # Vendor : Miro International Pty Ltd # URL : http://www.mamboserver.com/ # Version : Mambo <= 4.5.3h # Risk : Multiple Vuln [ more ] [ reply ] The Domain Name Service as an IDS 2006-02-22 Gadi Evron (ge linuxbox org) "How DNS can be used for detecting and monitoring badware in a network" http://staff.science.uva.nl/~delaat/snb-2005-2006/p12/report.pdf This is a very interesting although preliminary work by obviously skilled people. I haven't learned much but I am extremely happy others work on this than the [ more ] [ reply ] |
|
Privacy Statement |
The worst case scenario (and really only important scenario) is that of a malicious party using javascript to capture cookie information from a user of the site and then using that
[ more ] [ reply ]