|
|
Colapse all |
Post message
High Risk Vulnerability in Lexmark Printer Sharing Service 2006-02-07 NGSSoftware Insight Security Research (nisr ngssoftware com) MyQuiz Arbitrary Command Execution Exploit (perl) 2006-02-07 irc0d3r yahoo com This Perl Exploit for MyQuiz 1.01 Arbitrary Command Execution Exploit. Athour : Hessam-x - www.hessamx.net +IHST : iran hackerz security team (hackerz.ir) #((Perl exploit)) #!/usr/bin/perl # => MyQuiz Remote Command Execution Exploit # -> By Hessam-x / www.hackerz.ir # manual exploiting --> http: [ more ] [ reply ] crypt_blowfish 1.0 2006-02-07 Solar Designer (solar openwall com) Hi, This is to announce the first mature version of crypt_blowfish and the minor security fix that this version adds. crypt_blowfish is a public domain implementation of a modern password hashing algorithm based on the Blowfish block cipher, provided via the crypt(3) and a reentrant interface. It [ more ] [ reply ] mailback script exploit 2006-02-05 coderpunk (coderpunk gmail com) There is a mailback perl cgi script that has been in use for years, originally written by Erik C. Thauvin, which has some serious sercurity holes in it. One that is currently being exploited is that the contents of the subject pass to the script from the form are not sanitized before being passed to [ more ] [ reply ] Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4). 2006-02-04 h z inbox ru Hi everyone! the January 23 me was done work on revealing the criticality in forum vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4). ------------------------------------------------------------------------ - The Criticality were find nearly similar nature. Later I have tested them on rest version and [ more ] [ reply ] (OLD) Eudora WorldMail 3.0 Windows 2000 Remote System Exploit 2006-02-04 markus magnus (winning_team555 yahoo de) ### ### Eudora WorldMail 3.0 Windows 2000 Remote System Exploit ### November 2005 ### ### Tested on Windows 2000 Server SP4 ### ### info(AT)com-winner.com ### http://www.com-winner.com ### http://www.com-winner.com/CWCOM/cwc-index/ ### use IO::Socket::INET; use strict; # win32_bind - EXITFUNC=se [ more ] [ reply ] cPanel 10 handle.html XSS Vulnerability 2006-02-05 shell dotshell net mime/handle.html (usually https://www.example.com/cpanel/frontend/x/mime/handle.html) of cPanel 10 is vulnerable to an XSS vulnerability. This can be leveraged by entering an injected html into the extension and/or mime-type specified. I sucesfully leveraged this issue causing the page to execute th [ more ] [ reply ] CAIDA analysis on CME-24/BlackWorm 2006-02-06 Gadi Evron (ge linuxbox org) (1 replies) [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones 2006-02-06 Research Infratech (research infratech fr) [Software affected] Bluetooth Stack on Sony/Ericsson cell phones [Version] Sony/Ericsson K600i, V600i, W800i, T68i and certainly other models [Impact] Bluetooth Stack Denial of Service (may be more - may be a rootkit :) - Phone DoS (reboot or shutdown) - White screen bug (freeze sleeping) [Credit [ more ] [ reply ] [ Secuobs - Tools release ] BSS (Bluetooth Stack Smasher) fuzzer 2006-02-06 Research Infratech (research infratech fr) [Software] BSS - Bluetooth Stack Smasher [Version] 0.6 [Location] BSS could be downloaded on http://www.secuobs.com/news/05022006-bluetooth10.shtml [Credits] Pierre Betouin - pierre.betouin (at) infratech (dot) fr [email concealed] Bug was found on following devices : hcidump, Sony/ericsson K600i/V600i/W800i, Nokia N70 & SA [ more ] [ reply ] [ GLSA 200602-03 ] Apache: Multiple vulnerabilities 2006-02-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ Secuobs - Advisory ] Bluetooth : DoS on hcidump 1.29 + PoC 2006-02-06 Research Infratech (research infratech fr) [Software affected] hcidump [Version] 1.29 (may be other) [Impact] Denial of Service (may be more) [Credits] Pierre Betouin - pierre.betouin (at) infratech (dot) fr [email concealed] - Bug found with BSS v0.6 GPL fuzzer (Bluetooh Stack Smasher) BSS could be downloaded on http://www.secuobs.com/news/05022006-bluetooth10.sht [ more ] [ reply ] [ GLSA 200602-02 ] ADOdb: PostgresSQL command injection 2006-02-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability 2006-02-06 XFOCUS Security Team (security xfocus org) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title:[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability Affected version : <= BCB6+ent_upd4 Vendor: http://borland.com/ Url: http://www.xfocus.net/releases/200602/a849.html XFOCUS (http://www.xfocus.org) had already discover [ more ] [ reply ] Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability 2006-02-07 XFOCUS Security Team (security xfocus org) Announcement: Domain Contamination By Amit Klein 2006-02-06 contact webappsec org The Web Application Security Consortium is proud to present 'Domain Contamination' written by Amit Klein. In this article Amit discusses how an attacker who's hijacked a domain for a short period of time can still retain control of its audience long after the domain is returned to its rightful own [ more ] [ reply ] [SECURITY] [DSA 965-1] New ipsec-tools packages fix denial of service 2006-02-06 joey infodrom org (Martin Schulze) DarkStarlings.com XSS Vulnerability 2006-02-06 Will Boyce (mail willboyce com) --------------------Summary---------------- Vendor: DarkStarlings Vendor's Web Site: http://www.darkstarlings.com/ Software: All products Versions: All versions Critical Level: Moderate Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered b [ more ] [ reply ] [ GLSA 200602-01 ] GStreamer FFmpeg plugin: Heap-based buffer overflow 2006-02-05 Stefan Cornelius (dercorny gentoo org) |
|
Privacy Statement |
in the Lexmark Printer Sharing service which could allow a remote,
unauthenticated attacker to execute arbitrary code on a Lexmark printer
user's computer system with Local System privileges.
There is no known official patch
[ more ] [ reply ]