|
|
Colapse all |
Post message
"Meanwhile, on the other side of the web server" - a new write-up by Amit Klein 2005-06-09 Amit Klein (AKsecurity) (aksecurity hotpop com) MDKSA-2005:098 - Updated wget packages fix vulnerabilities 2005-06-09 Mandriva Security Team (security mandriva com) Arbitrary code execution in eping plugin 2005-06-09 y0int yahoo it www.RedC0de.org found the following error in eping: Details ------- Advisory name: Arbitrary code execution in eping plugin Advisory number: 1 Application: eping Aplication author: apnovi3 Security-Risk: high - very high Remote-Exploit: Yes Discovered by: m00fd1 aka Tr|p Introduction ------------ [ more ] [ reply ] drone armies C&C report - May/2005 2005-06-07 Gadi Evron (gadi tehila gov il) Below is a periodic public report from the drone armies / botnets research and mitigation mailing list. For this report it should be noted that we base our analysis on the data we have accumulated from various sources. According to our incomplete analysis of information we have thus far, we now pub [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-05:10.tcpdump 2005-06-09 FreeBSD Security Advisories (security-advisories freebsd org) xmysqladmin insecure temporary file creation 2005-06-09 ZATAZ Audits (exploits zataz net) ######################################################### xmysqladmin insecure temporary file creation Vendor: Gilbert Therrien gilbert (at) ican (dot) net [email concealed] or mysql (at) tcx (dot) se [email concealed] Advisory: http://www.zataz.net/adviso/xmysqladmin-05292005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : l [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-05:12.bind9 2005-06-09 FreeBSD Security Advisories (security-advisories freebsd org) remote command execution in 'tattle' 2005-06-07 b0iler (b0iler r00thell org) Hello, a recent bugtraq posting by CISSP C.J. Steele contains a vulnerability which will leave a box possibly open for remote command execution. There are many ways to exploit this, but I chose logging in through ftp with username like sshd rhost 9 10 11 |rm${IFS}-rf${IFS}/|echo'1.1.1.1' because [ more ] [ reply ] [ Suresec Advisories ] - Mac OS X 10.4 - launchd local root vulnerability 2005-06-08 [ Suresec Advisories ] (advisories suresec org) Securesec Security Advisory - #00003 09/06/05 Apple Mac OS X 10.4 launchd race condition vulnerability Advisory: http://www.suresec.org/advisories/adv3.pdf Description: A race condition vulnerability has been found in the temporary file creation done by the suid launchd program on Mac OSX 10. [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-05:11.gzip 2005-06-09 FreeBSD Security Advisories (security-advisories freebsd org) SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:029) 2005-06-09 Ludwig Nussel (ludwig nussel suse de) leafnode security announcement leafnode-SA-2005-02 (CAN-2005-1911) 2005-06-08 Matthias Andree (matthias andree gmx de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 leafnode-SA-2005:02.fetchnews-hangs-on-header Topic: potential denial of service in leafnode Announcement: leafnode-SA-2005:02 Author: Matthias Andree Version: 1.00 Announced: 2005-06-08 Category: main Type: potential denial of service Impact: fet [ more ] [ reply ] Invision Community Blog Vulnerabilities 2005-06-09 GulfTech Security Research (security gulftech org) 2 SQL injection in Loki download manager v2.0 2005-06-08 hack_912 hotmail com hi all tow SQL injection in Loki download manager 1. in http://localhost/adm/default.asp user: anyuser pass: 'or''=' 2. in http://localhost/downmancv/catinfo.asp?cat=' union select null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM tblAdm ' and u will have user and pass [ more ] [ reply ] [ GLSA 200506-05 ] SilverCity: Insecure file permissions 2005-06-08 Sune Kloppenborg Jeppesen (jaervosz gentoo org) MDKSA-2005:096 - Updated openssl packages fix vulnerabilities 2005-06-07 Mandriva Security Team (security mandriva com) [USN-137-1] Linux kernel vulnerabilities 2005-06-08 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-137-1 June 08, 2005 linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities CAN-2005-0756, CAN-2005-1265 =========================================================== A security issue affects the following [ more ] [ reply ] Second-Order Symlink Vulnerabilities 2005-06-07 Steven M. Christey (coley mitre org) [resubmitted to Bugtraq from a valid subscriber address] Introduction ------------ Recently, Eric Romang of ZATAZ Audits reported several symlink issues that are different than the usual symlink vulnerabilities [1] [2]. There are probably a large number of applications that are safe with respect [ more ] [ reply ] Contact Request - Comcast 2005-06-07 Ryan T. Dean (rtdean tcamail net) I realize this is slightly off topic, but... I'm trying to get in contact with someone at Comcast who can address a... well, lets call it an /issue/ I discovered. So far, my attempts at providing the information to someone who can understand it have been met with failure. Does anyone out there [ more ] [ reply ] Kaspersky AntiVirus "klif.sys" Privilege Escalation Vulnerability 2005-06-07 info softsphere com Security advisory. Kaspersky antivirus v. 5.0.227, 5.0.228, 5.0.335 under Windows2000. There is nothing found under Windows XP. There is Windows2000 security subsystem breakout found inside Kaspersky antivirus v. 5.0.227, 5.0.228, 5.0.335. It is possible to exploit it with local privilege escala [ more ] [ reply ] [AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console 2005-06-07 Team SHATTER (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote Buffer overflow in WebSphere Application Server Administrative Console AppSecInc Team SHATTER Security Advisory WEBSP05-V0098 http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html June 07, 2005 Risk level: HIGH Credits: This vu [ more ] [ reply ] Denial of Service vulnerability in GoodTech SMTP Server for Windows NT/2000/XP version 5.14 2005-06-07 Reed Arvin (reedarvin gmail com) Summary: Denial of Service vulnerability in GoodTech SMTP Server for Windows NT/2000/XP version 5.14 (http://www.goodtechsys.com/) Details: Input to the RCPT TO command is not properly checked and/or filtered. Issuing a single character 'A' as an argument to the RCTP TO command will cause the smtpd [ more ] [ reply ] SQL Injection Exploit for WordPress <= 1.5.1.1 2005-06-07 Alberto Trivero (trivero jumpy it) (1 replies) #!/usr/bin/perl -w # # SQL Injection Exploit for WordPress <= 1.5.1.1 # This exploit show the username of the administrator of the blog and his password crypted in MD5 # Related advisory: http://www.securityfocus.com/archive/1/401597/30/0/threaded # Patch: Download the last version at http://wordpre [ more ] [ reply ] Re: SQL Injection Exploit for WordPress <= 1.5.1.1 2005-06-07 Giorgio Mandolfo (giorgio mandolph ath cx) Re: [Full-disclosure] Second-Order Symlink Vulnerabilities 2005-06-07 Graham Reed (greed pobox com) coley (at) mitre (dot) org [email concealed] writes: > For everybuddy, we have: > > 258 g_snprintf(buf, 2048, "rm /tmp/.eb.%s.translator -f ; wget -O > /tmp/.eb.%s.translator > 'http://world.altavista.com/sites/gben/pos/babelfish/tr?tt=urltext&lp=%s _%s&urltext=%s'", > 259 getenv("USER"), getenv("USER"), f [ more ] [ reply ] |
|
Privacy Statement |
A survey of new attacks on the less explored parts
of the web application
Amit Klein, June 2005
Introduction
============
In the beginning, there were the web servers, and they were attacked
[ more ] [ reply ]