|
|
Colapse all |
Post message
Authentication bypass, sql injections and xss in ArticleLive 2005 2005-05-03 dcrab (dcrab hackerscenter com) Advisories for 4 vulnerabilities addressed by Apple SU 2005-005 2005-05-03 David Remahl (vuln remahl se) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have published advisories for 4 security vulnerabilities in Mac OS X that were addressed by Apple Security Update 2005-005, released today. <http://docs.info.apple.com/article.html?artnum=301528>. This email contains brief summaries of the proble [ more ] [ reply ] Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 2005-05-04 ShineShadow (ss_contacts hotmail com) ShineShadow Security Report 04052005-05 TITLE: Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2. BACKGROUND Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting-edge Merak Mail Server Instant Antispam and much more, is the fastest [ more ] [ reply ] [HSC Security Group] ASP Inline Corporate Calendar SQL injection 2005-05-03 Zinho (zinho hackerscenter com) Multiple SQL injections and XSS in FishCart 3.1 2005-05-04 dcrab (dcrab hackerscenter com) Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah ***SPECIAL OFFER*** Hire my auditing services, if [ more ] [ reply ] [SECURITY] [DSA 720-1] New smartlist packages fix unauthorised un/subscription 2005-05-03 joey infodrom org (Martin Schulze) ASP.NET __VIEWSTATE crypto validation prone to replay attacks 2005-05-03 Michal Zalewski (lcamtuf gmail com) Good morning, ASP.NET's extremely popular __VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" (including form fields, database views, etc), so that user-entered data automagically persists and is populated across newly rendered HTML [ more ] [ reply ] tHorK FrameWork Beta v0.1::: another exploit framework 2005-05-02 gilbert nzeka (dark_khaalel yahoo fr) tHork FrameWork is an exploit framework that allows you to put all the exploits you want/have in a repertory in order to access them (with a search engine) whenever and wherever you want. tHork is under GPL license and was programed in python. tHork FrameWork is a whole of "small" CGI script need [ more ] [ reply ] [CLA-2005:952] Conectiva Security Announcement - kernel 2005-05-02 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kernel SUMMARY : Kernel update DATE : 20 [ more ] [ reply ] Directory Traversal Vuln - RaidenFTPD 2.4 < Build 2241 2005-05-02 Lachlan. H (pseudonym_ok yahoo com) Product : RaidenFTPD Affected Versions : < 2.4.2241 *** Author: Lachlan. H Date vendor notified: 19/04/2005 Patch released: 20/04/2005 Disclosure: 02/05/2005 *** Product Description: RaidenFTPD is an easy-to-use ftp server software for Windows?. With this handy tool you can share you [ more ] [ reply ] Re: Privilege escalation in BulletProof FTP Server v2.4.0.31 [PoC] 2005-04-29 Jerome ATHIAS (jerome athias free fr) In-Reply-To: <80115b69050427102530b5ab91 (at) mail.gmail (dot) com [email concealed]> //********************************************************************** ******** //Privilege escalation in BulletProof FTP Server v2.4.0.31 //By Jerome Athias //jerome DOT athias AT free DOT fr //Discovered by Reed Arvin reedarvin[at]gmail[do [ more ] [ reply ] Regions bank phishing scam 2005-04-30 Ryan S (r st comcast net) Forgive me if this is not the best place to foward this report. Today, April 29, I received a Regions online banking ("RegionsNET") e-mail phishing scam attempt. The "scam site" was still active prior to this mailing. I have included the e-mail I received and removed my e-mail addresses and [ more ] [ reply ] Golden FTP Server Pro Remote Buffer Overflow Exploit 2005-04-30 mohamed amhemed (rodhedor hotmail com) Golden FTP Server Pro Remote Buffer Overflow Exploit Bug Discovered by rod hedor (http://lezr.com) Exploit coded By lezr hack Web: lezr.com E-Mail: rodhedor (at) hotmail (dot) com [email concealed] Usage:exploit <targetOs> <targetIp> / / Vulnerable Versions: Golden FTP Server Pro v2.52 Exploit: Run the exploit against the s [ more ] [ reply ] Can't trust COMODO 2005-05-02 Gunter Ollmann (NGS) (gunter ngssoftware com) Hey List, For a company that supposedly provides "Anti-fraud protection" and "identity assurance" - why do they clearly plagiarise someone else's copyright whitepaper material and present it as their own work? So much for a "security company" you can trust. As many of you are aware, I produced a [ more ] [ reply ] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation 2005-04-30 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Defcon Capture the Flag registration is open 2005-04-30 Kenshoto (ctf kenshoto com) Word is in from up on high, kenshoto will be running the Defcon Capture the Flag contest in 2005. This year's CtF will be a knock-down-drag-out-cyberninja war, the likes of which the world has never seen. The core skill for this contest will be finding vulnerabilities in software. Those of you wh [ more ] [ reply ] Microsoft WINS Vulnerability + OS/SP Scanner 2005-04-30 class (ad class101 org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While replicating, it's possible to guess the OS and SP, in addition you have the heap base address. Conclusion: all needed for a skilled hacker to intrude a vulnerable computer, however a script kiddie wont be able to do something because each wrong h [ more ] [ reply ] |
|
Privacy Statement |
Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah
***SPECIAL OFFER***
Hire my auditing services, if
[ more ] [ reply ]