|
|
Colapse all |
Post message
MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities 2005-04-26 dcrab (dcrab hackerscenter com) Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K 2005-04-26 dcrab (dcrab hackerscenter com) Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in [ more ] [ reply ] Multiple SQL Injections in MetaCart2 for PayPal 2005-04-26 dcrab (dcrab hackerscenter com) Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in [ more ] [ reply ] Multiple SQL Injections in MetaCart e-Shop V-8 2005-04-26 dcrab (dcrab hackerscenter com) Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in [ more ] [ reply ] iDEFENSE Security Advisory 04.26.05: MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability 2005-04-26 iDEFENSE Labs (labs-no-reply idefense com) MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability iDEFENSE Security Advisory 04.26.05 www.idefense.com/application/poi/display?id=236&type=vulnerabilities April 26, 2005 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB is [ more ] [ reply ] iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability 2005-04-26 iDEFENSE Labs (labs-no-reply idefense com) Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability iDEFENSE Security Advisory 04.26.05 www.idefense.com/application/poi/display?id=237&type=vulnerabilities April 26, 2005 I. BACKGROUND Citrix Program Neighborhood Agent is a part of the Citrix Presentation Server Client an [ more ] [ reply ] Re: New auto download / install / exploit URL? 2005-04-26 joke0 (joke0 tiscali fr) In-Reply-To: <BE8F2DE1.1B07C%gandalf (at) digital (dot) net [email concealed]> Hi, Gandalf The White: >Someone want to take the time to decode? Not so easy, but done. The decrypted result of this hta leads to an intermediate javascript code (not provided here). Once this one is decrypted too, we get the HTA, pasted below. [ more ] [ reply ] iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Buffer Overflow 2005-04-26 iDEFENSE Labs (labs-no-reply idefense com) Citrix Program Neighborhood Agent Buffer Overflow iDEFENSE Security Advisory 04.26.05 www.idefense.com/application/poi/display?id=238&type=vulnerabilities April 26, 2005 I. BACKGROUND Citrix Program Neighborhood Agent is a part of the Citrix Presentation Server Client and facilitates access to Ci [ more ] [ reply ] [SECURITY] [DSA 714-1] New kdelibs packages fix arbitrary code execution 2005-04-26 joey infodrom org (Martin Schulze) RE: Possible XSS in User-Agent 2005-04-25 Scovetta, Michael V (Michael Scovetta ca com) Nicolas, This is no more an XSS than creating and misusing an arbitrary header: GET / HTTP/1.1 FooBar: <script>alert();</script> ... <%=request.getHeader("FooBar")%> The headers are **always** modifiable by an advanced user, a script-kiddie with a utility, a clever firewall, a proxy server, etc. [ more ] [ reply ] dBpowerAMP Auxiliary - Abnormal execution 2005-04-26 SecuBox fRoGGz (unsecure writeme com) VULNERABLE PRODUCT ------------------ Software: dBpowerAMP Corporation: Illustrate File: auxiliary.exe Version: 6.0.0.1 Vulnerability: Abnormal execution ----------------------------------- BACKGROUND ---------- dMC Auxiliary Input is used to record audio to your hard drive from what is being [ more ] [ reply ] [security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS) 2005-04-25 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01137 REVISION: 0 SSRT5954 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS) NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The information [ more ] [ reply ] [ GLSA 200504-24 ] eGroupWare: XSS and SQL injection vulnerabilities 2005-04-25 Matthias Geerdsen (vorlon gentoo org) remote command execution in ad.cgi script 2005-04-24 fireboy fireboy (fireboynet webmails com) Tunis 24/04/2005 BUG found by fireboy fireboy (at) webmails (dot) com [email concealed] THERE ARE SOME BUGS IN ad.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT. IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1)file showing http://www.target.com/cg [ more ] [ reply ] Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned] 2005-04-24 Dave Aitel (dave immunitysec com) Paul Laudanski wrote: >>Risk: Low Risk!! >>Impact: Multiple Vulnerabilities. >> >> -==phpBB 2.0.14 Multiple Vulnerabilities==- >> >> > >Unsure if its me, but I didn't see a vendor notification here? Might be >because I'm so happy being a proud new dad, but, I thought proper >disclosure [ more ] [ reply ] WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05) 2005-04-24 admin batznet com WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability Vendor: WoltLab URL: http://www.woltlab.de/ Version: <= 2.3.1 PL 2 Type: XSS Discovered by [R] and deluxe89 Description: -------------------------------- The WoltLab Burning Board is a high customisable forum software for every k [ more ] [ reply ] RE: New auto download / install / exploit URL? 2005-04-24 Geoff Vass (geoff cadzow com au) Using scan (at) virustotal (dot) com [email concealed], Fortinet 2.51 identifies it as VBS/Psyme.AY-tr, but no other vendors have detections yet. Cheers Geoff Vass -----Original Message----- From: Gandalf The White [mailto:gandalf (at) digital (dot) net [email concealed]] Sent: Saturday, 23 April 2005 13:11 To: bugtraq (at) securityfocus (dot) com [email concealed] Subject: New auto [ more ] [ reply ] remote command execution in forum.pl script 2005-04-24 fireboy fireboy (fireboynet webmails com) Tunis 24/04/2005 BUG found by fireboy fireboy (at) webmails (dot) com [email concealed] THERE ARE SOME BUGS IN forum.pl SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT. IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1)file showing http://www.target.com/ [ more ] [ reply ] index.cgi script XSS + file show 2005-04-24 fireboy fireboy (fireboynet webmails com) (1 replies) Tunis 24/04/2005 BUG found by fireboy fireboy (at) webmails (dot) com [email concealed] THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1)file showing http://www.target.com/index.cgi?/etc/passwd 2)CSS http://www.target.com/index.cgi [ more ] [ reply ] remote command execution in text.cgi script 2005-04-25 fireboy fireboy (fireboynet webmails com) Tunis 24/04/2005 BUG found by fireboy fireboy (at) webmails (dot) com [email concealed] THERE ARE SOME BUGS IN text.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT. IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1)file showing http://www.target.com/ [ more ] [ reply ] [Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow 2005-04-25 Damian Put (pucik overflow pl) Overflow Security Advisory #3 ImageMagick ReadPNMImage() Heap Overflow Vendor: ImageMagick (http://www.imagemagick.org) Affected version: 6.x up to and including 6.2.1 Vendor status: Fixed version released (6.2.2) Author: Damian Put <pucik (at) overflow (dot) pl [email concealed]> URL: http://www.overflow.pl/adv/imheapoverfl [ more ] [ reply ] E-Cart v1.1 Remote Command Execution Vulnerability 2005-04-24 Emanuele \z\\\ Gentili (emanuele orvietolug org) Exploit for "Cart v1.1 Remote Command Execution Vulnerability" discovery: SoulBlack ============================================================ Title: E-Cart v1.1 Remote Command Execution Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 20/04/2005 Severity [ more ] [ reply ] Possible XSS in User-Agent 2005-04-25 Nicolas Montoza (xonico gmail com) Analyzing User Agent does not make filters of anyone type, being able to inject xss or HTML. POC === let us suppose that the page we visit has the navigator´s check You are sailing with Mozila Firefox.... In php, this simply is <? echo $HTTP_USER_AGENT ?> then we install any kind of soft which [ more ] [ reply ] remote command execution in includer.cgi script 2005-04-24 fireboy fireboy (fireboynet webmails com) Tunis 24/04/2005 BUG found by fireboy fireboy (at) webmails (dot) com [email concealed] THERE ARE SOME BUGS IN includer.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT. IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1)file showing http://www.target. [ more ] [ reply ] remote command execution in citat.pl script 2005-04-24 fireboy fireboy (fireboynet webmails com) Tunis 24/04/2005 BUG found by fireboy fireboy (at) webmails (dot) com [email concealed] THERE ARE SOME BUGS IN citat.pl SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT. IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1)file showing http://www.target.com/ [ more ] [ reply ] hyper.cgi script file show bug 2005-04-24 fireboy fireboy (fireboynet webmails com) Tunis 24/04/2005 BUG found by fireboy fireboy (at) webmails (dot) com [email concealed] THERE IS A BUG IN hyper.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1)file showing http://www.target.com/hyper.cgi?/etc/passwd greetz to all magattack members www.magattac [ more ] [ reply ] [INetCop Security Advisory] Snmppd potentially format string vulnerability. 2005-04-25 dong-hun you (xploit hackermail com) ======================================== INetCop Security Advisory #2005-0x82-027 ======================================== Title: Snmppd potentially format string vulnerability. 0x01. Description About: snmppd is an SNMP proxy daemon that is designed to work with Nagios. It loads MIBs [ more ] [ reply ] |
|
Privacy Statement |
Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/
Get Dcrab's Services to audit your Web servers, scripts, networks, etc.
Learn more at http://www.digitalparadox.org/services.ah
Severity: High
Title: MetaCart2 for PayFlow Mult
[ more ] [ reply ]