|
|
Colapse all |
Post message
Require many large corporate emails for contact regarding vulnerability. 2005-04-16 dcrab (dcrab hackerscenter com) Anyone have any idea of a form of contact with the administrating team, administrator any member of the following websites, please give me details at dcrab (at) hackerscenter (dot) com [email concealed] If any of the representatives of these listed websites read this, please contact me urgently regarding serious vulnerabilit [ more ] [ reply ] phpBB datenbank mod has XSS/SQL Injection in the id variable 2005-04-16 tom cruise (the n3t gmail com) vulnerable mod: datenbank explaination: you can pass SQL Injection / Cross Site Scripting (Commands) in the id variable inside the mod.php (mod-datenbank) exploit: http://[target]/phpBB/moddb/mod.php?id='[SQL Injection] http://[target]/phpBB/moddb/mod.php?id='><script>alert(document.co okie [ more ] [ reply ] [DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability 2005-04-16 David Remahl (vuln remahl se) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The full, up-to-date, text of this advisory is located at: <http://remahl.se/david/vuln/001/>. Title: AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability Date of discovery: 2005-02-13 Date of publication: 2005-04-16 Discovered by: Davi [ more ] [ reply ] Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below 2005-04-15 JeiAr (security gulftech org) (1 replies) In-Reply-To: <20050416033018.9721.qmail (at) www.securityfocus (dot) com [email concealed]> "Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), mysql_real_escape_string() and other functions for input validation before passing user input to the mysql database, or before echoing data on the screen, would s [ more ] [ reply ] Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below 2005-04-15 Paul Laudanski (zx castlecops com) Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below 2005-04-16 dcrab (dcrab hackerscenter com) (1 replies) Dcrab 's Security Advisory [Hsc Security Group] http://www.hackerscenter.com/ [dP Security] http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Http Response Splitting Vul [ more ] [ reply ] Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below 2005-04-17 Amit Klein (AKsecurity) (aksecurity hotpop com) [Overflow.pl] Libsafe - Safety Check Bypass Vulnerability 2005-04-15 Overflow.pl (adv overflow pl) Overflow.pl Security Advisory #2 Libsafe - Safety Check Bypass Vulnerability URL: http://www.overflow.pl/adv/libsafebypass.txt Date: 04.05.2005 1. Background Libsafe is a library that protect critical elements of stacks http://www.research.avayalabs.com/project/libsafe/ 2. Description Attac [ more ] [ reply ] Mafia Blog 2005-04-15 Francisco Alisson (dominusvis click21 com br) ######################################################## # # Mafia Blog # Version: .4 BETA # Vendor: http://chrisnowak.org/projects/mafia/ # Author: Chris Nowak # ######################################################## Let's go... There's no check on admin folder so, anyone could get admin acc [ more ] [ reply ] [ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities 2005-04-15 Sune Kloppenborg Jeppesen (jaervosz gentoo org) myBloggie 2.1.1 2005-04-15 Francisco Alisson (dominusvis click21 com br) ############################################ # # myBloggie 2.1.1 # Vendor: http://www.mywebland.com/ # ############################################ When the comments are posted there's no check for "<script>" tags allowing a script injection attack. Proof of Concept <script>alert(" [ more ] [ reply ] Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability 2005-04-15 Jordi Corrales (jordi shellsec net) Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability - 1 - Introduction DameWare NT Utilities is an enterprise system management application for Windows NT/2000/XP/2003 which provides an integrated collection of Microsoft Windows NT administration utilities incorporating a c [ more ] [ reply ] Arbitrary file overwrite possible by Musicmatch ActiveX control 2005-04-15 Hyperdose Security (robfly hyperdose com) Hyperdose Security Advisory Name: Arbitrary file overwrite in Musicmatch Systems Affected: Musicmatch v10.00.2047 or earlier (according to Yahoo v9.00.5059 and earlier are also affected) Severity: Important Author: Robert Fly - robfly (at) hyperdose (dot) com [email concealed] Advisory URL: http://www.hyperdose.com/advisorie [ more ] [ reply ] windux-linux-gui-rainbow-lanman-cracker released 2005-04-15 Philippe Oechslin (philippe oechslin objectif-securite nospam ch) Just wanted to share that we have finally released a GUI version of ophcrack, the original rainbow table password cracker. Features: - runs with GUI under Windows and linux - dumps hashes from local and remote hashes, provided you are admin - dumps hashes from encrypted sam and config, provided y [ more ] [ reply ] [SECURITY] [DSA 708-1] New PHP3 packages fix denial of service 2005-04-15 joey infodrom org (Martin Schulze) [Overflow.pl] GOCR - Multiple vulnerabilities 2005-04-15 Overflow.pl (adv overflow pl) Overflow.pl Security Advisory #1 GOCR - Multiple vulnerabilities URL: http://www.overflow.pl/adv/gocr.txt Date: 04.05.2005 1. Background GOCR is an OCR (Optical Character Recognition) program, developed under the GNU Public License. It converts scanned images of text back to text files. Joerg Sc [ more ] [ reply ] [SECURITY] [DSA 709-1] New libexif packages fix arbitrary code execution 2005-04-15 joey infodrom org (Martin Schulze) [ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow 2005-04-15 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Improper log file storage in Musicmatch software 2005-04-15 Hyperdose Security (robfly hyperdose com) Hyperdose Security Advisory Name: Improper Log file storage in Musicmatch software Systems Affected: Musicmatch v10.00.2047 or earlier (according to Yahoo v9.00.5059 and earlier are also affected) Severity: Moderate Author: Robert Fly - robfly (at) hyperdose (dot) com [email concealed] Advisory URL: http://www.hyperdose.com/ [ more ] [ reply ] |
|
Privacy Statement |
[ more ] [ reply ]