|
|
Colapse all |
Post message
[SECURITY] [DSA 686-1] New gftp packages fix directory traversal vulnerability 2005-02-17 joey infodrom org (Martin Schulze) Advisory: Multiple Vulnerabilities in BibORB 2005-02-17 Patrick Hof (security surf25 de) = Advisory: Multiple Vulnerabilities in BibORB = ================================================ Multiple vulnerabilities were found in BibORB which result in SQL injection, XSS, directory traversal and arbitrary file upload. == Details == ============= Product: BibORB Affected Version: 1.3.2, [ more ] [ reply ] [SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution 2005-02-17 joey infodrom org (Martin Schulze) Possible phpBB <=2.0.11 bug or sql injection? 2005-02-17 jtm297 optonline net Since phpbb's website says not to post it on their forum, I guess I'll post my findings here. http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\* \cdf or http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\* It seems it has something to do with the the \'s [ more ] [ reply ] [PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection 2005-02-17 PersianHacker Team (pi3ch yahoo com) [PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection Date: 2005 February Bug Number: 07 paFAQ is a feature rich FAQ/Knowledge base system allowing webmasters to keep an organized database of Frequently Asked Questions. paFAQ also makes a great Knowledge Database for problems and solutions rela [ more ] [ reply ] RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. 2005-02-17 Tosoni (jean-pierre tosoni libertysurf fr) Well, comparison with the NIC handle may be helpful... Here is my experiment about it: I know of a guy who can be considered as a modern "average" user of NIC handles (since the overdevelopment of domains). This guy keeps creating a new NIC handle for him each time he creates a domain for his comp [ more ] [ reply ] Remote Windows Kernel Exploitation - Step Into the Ring 0 2005-02-17 Marc Maiffret (mmaiffret eeye com) Remote Windows Kernel Exploitation - Step Into the Ring 0 http://www.eeye.com/html/resources/whitepapers/research/index.html Over 5 years ago my friend and colleague Barnaby Jack wrote a seminal paper that brought a new level of awareness and understanding to Windows based buffer overflow exploitat [ more ] [ reply ] [ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie 2005-02-17 Scovetta Labs (security scovettalabs com) RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available) 2005-02-17 Williams, James K (James Williams ca com) > Subject: BrightStor ARCserve Backup buffer overflow PoC > From: <cybertronic () gmx ! net> > Date: 2005-02-11 18:19:23 > Message-ID: <20050211181923.27031.qmail () www ! securityfocus ! com> > > //cybertronic (at) gmx (dot) net [email concealed] > > #include <stdio.h> > [...snip...] FYI - we have now posted [ more ] [ reply ] Invision Power Boards 1.3.1 FINAL XSS Exploit 2005-02-18 Daniel A. (ldrada gmail com) Description: Lack of checking in the SML codes. Exploit: Put this into any signature or post on an invision forum: [COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascr ipt:document.location.replace('http://www.hackthissite.org');") [/color] Fix: I'm not good at regexes :) [ more ] [ reply ] [ GLSA 200502-24 ] Midnight Commander: Multiple vulnerabilities 2005-02-17 Sune Kloppenborg Jeppesen (jaervosz gentoo org) RECON 2005 CFP [Montreal, Canada] 2005-02-17 dataworm (dataworm violating us) RECON 2005 - Call for papers - 16/02/05 Montreal, Quebec, Canada 17 - 19 June 2005 We are pleased to announce the Call for papers for the RECON conference. RECON is a security conference taking place downtown Montreal from the 17th to 19th of June 2005. Reverse Engineering and Exploit devel [ more ] [ reply ] MDKSA-2005:039 - Updated rwho packages fix vulnerability 2005-02-17 Mandrakelinux Security Team (security linux-mandrake com) RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? 2005-02-17 Michael Scheidell (scheidell secnap net) And the skiddies who tried to exploit something that didn't exist on our site: (this goes on for some time, here is just a snipp) So, anyone out there who decided to do a 'wait and see', don't. Disable awstats, use access rules, upgrade it or all three. 217.172.168.109 - - [03/Feb/2005:12:28:28 - [ more ] [ reply ] XSS vulnerabilty in ASP.Net [with details] 2005-02-17 Andir Andir (spam_andir mail ru) In August 2004 I found XSS vulnerability in Microsoft ASP.Net, and now I publish it. Full details: En: http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml Ru: http://it-project.ru/andir/docs/aspxvuln/aspxvuln.ru.xml P.S. I to present my appologies for bad english :( My native language is Russ [ more ] [ reply ] |
|
Privacy Statement |
http://labs.idefense.com
This site will serve as our repository for sharing our research and
development with the security community, including the release of free
software tools. Currently you can find the following at the
[ more ] [ reply ]