|
|
Colapse all |
Post message
SQL injection in Chipmunk forums 2005-02-09 foster GHC (foster ghc ru) /*==========================================*/ // GHC -> Chipmunk forum <- ADVISORY // Product: Chipmunk Forums // URL: http://www.chipmunk-scripts.com/board // VULNERABILITY CLASS: SQL injection // RISK: hight /*==========================================*/ [1] script name: getpassword.php ---[c [ more ] [ reply ] Re: GMail / Google Groups ESMTP software b0f 2005-02-09 Heather Adkins (hadkins google com) > There is a very strong indication for this being a buffer overflow in a > non-forking daemon, rather than a preemptive IDS strike. The threshold for > the number of characters prompting an overflow; the delayed effect of an > overflow; the fact it is affected only by the last EHLO; and the global [ more ] [ reply ] CFP for SyScAN'05 2005-02-09 organiser (at) syscan (dot) org [email concealed] (organiser syscan org) CALL FOR PAPER SYSCAN?05 SYMPOSIUM ON SECURITY AND ASIA NETWORKING 2005 18-19 AUGUST 2005 SINGAPORE SYSCAN?05 The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has [ more ] [ reply ] RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. 2005-02-09 Randal, Phil (prandal herefordshire gov uk) I've verified that the flaw exists on Windows XP SP2 fully patched IE 6 with Verisign's plugin from http://www.idnnow.com/index.jsp. Screenshot here: http://www.rebee.clara.net/images/ie-idn.jpg Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original [ more ] [ reply ] Some details about MS05-007 security bulletin 2005-02-09 Jean-Baptiste Marchand (Jean-Baptiste Marchand hsc fr) Hello, I'd like to provide some details about the vulnerability fixed by the MS05-007 security bulletin: http://www.microsoft.com/technet/security/bulletin/ms05-007.mspx Microsoft security bulletin is in some ways misleading and I've seen that the following CERT vulnerability note: http://www [ more ] [ reply ] [ GLSA 200502-09 ] Python: Arbitrary code execution through SimpleXMLRPCServer 2005-02-08 Thierry Carrez (koon gentoo org) [Security Bulletin] - SSRT4883 HP-UX ftpd remote privileged access 2005-02-09 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01118 REVISION: 0 SSRT4883 rev.0 - HP-UX ftpd remote privileged access NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The information in thi [ more ] [ reply ] [SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities 2005-02-09 chewkeong security org sg SIG^2 Vulnerability Research Advisory ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities by Tan Chew Keong Release Date: 09 Feb 2005 ADVISORY URL http://www.security.org.sg/vuln/argosoftmail1873.html SUMMARY ArGoSoft Mail Server (http://www.argosoft.com/mailserver/) is [ more ] [ reply ] Several SQL injection bugs in myPHP Forum v.1.0 2005-02-09 foster GHC (foster ghc ru) /*==========================================*/ // GHC -> MyPHP Forum <- ADVISORY // Product: MyPHP Forum // Version: 1.0 // URL: http://www.myphp.ws // VULNERABILITY CLASS: SQL injection /*==========================================*/ [Product Description] MyPHP Forum is a simple message board scr [ more ] [ reply ] MDKSA-2005:031 - Updated perl packages fix multiple vulnerabilities 2005-02-08 Mandrakelinux Security Team (security linux-mandrake com) Internet Explorer zone spoofing with encoded URLs 2005-02-09 Jouko Pynnonen (jouko iki fi) OVERVIEW ======== The method used for Windows security zone evaluation fails when characters in the URL are encoded in a certain way. Internet Explorer can be tricked to think that a document belongs in "My Computer" zone when it actually resides on an Internet server. JavaScript in such docu [ more ] [ reply ] MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit 2005-02-09 ATmaCA ATmaCA (atmaca atmacasoft com) (1 replies) /* * * MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit * Bug discoveried by Core Security Technologies (www.coresecurity.com) * Exploit coded By ATmaCA * Copyright ©2002-2005 AtmacaSoft Inc. All Rights Reserved. * Web: http://www.atmacasoft.com * E-Mail: atmaca (at) icqmail (dot) com [email concealed] * C [ more ] [ reply ] RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit 2005-02-09 Andrew Hunter (andiroohunter msn com) [ GLSA 200502-10 ] pdftohtml: Vulnerabilities in included Xpdf 2005-02-09 Matthias Geerdsen (vorlon gentoo org) [SECURITY] [DSA 672-1] New xview packages fix potential arbitrary code execution 2005-02-09 joey infodrom org (Martin Schulze) Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability 2005-02-09 Rafel Ivgi (rivgi finjan com) Finjan Security Advisory Microsoft Office XP Remote Buffer Overflow Vulnerability Introduction Finjan has discovered a new vulnerability in Microsoft Word XP that would allow a hacker to launch a buffer overflow attack. This attack could occur when a user opened a Word document using Internet Exp [ more ] [ reply ] [SCL-2005.002] - IDN Feature Workaround via proxy.pac 2005-02-08 Scovetta, Michael V (Michael Scovetta ca com) [SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories 2005-02-08 chewkeong security org sg SIG^2 Vulnerability Research Advisory 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories by Tan Chew Keong Release Date: 07 Feb 2005 ADVISORY URL http://www.security.org.sg/vuln/602lansuite1221.html SUMMARY 602LAN SUITE (http://www.software602.com/products/ls/) i [ more ] [ reply ] Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994 2005-02-08 Luigi Auriemma (aluigi autistici org) SafeNet SoftRemote VPN Client Issue: Clear-text password stored in memory 2005-02-08 Roy Hills (Roy Hills nta-monitor com) SafeNet SoftRemote VPN Client Issue: Clear-text password stored in memory Summary: NTA Monitor have discovered a password disclosure issue in the SafeNet SoftRemote VPN client: The SoftRemote client stores the password in an obfuscated form in the Windows registry, but it also stores the unencr [ more ] [ reply ] mailman email harvester 2005-02-07 Bernhard Kuemel (bernhard bksys at) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Tons of email addresses from mailman mailing lists are vulnerable to be collected by spammers. They are "protected" by obfuscation (user (at) example (dot) com [email concealed] -> user at example.com) and access to the subscriber list can be restricted to subscribers. The ob [ more ] [ reply ] [PersianHacker.NET 200502-05] WWWoard passwd 2005-02-08 Andrew guess (cybercop38 yahoo com au) Hi all, I know how this hole works and where it hits, also I have found a fix for it, so start applying or end up dieing....lmao This is an example of the source code for the forum script: Line 126:''''''''''End Add ''''''''''''''''''''' Line 127: Line 128:hostInfo = Dns.GetHostByAddress(cli [ more ] [ reply ] EEYE: Windows SMB Client Transaction Response Handling Vulnerability 2005-02-09 Marc Maiffret (mmaiffret eeye com) Windows SMB Client Transaction Response Handling Vulnerability Release Date: February 8, 2005 Date Reported: August 2, 2004 Severity: High (Remote Code Execution) Vendor: Microsoft Systems Affected: Windows 2000 Windows XP Windows Server 2003 Overview: eEye Digital Security has discovered a vu [ more ] [ reply ] |
|
Privacy Statement |
// GHC -> CMS CORE <- ADVISORY
// Product: CMS Core
// URL: http://chipmunk-scripts.com/scripts/cmscore.php
// VULNERABILITY CLASS: SQL injection
/*==========================================*/
[1] script name: index.php
---[code]---
$EntryID=$_GET['EntryID'];
...
$article="SELECT * FROM CMS_arti
[ more ] [ reply ]