Beta 2
Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities
Release Date:
December 11, 2008
Date Reported:
October 5, 2008
Severity:
Medium-High (Execute scripts, Turning Protection Off, Transfer data Cross
-----Original Message-----
From: y3nh4ck3r@gmail.com <y3nh4ck3r@gmail.com>
Sent: Monday, April 27, 2009 12:42 PM
To: bugtraq@securityfocus.com <bugtraq@securityfocus.com>
Subject: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
-------------------------------------------------
SQL INJECTION VULNERABILITY --EZ-blog Beta2-->
-------------------------------------------------
-------------------------------------------------
SQL INJECTION VULNERABILITY --EZ-blog Beta2-->
-------------------------------------------------
CMS INFORMATION:
-->WEB: http://sourceforge.net/projects/ez-blog/
-->DOWNLOAD: http://sourceforge.net/projects/ez-blog/
-->DEMO: N/A
-->CATEGORY: CMS / Blogging
Problem Description:
Multiple vulnerabilities was discovered and corrected in openssl:
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
foo2zjs, N/A
libmng zip archives <= 01009x
Firefox <= 3.1 beta 2
Fixed version:
LittleCMS >= 1.18 beta 2
--------------------------------------------------------------
MULTIPLE SQL INJECTION VULNERABILITIES --Flash Quiz Beta 2-->
--------------------------------------------------------------
CMS INFORMATION:
-->WEB: http://sourceforge.net/projects/flashquiz/
-->DOWNLOAD: http://sourceforge.net/projects/flashquiz/
-->DEMO: N/A
-->CATEGORY: CMS / Testing
##################################################
Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid'
SQL Injection
Vendor URL: http://www.elgg.org/
Advisore: http://lostmon.blogspot.com/2011/08/elgg-18-beta2-and-prior-to-1711.html
Vendor notify: YES exploit available: YES
##################################################
###################
Description By vendor
Problem Description:
Multiple vulnerabilities was discovered and corrected in openssl:
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
via DTLS records that (1) are duplicates or (2) have sequence numbers
much greater than current sequence numbers, aka DTLS fragment handling
memory leak. (CVE-2009-1378)
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
Problem Description:
A vulnerability has been found and corrected in firebird:
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
allows remote attackers to cause a denial of service (daemon crash)
via a malformed op_connect_request message that triggers an infinite
loop or NULL pointer dereference (CVE-2009-2620).
This update provides fixes for this vulnerability.
<!--
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html
click the following link with IE while monitoring with procmon
Discovered by: Joo Antunes (AJECT -- Attack Injection Tool) on 05/Jun/
2008
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and should be releasing a corrected
version soon (8.5.2 beta 2)
----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages
*Vulnerable packages*
. Firebird SQL 1.0.3 and before.
. Firebird SQL 1.5.5 and before.
. Firebird SQL 2.0.3 and before.
. Firebird SQL 2.1.0 Beta 2 and before.
*Non-vulnerable packages*
. Firebird SQL 1.5.6 (to be released)
. Firebird SQL 2.0.4 (to be released)
* Online Armor Personal Firewall 2.0.1.215
* Outpost Firewall Pro 4.0.1025.7828
* Privatefirewall 5.0.14.2
* Process Monitor 1.22
* ProcessGuard 3.410
* ProSecurity 1.40 Beta 2
* RegMon 7.04
* ZoneAlarm Pro 7.0.362.000
* probably other versions of above mentioned software
* possibly many other software products that implement SSDT hooks
--------------------------------------------------------------------------------
Exploit:
WikiWebWeaver 1.0 beta 2 Script Have Upload part and you can upload only gif,jpeg lol :D
but you can upload gif.php or psd.php
http://www.site.com/wiki_path/index.php?upload
Luigi Auriemma
Application: Zoom Player
http://www.inmatrix.com
Versions: <= v6.00 beta 2 and naturally all the stable v5 versions
Platforms: Windows
Bug: unicode buffer-overflow
Exploitation: local
Date: 24 Dec 2007
Author: Luigi Auriemma
______________________///////////////\\\\\\\\\\\\\\\____________________
}Name : OneNews Beta 2 Multiple Vulnerabilities {
{Author : suN8Hclf[crimsoN_Loyd9], (DaRk-CodeRs Group) }
}Source : http://sourceforge.net/project/showfiles.php?group_id=193198 {
{Dork : Powered by One-News }
}Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke {
_________________________________{}*{}__________________________________
==========================
-----------------------------------------------------------------------------------------------
Solution:
Upgrade to Chyrp 2.1.2 or Chyrp 2.5 Beta 2
More information:
http://chyrp.net/2012/02/02/heres-whats-been-going-on-recently/
-----------------------------------------------------------------------------------------------
* Vulnerable packages
*
* Firebird SQL 1.0.3 and before.
* Firebird SQL 1.5.5 and before.
* Firebird SQL 2.0.3 and before.
* Firebird SQL 2.1.0 Beta 2 and before.
*
* Non-vulnerable packages
*
* Firebird SQL 1.5.6 (to be released)
* Firebird SQL 2.0.4 (to be released)
5. *Non-vulnerable packages*
. Firebird SQL v2.1.3 Release Candidate 2 (estimated release: July 2009)
. Firebird SQL v2.5 Beta 2 (estimated release: July 2009)
. Firebird SQL v1.5.6 (estimated release: August 2009)
. Firebird SQL v2.0.6 (estimated release: October 2009)
Please build a fresh CVS checkout to have a fixed version sooner.
cross domain leakage. In fact, it may make it easier to attack
Firefox in some cases, compared to previous versions.
Additionally, a concerned is raised on the entropy provided in the
seed to the Math.random PRNG, which may enable more powerful attacks.
This isolation issue was fixed in Firefox 3.6.9, 3.5.12 and 4.0 Beta2.
This issue has been assigned a CVE code CVE-2010-3171.
Thanks,
-Amit
or cause a denial of service (remove protected, sensitive data)
(CVE-2010-1169).
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0
before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before
8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads
Tcl code from the pltcl_modules table regardless of the table's
ownership and permissions, which allows remote authenticated users,
with database-creation privileges, to execute arbitrary Tcl code by
creating this table and inserting a crafted Tcl script (CVE-2010-1170).
|
