beta 2
Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities
Release Date:
December 11, 2008
Date Reported:
October 5, 2008
Severity:
Medium-High (Execute scripts, Turning Protection Off, Transfer data Cross
-----Original Message-----
From: y3nh4ck3r@gmail.com <y3nh4ck3r@gmail.com>
Sent: Monday, April 27, 2009 12:42 PM
To: bugtraq@securityfocus.com <bugtraq@securityfocus.com>
Subject: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
-------------------------------------------------
SQL INJECTION VULNERABILITY --EZ-blog Beta2-->
-------------------------------------------------
via DTLS records that (1) are duplicates or (2) have sequence numbers
much greater than current sequence numbers, aka DTLS fragment handling
memory leak. (CVE-2009-1378)
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
-------------------------------------------------
SQL INJECTION VULNERABILITY --EZ-blog Beta2-->
-------------------------------------------------
CMS INFORMATION:
-->WEB: http://sourceforge.net/projects/ez-blog/
-->DOWNLOAD: http://sourceforge.net/projects/ez-blog/
-->DEMO: N/A
-->CATEGORY: CMS / Blogging
--------------------------------------------------------------
MULTIPLE SQL INJECTION VULNERABILITIES --Flash Quiz Beta 2-->
--------------------------------------------------------------
CMS INFORMATION:
-->WEB: http://sourceforge.net/projects/flashquiz/
-->DOWNLOAD: http://sourceforge.net/projects/flashquiz/
-->DEMO: N/A
-->CATEGORY: CMS / Testing
foo2zjs, N/A
libmng zip archives <= 01009x
Firefox <= 3.1 beta 2
Fixed version:
LittleCMS >= 1.18 beta 2
Problem Description:
Multiple vulnerabilities was discovered and corrected in openssl:
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
Problem Description:
Multiple vulnerabilities was discovered and corrected in openssl:
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
Luigi Auriemma
Application: Zoom Player
http://www.inmatrix.com
Versions: <= v6.00 beta 2 and naturally all the stable v5 versions
Platforms: Windows
Bug: unicode buffer-overflow
Exploitation: local
Date: 24 Dec 2007
Author: Luigi Auriemma
Discovered by: Joo Antunes (AJECT -- Attack Injection Tool) on 05/Jun/
2008
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and should be releasing a corrected
version soon (8.5.2 beta 2)
----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages
--------------------------------------------------------------------------------
Exploit:
WikiWebWeaver 1.0 beta 2 Script Have Upload part and you can upload only gif,jpeg lol :D
but you can upload gif.php or psd.php
http://www.site.com/wiki_path/index.php?upload
5. *Non-vulnerable packages*
. Firebird SQL v2.1.3 Release Candidate 2 (estimated release: July 2009)
. Firebird SQL v2.5 Beta 2 (estimated release: July 2009)
. Firebird SQL v1.5.6 (estimated release: August 2009)
. Firebird SQL v2.0.6 (estimated release: October 2009)
Please build a fresh CVS checkout to have a fixed version sooner.
* Online Armor Personal Firewall 2.0.1.215
* Outpost Firewall Pro 4.0.1025.7828
* Privatefirewall 5.0.14.2
* Process Monitor 1.22
* ProcessGuard 3.410
* ProSecurity 1.40 Beta 2
* RegMon 7.04
* ZoneAlarm Pro 7.0.362.000
* probably other versions of above mentioned software
* possibly many other software products that implement SSDT hooks
<!--
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html
click the following link with IE while monitoring with procmon
______________________///////////////\\\\\\\\\\\\\\\____________________
}Name : OneNews Beta 2 Multiple Vulnerabilities {
{Author : suN8Hclf[crimsoN_Loyd9], (DaRk-CodeRs Group) }
}Source : http://sourceforge.net/project/showfiles.php?group_id=193198 {
{Dork : Powered by One-News }
}Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke {
_________________________________{}*{}__________________________________
==========================
Problem Description:
A vulnerability has been found and corrected in firebird:
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
allows remote attackers to cause a denial of service (daemon crash)
via a malformed op_connect_request message that triggers an infinite
loop or NULL pointer dereference (CVE-2009-2620).
This update provides fixes for this vulnerability.
or cause a denial of service (remove protected, sensitive data)
(CVE-2010-1169).
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0
before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before
8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads
Tcl code from the pltcl_modules table regardless of the table's
ownership and permissions, which allows remote authenticated users,
with database-creation privileges, to execute arbitrary Tcl code by
creating this table and inserting a crafted Tcl script (CVE-2010-1170).
*Vulnerable packages*
. Firebird SQL 1.0.3 and before.
. Firebird SQL 1.5.5 and before.
. Firebird SQL 2.0.3 and before.
. Firebird SQL 2.1.0 Beta 2 and before.
*Non-vulnerable packages*
. Firebird SQL 1.5.6 (to be released)
. Firebird SQL 2.0.4 (to be released)
* Vulnerable packages
*
* Firebird SQL 1.0.3 and before.
* Firebird SQL 1.5.5 and before.
* Firebird SQL 2.0.3 and before.
* Firebird SQL 2.1.0 Beta 2 and before.
*
* Non-vulnerable packages
*
* Firebird SQL 1.5.6 (to be released)
* Firebird SQL 2.0.4 (to be released)
|
