Next Page >>
found
# /usr/local/bin/gcc -o jaja2 jaja2.c
# ./jaja2 512
Segmentation fault (core dumped)
# /usr/local/bin/gdb -q jaja2
(no debugging symbols found)
(gdb) r 512
Starting program: /jaja2 512
(no debugging symbols found)
(no debugging symbols found)
- --- 0.Description ---
Solaris is a Unix operating system introduced by Sun Microsystems in 1992 as the successor to SunOS.
Sun Microsystems, Inc. is a wholly owned subsidiary of Oracle Corporation, selling computers, computer components, computer software, and information technology services. Sun was founded on February 24, 1982. The company was headquartered in Santa Clara, California (part of Silicon Valley), on the former west campus of the Agnews Developmental Center.
In computing, ZFS is a combined file system and logical volume manager designed by Sun Microsystems. The features of ZFS include support for high storage capacities, integration of the concepts of filesystem and volume management, snapshots and copy-on-write clones, continuous integrity checking and automatic repair, RAID-Z and native NFSv4 ACLs.
- --- 1. Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service ---
harsh impact to the users of the site, loss of sensitive account
information, etc, more damage than just forcing me to buy beefier
hardware and wonder why I occasionally get a spam posted, but maybe I'm
wrong in my jaded patchers/risk view.
17.03.2010 - found vulnerabilities.
30.03.2010 - disclosed at my site.
31.03.2010 - informed developers.
My specific question is did you contact the admin of this particular
site ahead of time with this information. Based on your timeline you
[+] Search File Overview
--- Exception Logs ---
<b>Warning</b>: preg_match() [<a href=function.preg-match>function.preg-match</a>]:
No ending delimiter \/ found in <b>/kunden/282246_12XXX/cms-test.com/demoversion/modules/upload/class.admin.php</b> on line <b>563</b><br>
<b>Warning</b>: preg_match() [<a href="function.preg-match>function.preg-match</a>]:
No ending delimiter found in <b>/kunden/282246_12XXX/cms-test.com/demoversion/modules/upload/class.admin.php</b> on line <b>563</b><br>
<b>Warning</b>: preg_match() [<a href=function.preg-match>function.preg-match</a>]:
No ending delimiter found in <b>/kunden/282246_12XXX/cms-test.com/demoversion/modules/upload/class.admin.php</b> on line <b>563</b><br>
<b>Warning</b>: preg_match() [<a href=function.preg-match>function.preg-match</a>]:
Details
*******
1. Freeway eCommerce has Multiple Remote/Local File Include vulnerabilities.
1.1 Remote File Include vulnerability found in script admin/create_order_new.php
Vulnerable GET parameter "include_page".
Code
****
1024 CMS has Remote File Include vulnerability and multiple Local File Include vulnerabilities.
1. Remote/Local File Include vulnerabilities found in scripts:
themes/blog/layouts/standard.php
themes/default/layouts/standard.php
themes/portfolio/layouts/standard.php
themes/snazzy/layouts/standard.php
> I don't even know what Dunia soccer is but how about you give vendors a
> chance to make good?
By informing developers of CaptchaSecurityImages.php, and additionally every
developer of every web app (which I found) which is using it (like Dunia
soccer), I'm giving them chance to make it good. Because developers of
CaptchaSecurityImages already fixed most of the holes in their script in
2007 and still many developers around the world are using vulnerable version
of the script or "develop" holes (by ignoring developer's recommendations),
I decided to inform those web developers also and to write additional
Virus data file v4777 created Jun 05 2006
Scanning for 194376 viruses, trojans and variants.
# gdb /usr/local/uvscan/uvscan
GNU gdb 6.3-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are welcome to change it and/or distribute copies of it under certain
conditions. Type "show copying" to see the conditions. There is
absolutely no warranty for GDB. Type "show warranty" for details. This
GDB was configured as "i386-linux"...(no debugging symbols found)
SAP Crystal Report Server 2008 - multiple cross-site scripting vulnerabilities.
SAP Crystal Report Server 2008 - Multiple cross-site scripting vulnerabilities. [DSecRG-11-011] (Internal DSECRG-00147)
Multiple XSS vulnerabilities found in the module PerformanceManagement application SAP Crystal Report Server 2008. An attacker can intercept the cookie administrator or regular user of the system.
Application: SAP Crystal Report Server 2008
Versions Affected: SAP Crystal Report Server 2008
Vendor URL: http://www.sap.com
Bugs: Linked XSS Vulnerability
Windows applications on a virtualized Windows XP SP3 operating system
directly from the Windows 7 desktop but in doing so they may be
inadvertently increasing their risk due to a bug that makes standard
Windows anti-exploitation mechanisms ineffective.
A vulnerability found in the memory management of the Virtual Machine
Monitor makes memory pages mapped above the 2GB available with read or
read/write access to user-space programs running in a Guest operating
system. By leveraging this vulnerability it is possible to bypass
security mechanisms of the operating system such as Data Execution
Prevention (DEP) [1], Safe Structured Error Handling (SafeSEH) [2] and
NTP authentication is not enabled by default on the Service Console.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-1252 to this issue.
A buffer overflow flaw was found in the ntpq diagnostic command. A
malicious, remote server could send a specially-crafted reply to an
ntpq request that could crash ntpq or, potentially, execute
arbitrary code with the privileges of the user running the ntpq
command.
Description
***********
Multiple XSS Vulnerabilities found in:
WAS Core System:
1. Integrated Solutions Console XSS vulnerability.
# Nothing special
else
{
$this->s_admin = false;
$this->msg('No admin session id found', -1);
}
# User session ?
if( !$this->s_sess )
{
Cross Site Scripting:
There are Cross Site Scripting issues in Pligg that allow for
theft of client side credentials such as cookies. An example
can be found in user.php. If the "view" parameter is set to
"search" then the "keyword" parameter can be influenced. This
is a result of un sanitized GPC variables being issued directly
to smarty via the assign function.
/user.php?view=search&keyword=<script>alert(document.cookie);</script>
Details
*******
1. Multiple linked XSS vulnerabilities found. Attacker can inject XSS in URL string.
1.1 Linked XSS vulnerability found in manager/index.php. GET parameter "search"
Search string is available in pages:
This is a free tool available from http://axf.watchfire.com/extensions/exploiter.aspx
The logins are unencrypted and stored in the "Admin" table. Column names are: ID, LastLogin, OrgId, Passsword.
This was found during a penetration test and was not tested as to whether or not further exploitation from inside the application is possible.
CONFIRMED AGAINST:
==================
CourseMill Enterprise v.4.1 SP4 (4527) (http://www.trivantis.com/products/coursemill.html)
-----------------------------
Affected products: all versions of DS-Syndicate for Joomla.
-----------------------------
Timeline:
16.08.2009 - found vulnerabilities.
04.03.2010 - announced at my site. And after making of announcement of these
vulnerabilities, I found that already in 2008 this SQLi vulnerability was
found by boom3rang (before I found it in 2009). Which disclosed exploit for
it at milw0rm.com (http://www.milw0rm.com/exploits/6792). So boom3rang first
found SQLi, and I first found Full path disclosure in this plugin.
Title: Multiple XSS in Apache OFBiz
Advisory ID: BONSAI-2010-0103
Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
Date published: 2010-04-14
Vendors contacted: Apache Software Foundation
Release mode: Coordinated release
2. *Vulnerability Information*
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Several vulnerabilities were found in the vim editor:
A number of input sanitization flaws were found in various vim
system functions. If a user were to open a specially crafted file,
it would be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Several vulnerabilities were found in the vim editor:
A number of input sanitization flaws were found in various vim
system functions. If a user were to open a specially crafted file,
it would be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).
Details
*******
1. Multiple linked XSS vulnerabilities found. Attacker can inject XSS in URL string.
1.1 Linked XSS vulnerabiliies found in index.php.
GET parameters "frontend", "set_frontend", "jz_path", "theme", "set_theme".
Hello Nick aka Nant and Bugtraq!
This Nant's letter I found some time ago (and now found time to write answer
on it) and I found it accidentally, because I'm not subscribed to Bugtraq
mailing list. So Nant and every reader of the list must take it into
account (and send letters to my email, if they want to contact me).
And this is that example of letter from developer, which I mentioned last
week at the list. Which clearly shows, that web developers ignore advisory
about holes in CaptchaSecurityImages.php itself, and only draw attention on
response=`curl -kis -F "userfile=@uploadtest.txt;" $url$ext | grep
SUCCESS | wc -l`
if [ "$response" == "1" ]; then
echo "Found: $i $j $k -> ($ext)";
fi
[ $j -eq 0 ] && break
done
Internet Explorer introduces the concept of URL Security Zones, which
basically define a set of privileges for web applications (such as, for
example, accessing and/or modifying the local computer files) depending
on their level of trustworthiness.
Issues have been found in the way that security policies are applied
when a URI is specified in the UNC form:
'\\MACHINE_NAME_OR_IP\PATH_TO_RESOURCE'
* When a remote site attempts to access a local resource, Internet
Explorer will fail to enforce the Zone Elevation restrictions.
*Vulnerability Description*
Insufficient argument validation of hooked SSDT functions on multiple
Antivirus and Firewalls (BitDefender Antivirus [1], Comodo Firewall [2],
Sophos Antivirus [3] and Rising Antivirus [4]) have been found that
could lead to a Denial of Service (DoS) and possibly to code execution
attacks. An attacker, utilizing these flaws, could be able to locally
reboot the whole system shutting down the firewall or anti-virus
protection. However, in some cases it may be possible to extend the
impact of these bugs, and they could lead to the execution of arbitrary
Details
*******
1. Local File Include vulnerability found in system/_b/contentFiles/gbincluder.php
Code
****
#################################################
path disclosure vulnerabilities in WordPress
------------------------------
URL: http://websecurity.com.ua/4420/
------------------------------
These are Cross-Site Request Forgery vulnerability which I found at
05.06.2007, Information Leakage which I found at 02.08.2009, and Full path
disclosure which I found at 29.07.2010.
------------------------------
1. Cross-Site Request Forgery.
Hello Bugtraq!
I want to warn you about security vulnerabilities in eSitesBuilder. It's
Ukrainian CMS which used particularly for e-commerce sites.
These vulnerabilities I found in 2007-2008 years at one online shop site
(and later I found some of these vulnerabilities at another site on this
engine). And recently I found, that this engine for online shops - it's
eSitesBuilder.
-----------------------------
pw_chars.extend([x for x in range(97, 103)])
pw_chars.sort()
todo = [('', 0, 255)]
while len(todo):
(found, start, end) = todo.pop()
if start == 0 and end == 255 and check("WHERE user_name = '" + found +
"'"):
sys.stdout.write(found + " ")
sys.stdout.flush()
for i in range(35):
> times by Google and one time by Microsoft, and not in IE, but in Outlook,
> and 99% of cases were completely ignored). Taking that into account last
> year I decided from 2010 never inform browser vendors about DoS holes in
> their browsers. And this time it was an exclusion (just one). In any case
> due to full disclosure the Internet community will be knowing about the
> vulnerabilities in browsers which I found and will be knowing the real
> state
> of security of browsers. It was another leitmotif of my advisory.
>
> So this time I informed browser developers and users about these
> issues. And
Next Page>>
|
