Bugtraq | Bugtraq

Bugtraq | Bugtraq Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/bugtraq/bugtraq/ en-us (c) Gossamer Threads Inc. All rights reserved. 13 Feb 2012 03:52:10 -0800 120 Gossamer Threads | Bugtraq | Bugtraq 75 23 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg rPSA-2008-0018-1 mysql mysql-bench mysql-server rPath Security Advisory: 2008-0018-1 Published: 2008-01-17 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Determi 17 Jan 2008 07:32:21 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26774 [SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 17 Jan 2008 06:38:45 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26771 [security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00727143 Version: 7 HPSBMA02133 SSRT061201 re 17 Jan 2008 05:30:57 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26770 Clever Copy <=3.0 Multiple Remote Vulnerabilities #################################################################### # # # 17 Jan 2008 00:54:46 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26777 PHPEchoCMS Multible remote vulnerabilitis Hello,, PHPEchoCMS Multible remote vulnerabilitis Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address 16 Jan 2008 21:07:58 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26773 JoomlaFlash Component Multiple Remote File Inclusion Autore: Smasher Sito: http://warwolfz.altervista.org Tipo: Remote File Inclusion Rischio: Alto A remote attacker can gain access to your website thro 16 Jan 2008 16:06:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26772 [ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 16 Jan 2008 15:30:09 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26775 [USN-570-1] boost vulnerabilities =========================================================== Ubuntu Security Notice USN-570-1 January 16, 2008 boost vulnerabilities CVE-200 16 Jan 2008 14:45:38 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26768 Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples Hello, I inputed the example string from IE and Firefox, but it doesn't work. The Tomcat version is 5.5.23. It just displayed what I typed. ... Req 16 Jan 2008 14:40:29 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26776 [ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 16 Jan 2008 14:29:34 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26769 [ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 16 Jan 2008 14:16:50 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26767 Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit [+] Info: [~] Software: Gradman <= 0.1.3 [~] HomePage: http://gradman.xe1ido.com.mx/ [~] Exploit: Local File Inclusion [High] [~] Where: agregar_info 16 Jan 2008 13:11:31 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26766 SQL scalar function to convert big int to dot notation For those of you logging ISA (or whatever) to SQL, you'll have no doubt noted that the source and destination IP's are logged as long integers, and no 16 Jan 2008 12:20:15 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26764 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 =============================================================================== Author: 16 Jan 2008 12:19:44 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26762 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 =============================================================================== Author: J 16 Jan 2008 12:18:40 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26765 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 January 16, 2008 -- CVE ID: 16 Jan 2008 12:12:32 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26763 Country by Country Computer Sets now available for ISA 2004 I've updated the HoG site to include Country-by-country sets for ISA 2004 for those still using that version of the product. http://hammerofgod.com/d 16 Jan 2008 12:00:25 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26761 Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 ####################################################################### Luigi Auriemma Applications: BitTorrent and uTo 16 Jan 2008 10:47:28 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26760 mcGuestbook v1.2 Remote File Inc. Author: BLaSTER a.K.a Gokhan Title: mcGuestbook v1.2 Remote File Inc. Download: http://www.hotscripts.com/jump.php?listing_id=13439&jump_type=1 Contac 16 Jan 2008 10:44:01 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26759 Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow Document ID: 16 Jan 2008 08:15:00 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26758 RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit [+] Info: [~] Software: RichStrong CMS [~] HomePage: http://www.hzrich.cn [~] Exploit: Remote Sql Injection [High] [~] Where: showproduct.asp?cat= [~ 16 Jan 2008 03:36:08 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26748 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities Digital Security Research Group [DSecRG] Advisory #DSECRG-08-003 Application: Blogcms Versions Affected: Blogc 16 Jan 2008 03:02:40 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26747 [DSECRG-08-002] Local File Include in arias 0.99-6 Digital Security Research Group [DSecRG] Advisory #DSECRG-08-002 Application: aria-0.99-6 (Web based ERP) Versions Affected 16 Jan 2008 02:37:35 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26753 Re: what is this? Just to add to what has already passed, Security Focus has put up this article regarding this issue. http://www.securityfocus.com/news/11501 ys On 1 16 Jan 2008 00:57:44 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26745 cPanel Hosting Manager (dohtaccess.html) Aria-Security Team http://Aria-Security.Net ----------------------------------- Vendor: http://cPanel.com cPanel Hosting Manager (dohtaccess.html) Cro 15 Jan 2008 20:09:29 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26750 [Aria-Security.Net] Real Estate Web SQL Injection Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: Vendor: http://www.site2nite.com/ Google Search: Website Dev 15 Jan 2008 19:42:43 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26756 8e6 Technologies R3000 Internet Filter Bypass by Request Split 8e6 Technologies R3000 Internet Filter Bypass by Request Split Product: 8e6 Technologies R3000 Internet Filter http://www.8e6.com/network-security/ 15 Jan 2008 18:55:20 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26755 [SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 15 Jan 2008 15:47:39 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26746 iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND Quicktime is Apple's media pla 15 Jan 2008 15:15:44 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26757 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/TPTI-08-01.html January 15 Jan 2008 15:02:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26754 rPSA-2008-0017-1 libxml2 rPath Security Advisory: 2008-0017-1 Published: 2008-01-15 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Minor Exp 15 Jan 2008 14:54:33 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26752 rPSA-2008-0016-1 postgresql postgresql-server rPath Security Advisory: 2008-0016-1 Published: 2008-01-15 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Determ 15 Jan 2008 14:53:57 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26751 rPSA-2008-0015-1 cairo rPath Security Advisory: 2008-0015-1 Published: 2008-01-15 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User 15 Jan 2008 14:52:53 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26749 Re: Defeating audio captcha systems Dear Jos?e M. Palazon Romero, This approach is not new, it was demonstrated by ShAnKaR <shankar_(at)_shankar.name> against Simple Mac 15 Jan 2008 14:33:34 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26744 iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND TIBCO SmartSockets is a messag 15 Jan 2008 11:18:52 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26743 iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND TIBCO SmartSockets is a messag 15 Jan 2008 11:12:38 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26742 iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND TIBCO SmartSockets is a messag 15 Jan 2008 11:04:42 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26741 iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND TIBCO SmartSockets is a messag 15 Jan 2008 11:01:23 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26740 Re: Linksys WRT54 GL - Session riding (CSRF) On Mon, 14 Jan 2008 12:58:17 CST, Jan Heisterkamp said: > > A malicious link executing unnoticed by the administrator may open the firewall. > > The 15 Jan 2008 10:14:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26739 Re: Linksys WRT54 GL - Session riding (CSRF) > The catch is that this exploit don't work unnoticed, because the admin > get notification in the browser that there has occured an error with the > 15 Jan 2008 10:08:09 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26738 Re[2]: what is this? ---> figure out why my antivirus randomly popsup?i The exploit is served first time you load an infected page and then very infrequently after that ( 15 Jan 2008 09:26:47 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26737 Re: [Full-disclosure] what is this? nope i dont thnk it has to do with user agent.i have tried with IE,Firefox but nothing.though when u change ip it shows the stuff.so i think its ip ba 15 Jan 2008 09:24:45 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26736 Re: [Full-disclosure] what is this? On Tue, 15 Jan 2008, crazy frog crazy frog wrote: > nick, > ur not getting my point,the url is techicorner.com/{random string > here},i have already m 15 Jan 2008 09:22:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26735 Re[2]: what is this? Good point, it could be an unknown kernel hole. However it could and be a privilege escalation scenario through the application layer .. maybe PHP, 15 Jan 2008 08:41:59 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26726 Re[2]: what is this? Jamie, the servers are definately 'rooted' - as in, root access required for what the exploit does ie. it's dug itself deep into the kernel and you c 15 Jan 2008 08:36:15 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26728 RE: what is this? @Dennis: <quote> (...) From all reports so far it does not appear to be a kernel vulnerability (as some of the affected servers were using latest ker 15 Jan 2008 08:33:27 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26734 Re: what is this? On 15/01/2008, Denis <sp23@internode.on.net> wrote: > This is a very serious new threat affecting Linux servers and thousands > of boxes have been com 15 Jan 2008 08:28:32 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26733 Pipe to FOR Crashes CMD Pipe the output of a command to FOR in (), and you crash the Windows Vista Windows Command Processor (CMD.exe) with a DEP violation. I expect it works 15 Jan 2008 07:41:06 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26732 MicroNews Admin Direct Access vulnerability # MicroNews Authentication Bypass # Homepage: http://phptoys.com/ # Download: http://www.phptoys.com/download.php?view.31 # Found by Xcross87 | xcross 15 Jan 2008 07:33:33 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26731 Max's File Uploader File Upload Vulnerability # Max's File Uploader File Upload Vulnerability # Homepage: http://www.phpf1.com/ # Download: http://www.phpf1.com/download.html?item=9 # Dork: intitl 15 Jan 2008 07:12:26 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26730 [security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01325239 Version: 1 HPSBST02304 SSRT080003 re 15 Jan 2008 06:10:00 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26712 [security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01323725 Version: 1 HPSBUX02303 SSRT071468 re 15 Jan 2008 06:09:13 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26711 Article DashBoard all version SQL Injection Vulnerability ########################################################################## # ArticleDashBoard all version SQL Injection Vulnerability # 15 Jan 2008 05:36:22 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26729 SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS)] Author: sp3x Date: - - 15 Jan 2008 00:33:08 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26727 Re: [Full-disclosure] what is this? nick, ur not getting my point,the url is techicorner.com/{random string here},i have already mentioned it in previous posts. i have read the link sent 15 Jan 2008 00:26:48 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26725 Re: [Full-disclosure] what is this? crazy frog crazy frog wrote: > well, > i received many response but no one is perfact.i checked the files and > didn't find anything embeded in my sc 14 Jan 2008 22:45:21 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26724 Re: what is this? well, i received many response but no one is perfact.i checked the files and didn't find anything embeded in my scripts or pages.still i have to figur 14 Jan 2008 22:12:33 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26723 Exploiting the SpamBam plugin for wordpress The attached exploit demonstrates that the WordPress SpamBam plugin can be bypassed due to relying on the client for security. Vulnerable software: S 14 Jan 2008 22:01:53 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26721 Defeating audio captcha systems Hi all, Some days ago I wrote an advisory which demonstrates how the Peter's Math Antispam Spinoff plugin for wordpress (http://www.theblog.ca/math-a 14 Jan 2008 22:01:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26719 Re: what is this? This is a very serious new threat affecting Linux servers and thousands of boxes have been compromised since December 2007. Each box serving the nast 14 Jan 2008 21:16:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26718 [USN-569-1] libxml2 vulnerability =========================================================== Ubuntu Security Notice USN-569-1 January 14, 2008 libxml2 vulnerability CVE-200 14 Jan 2008 16:13:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26717 FreeBSD Security Advisory FreeBSD-SA-08:02.libc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:02.libc 14 Jan 2008 15:09:43 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26716 FreeBSD Security Advisory FreeBSD-SA-08:01.pty -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:01.pty 14 Jan 2008 15:09:39 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26715 [ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 14 Jan 2008 15:04:52 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26714 [ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 14 Jan 2008 14:56:08 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26713 Country by Country ISA Computer Sets Recently, David Litchfield asked me to help him out a bit with a research project he was working on by having me set up a network capture in my DMZ to 14 Jan 2008 14:20:50 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26720 Re: what is this? > Hi, > > Recently on opening one of my site,my antivirus pops up saying that it > has found on malicious script.the url is random and i have managed 14 Jan 2008 13:46:05 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26708 Re[2]: [Full-disclosure] what is this? Dear Jose Nazario, JN> te file you sent here contains a bunch of embeded nulls (every other JN> character is 00). stripping those out reveals . 14 Jan 2008 13:39:22 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26707 [USN-568-1] PostgreSQL vulnerabilities =========================================================== Ubuntu Security Notice USN-568-1 January 14, 2008 postgresql vulnerabilities CV 14 Jan 2008 13:31:06 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26709 RE: what is this? Looks like the local name is actually more random: var name = "c:\\win"+GetRandString(4)+".exe"; Kinda dumb though, as any non-admin class user won' 14 Jan 2008 11:09:49 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26700 Re: Linksys WRT54 GL - Session riding (CSRF) > A malicious link executing unnoticed by the administrator may open the firewall. The catch is that this exploit don't work unnoticed, because the a 14 Jan 2008 10:58:17 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26722 [SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 14 Jan 2008 10:51:52 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26706 ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-001.htm 14 Jan 2008 10:51:37 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26705 Re: Linksys WRT54 GL - Session riding (CSRF) > | Isn't your exploit somewhat complicated? Just put > | > | <img > src="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/> > | > | 14 Jan 2008 09:31:41 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26699 Re: Garment Center (index.cgi) Local File Inclusion Forgot... The Dork: "This site designed and managed by: garmentcenter.net" filetype:cgi 14 Jan 2008 09:13:46 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26702 Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily [+] Info: [~] Software: Binn SBuilder [~] HomePage: http://www.cms.ge/ [~] Exploit: Blind Sql Injection [High] [~] Where: full_text.php?nid= [~] Bug 14 Jan 2008 08:59:40 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26701 Re: what is this? Apologies I should clarify. In this attack legitimate pages on a site are first populated with html tags embedding Javascript like so <script langua 14 Jan 2008 07:59:25 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26696 Re: what is this? yep ther eis one yahoo messenger exploit too. On Jan 14, 2008 9:14 PM, Jose Nazario <jose@monkey.org> wrote: > On Sun, 13 Jan 2008, crazy frog crazy 14 Jan 2008 07:56:59 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26695 Re: what is this? On Sun, 13 Jan 2008, crazy frog crazy frog wrote: > http://secgeeks.com/what.zip > password is 12345 > can somebody guide/help me what is this and ho 14 Jan 2008 07:44:13 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26692 Re: what is this? Looks like your site was compromised along with several hundred others in the last day or so. A full account is up on http://blog.trendmicro.com/e-co 14 Jan 2008 07:44:08 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26694 Re: what is this? Well, was this embedded at your page source code? Or the link was just posted to it ? Its using some apple quicktime exploit to drop probably some bot 14 Jan 2008 07:29:39 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26697 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) <vjt@openssl.it> wrote: > By the way, even with "Transport setup" -> "Automatic", the software > doesn't crash nor loops after 14 Jan 2008 06:56:17 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26686 F5 BIG-IP Web Management List Search XSS F5 BIG-IP Web Management List Search XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a c 14 Jan 2008 06:36:46 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26678 SQID v0.3 - SQL Injection Digger. SQL injection digger is a command line program that looks for SQL injections and common errors in websites. This version now can perform the following 14 Jan 2008 06:17:36 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26685 Re: [Full-disclosure] what is this? hmm.thanks everyone for the suggestions. On Jan 14, 2008 5:22 PM, Nick FitzGerald <nick@virus-l.demon.co.uk> wrote: > 3APA3A wrote: > > > Dear crazy 14 Jan 2008 05:56:24 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26684 Re: [Full-disclosure] what is this? 3APA3A wrote: > Dear crazy frog crazy frog, > > Clear your computer from trojan, change FTP password for you site > hosting access, becau 14 Jan 2008 03:52:23 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26683 Re: [Full-disclosure] what is this? Dear crazy frog crazy frog, Clear your computer from trojan, change FTP password for you site hosting access, because it's stolen, access 14 Jan 2008 01:34:48 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26682 RE: Linksys WRT54 GL - Session riding (CSRF) Ok, and what does it change...there are still the same vulnerabilities in their equipment. Should we stop checking and publishing them just because so 13 Jan 2008 23:20:42 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26680 Re: what is this? more,its not a java script,looks like a html page[.notice the <html> and <body> tag n the file] there is also a random function,which generate the ran 13 Jan 2008 09:33:02 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26677 [SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 13 Jan 2008 09:14:11 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26675 [SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 13 Jan 2008 08:57:16 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26710 what is this? Hi, Recently on opening one of my site,my antivirus pops up saying that it has found on malicious script.the url is random and i have managed to get 13 Jan 2008 08:01:34 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26676 [SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 13 Jan 2008 07:45:01 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26681 [SECURITY] [DSA 1459-1] New gforge packages fix SQL injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 13 Jan 2008 07:07:24 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26693 Hacking The Interwebs http://www.gnucitizen.org/blog/hacking-the-interwebs When the victim visits a malicious SWF file, a 4 step ATTACK will silently execute in the backgr 13 Jan 2008 00:27:05 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26704 Re: Buffer-overflow in Quicktime Player 7.3.1.70 On Jan 11, 2008, at 10:14 PM, Luigi Auriemma wrote: > Now talking about you, Marcello, the problem you had is just with "your" > same computer/ne 12 Jan 2008 14:41:57 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26703 [ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 12 Jan 2008 14:06:23 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26679 Garment Center (index.cgi) Local File Inclusion [+] Discovered by Smasher [+] WarWolfz Crew. [+] http://warwolfz.altervista.org/ Hey wassup....i've found a vulnerability in Garmentcenter in index. 12 Jan 2008 08:44:24 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26674 Safari 2 Denial of Service ############################################################## - S21Sec Advisory - ############################################ 12 Jan 2008 07:30:14 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26671 Re: Buffer-overflow in Quicktime Player 7.3.1.70 > Uhmmm I imagine you are the same Marcello of yesterday, right? > ... Rationally my mail didn't want to be a personal attack, unfortunately yesterda 12 Jan 2008 05:33:43 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26698