[Full-disclosure] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)

Hello FD-Reader It took only 889 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsoverwritea...

[Full-disclosure] Oracle Reports - Read parts of files via desname (fixed after 874 days)

Hello FD-Reader It took only 874 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyfi le.html...

Card bar end plug not inserted into the thread—1 Software Developer challenge-vulnerability warning-the black bar safety net

I am asoftwaredeveloper, have been in this New Year occasion, it should not sweep everyone's interest, but to see some of the foreign companies doing I had to stand up and say some words! Don't know if you remember 2 0 0 4 occurred in a dispute, generally the events are as follows:...

[Full-disclosure] WMH AutoPilot: Unauthorized hosting account cancellation request

Title: WMH AutoPilot: Unauthorized hosting account cancellation request Access: Remote Product: WHM AutoPilot http://www.whmautopilot.com Severity: Moderately Low Synopsis: A vulnerability has been identified that allows the unauthorized filing of hosting account cancellation requests. Vulnerable...

Баг в vBulletin 3.x

Здравствуйте. Проверялись версии 3.0.3 и 3.0.9 Поле профиля Статус воспринимает опасные html-тэги по умолчанию эта опция включена и может использоваться для выполнения атак типа XSS а также некоторых других корыстных целях теми, кто может менять свой статус по умолчанию администрация, начиная от...

[Full-disclosure] Serendipity: Account Hijacking / CSRF Vulnerability

=========================================================== Serendipity: Account Hijacking / CSRF Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0509-001, September 29, 2005...

jawsGlossary.txt

XSS Bug in Jaws Glossary v 0.4 - 0.5.1 latest version STATUS: The vendor has been contacted, fixed in cvs. Jaws is a Framework and Content Management System for building dynamic web sites. It aims to be User Friendly giving ease of use and lots of ways to customize web sites, but at the same time...

Multiple Security Issues Found In AZBB

GulfTech Security Research April 19th, 2005 Vendor : AZBB URL : http://azbb.cyaccess.com/ Version : AZBB 1.0.07d && Earlier Risk : Multiple Vulnerabilities Description: azbb is a forum that was written with a primary focus on security. azbb does not require a database such as MySQL, PostGres or...

DelphiTurk FTP v1.0 Passwords to Local Users Exploit

Exploit for unknown platform in category local exploits ==================================================== DelphiTurk FTP v1.0 Passwords to Local Users Exploit ==================================================== / DelphiTurk FTP v1.0 Local Exploit by Kozan Application: DelphiTurk FTP v1.0...

linux/x86 alpha-numeric using IMUL Method shellcode 88 bytes

No description provided by source. /-----------------------------------------------------/ / Alpha-Numeric Shellcode using IMUL Method / / By XORt@dallas2600 88bytes / /-----------------------------------------------------/ "\x68\x69\x58\x69\x6b" / push $0x6b695869 / "\x68\x7a\x36\x37\x70" / push...

serendipityPoC.txt

Serendipity 0.7-beta1 SQL Injection Proof of Concept By aCiDBiTS [email protected] 13-September-2004 "Serendipity http://www.s9y.org/ is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source BSD License." There is no user input sanitation for...

linux/x86 symlink . /bin/sh 32 bytes

No description provided by source. /The shellcode calls the symlink and makes the link to the /bin/sh in the current dir. short version size = 32 bytes OS = BSD written by /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short callme main: pop esi xor eax,eax mov byte esi+7,al...

[Full-Disclosure] Multiples vulnerabilities in JAWS

check this... ///////////////////////////////////////////////////// //// Vulnerable Program: JAWS //// //// Version : 0.3 ; it's BETA probably ; //// //// Url: http://www.jaws.com.mx //// //// The Bug: Multiples vulnerabilities //// //// Date: Today, July 5 off 2004 //// //// Author: Fernando...

osCommerce Malformed Session ID XSS Vuln

Vendor : osCommerce URL : http://www.oscommerce.com Version : All Current Versions Risk : Cross Site Scripting Description: osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners ...

SIRCD: Anyone can set umode +o(oper).

I recently accidentially set my own usermode to +o in SIRCD, MODE nick +o, and hey! I was oper! : Versions affected is atleast 0.5.2 och 0.5.3.. The developer has been informed about this, and I assume that it will be fixed ASAP. Here's a quick fix for those who doesnt have time to wait at least ...

XSS vulnerability in phpBB

Hi, I have found a dangerous vunlerability in phpBB. I've verified that versions 2.0.5 and 2.0.4 AFAIK the two latest versions are affected, but probably more versions are vulnerable. If HTML is enabled for postings, a user can post a link like this: a...

IceWarp 3.4.5 XSS *AGAIN*

DarC KonQuesT IceWarp 3.4.5 XSS Release Product: IceWarp Webmail 3.4.5 Vendor: IceWarp Software - E-mail: [email protected] Web: www.icewarp.com Problem: Cross Site Scripting Severity: Mild Operating Systems: Tested against Win2k Discovered: October 29, 2002 Vendor Notified: October 29, 2002 Publi...

Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches

Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches 1. Problem Description Two undocummented accounts with default passwords allow access via telnet and the web interface to Cajun P550R/P580/P880/P882 switches. Both accounts give developer access to the switch. The...

XSS bug in Zorum 2.4

Vulnerable systems: Zorum 2.4 Exploit: zusershow.php?method=showuserlink&class=Scriptjavascript:alert document.cookie/Script&rollid=admin&x=3da59a9da8825& without "" Solution: i think that will work , but im not sure open dbtreelistpropertymethod.php and put this code in line 7: $class =...

jvm-1.3.crash.txt

Hi, this simple java program crashes the VM at least 1.3.1-b24 on W2K, and is another example of Java-Frontier Bugs.... Yours sincerely Marc Schönefeld // Marc Schoenefeld // class Tester public static void ColorIt sun.awt.color.CMM.cmmCombineTransformsnew long30000, sun.awt.color.ICCTransform...