[Full-disclosure] Persistent CSRF and The Hotlink Hell

http://www.gnucitizen.org/blog/persistent-csrf-and-the-hotlink-hell/ http://michaeldaw.org/papers/hotlinkpersistentcsrf/ I would like to bring your attention to a topic that has been rarely discussed. I am going to talk about hotlinks, redirections and of course CSRF Cross-site Request Forgery...

DirectAdmin persistant XSS [takeover an Administrator`s account]

Subject: DirectAdmin persistant XSS takeover an Administrators account + Version: DirectAdmin 1.29.3 + Discovered by: Kanedaaa: http://kaneda.bohater.net + DirectAdmin Description: DirectAdmin is a popular, advanced Web Control Panel with many features for webhosting. www.directadmin.com +...

directadmin1293-xss.txt

Subject: DirectAdmin persistant XSS takeover an Administrators account + Version: alert'0wned:'+escapedocument.cookie; Lines in log files: mainlog: 2007-03-23 19:...

Design/Logic Flaw

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service persistent application crash via a crafted phsh hash attribute in a TXT key...

Fedora Core 4 : sendmail-8.13.7-2.fc4.1 (2006-836)

Tue Jul 18 2006 Thomas Woerner 8.13.7-2.fc4.1 - using new syntax for access database 177566 - fixed failure message while shutting down sm-client 119429 resolution: stop sm-client before sendmail - fixed method to specify persistent queue runners 126760 - removed patch backup files from...

wp205-xss.txt

Vulnerability Title: WordPress Persistent XSS Author: David Kierznowski Homepage: http://michaeldaw.org Software Vendor: WordPress Persistent XSS Versions affected: Confirmed in v2.0.5 latest WordPress is a popular open source blogging software. A persistent XSS vulnerability has been found in...

[Full-disclosure] WordPress Persistent XSS

Vulnerability Title: WordPress Persistent XSS Author: David Kierznowski Homepage: http://michaeldaw.org Software Vendor: WordPress Persistent XSS Versions affected: Confirmed in v2.0.5 latest See homepage for more details. WordPress was contacted: 26/12/06 22:04 BST Reply received: 27/12/06 06:11...

PHP Command Shell, Bind TCP (via Perl)

Listen for a connection and spawn a command shell via perl persistent This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

CVE-2006-3205

Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to gain access via modified userenv, passenv, powerenv, and idenv parameters in a cookie, which comprise a persistent logon that does not vary across sessions...

PT-2006-4100 · Upb · Ultimate Php Board

Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board UPB versions 1.9.6 and earlier Description: The issue allows remote attackers to gain access by modifying certain parameters in a cookie. These parameters, including user env, pass env, power env, and id env, can be exploit...

WikiNi Persistent Cross Site Scripting Vulnerability

Hi, I've found a vulnerability more than 2 months ago, and notified the developers, but still no answer, so I'm posting here. http://zone14.free.fr/advisories/3/ Vendor: WikiNi Vulnerable: WikiNi 0.4.2 and below Persistent Cross Site Scripting A persistent XSS vulnerability is the most dangerous...

FreeBSD : pubcookie-login-server -- XSS vulnerability (855cd9fa-c452-11da-8bff-000ae42e9b93)

"Nathan Dors of the Pubcookie Project reports : Multiple non-persistent XSS vulnerabilities were found in the Pubcookie login server's compiled binary 'index.cgi' CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to...

aklink-sa-2006-001-jsboard-xss.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2006-001 ||| ||| CAN-2006-2109 CVE candidate ||| ============================================ JSBoard - Cross Site Scripting Attack ===================================== Date...

JSBoard XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2006-001 ||| ||| CAN-2006-2109 CVE candidate ||| ============================================ JSBoard - Cross Site Scripting Attack ===================================== Date...

Pubcookie application server modules contain cross-site scripting vulnerabilities

Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...

Buffer overflow

The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...

geronimo_css.txt

Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities ======================================================================== Product: ======== Apache Geronimo is the J2EE server project of the Apache Software Foundation. Version: ======== Apache Geronimo 1.0, Jetty 5.1.9...

[Full-disclosure] SiteStudio

------------------------------------------------------------ - EXPL-A-2005-008 exploitlabs.com Advisory 037 - ------------------------------------------------------------ - Site Studio - AFFECTED PRODUCTS ================= Site Studio Positive Software Corporation https://www.psoft.net OVERVIEW...

Exploit Labs Security Advisory 2005.6

------------------------------------------------------------ - EXPL-A-2005-006 exploitlabs.com Advisory 034 - ------------------------------------------------------------ - XAMPP - OVERVIEW ======== XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really ve...

[Full-disclosure] XAMPP

------------------------------------------------------------ - EXPL-A-2005-006 exploitlabs.com Advisory 034 - ------------------------------------------------------------ - XAMPP - OVERVIEW ======== XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really ve...