SecurityFeed.info

« Expand/Collapse

Unread items (100)

July 22, 2008
12:54
Where does your network end?, (Mon, Jul 21st)
» ‎ SANS Internet Storm Center, InfoCON: green

One thing we pretty much all agree on is that the perimeter of our networks are expanding. No ...(more)...
12:54
Denial of Service Attack Against Georgia-- Are You Participating?, (Sun, Jul 20th)
» ‎ SANS Internet Storm Center, InfoCON: green

Steven over at Shadowserver is reporting on a Distributed Denial of Service attack against the websi ...(more)...

Permalink for '0x000000_Security/2008/07/22/Fuzzy_Overdrive.'

12:54

Fuzzy Overdrive.

» ‎ 0x000000 Security

While working on my new ActiveX fuzzer I needed a break and wrote another html/css fuzzer called fuzzy overdrive. It's a basic concept tool born out of boredom that generates all sorts of HTML and CSS intended to trigger a crashed browser in order to locate vulnerabilities or just bugs in markup parsing. I know that fuzzing is like playing the slots, but it is still fun to write and use it. Anyway, I thought maybe you like to play with this toy too. I had it running a couple of times, and at some point Firefox crashed while viewing the source window that became very unstable. The joy of fuzzing.

On two different occasions, Firefox 3 also seemed to have cache problems. I found this while testing fuzzy overdrive. It looks like a title or alt caption that showed up, which was not in my source. In fact, it was the title tag of a TD in a table of a webpage I visited before launching fuzzy overdrive and closed the other page. Would this mean possible cache access? likely, but it's hard to prove. Below is the screenshot I made of the problem. I did save the testcase, but it's hard to reproduce accurately it only worked correctly the same two times.

You can check out the source, or you can download a copy if you like to try it out. Do not think it spits out zero-days on demand, it can take a lot of time before even finding something interesting regarding HTML and CSS fuzzing.

download a copy here

<html>

<head>



<?



// You might want to set a (strict) doctype for different results.

// Currently Fuzzy Overdrive does not nest HTML.



$smash	= array(

  -1,

  10000,

  0xffffff,

  0xffffffff,

  0xffffffffff,

  10000000000000,

  str_repeat('1',rand(10,100000))

  );



$distort = array(

  '<a>',

  '<abbr>',

  '<acronym>',

  '<address>',

  '<area>',

  '<b>',

  '<base>',

  '<bdo>',

  '<big>',

  '<blockquote>',

  '<body>',

  '<br>',

  '<button>',

  '<caption>',

  '<cite>',

  '<code>',

  '<col>',

  '<colgroup>',

  '<dd>',

  '<del>',

  '<dfn>',

  '<div>',

  '<dl>',

  '<DOCTYPE>',

  '<dt>',

  '<em>',

  '<fieldset>',

  '<frameset>',

  '<form>',

  '<h1>',

  '<head>',

  '<html>',

  '<hr>',

  '<i>',

  '<img>',

  '<input>',

  '<iframe>',

  '<ins>',

  '<kbd>',

  '<label>',

  '<legend>',

  '<li>',

  '<link>',

  '<map>',

  '<meta>',

  '<noscript>',

  '<object>',

  '<ol>',

  '<optgroup>',

  '<option>',

  '<p>',

  '<param>',

  '<pre>',

  '<q>',

  '<samp>',

  '<script>',

  '<select>',

  '<small>',

  '<span>',

  '<strong>',

  '<style>',

  '<sub>',

  '<sup>',

  '<table>',

  '<tbody>',

  '<td>',

  '<textarea>',

  '<tfoot>',

  '<th>',

  '<thead>',

  '<title>',

  '<tr>',

  '<tt>',

  '<ul>',

  '<var>'

   );

 $methods = array(

  'src',

  'align',

  'height',

  'width',

  'length',

  'href',

  'valign',

  'vspace',

  'hspace',

  'wrap',

  'type',

  'units',

  'from',

  'style',

  'bgcolor',

  'hspace',

  'loop',

  'scroll',

  'usemap',

  'ismap',

  'prompt',

  'enctype',

  'overlay',

  'dynsrc',

  'ref',

  'shape',

  'ping',

  'rows',

  'cols',

  'content',

  'charset'

  );

 

$styletag = array(

   'accelerator',

   'appearance',

   'azimuth',



   'background',

   'backgroundAttachment',

   'backgroundClip',

   'backgroundColor',

   'backgroundImage',

   'backgroundOrigin',

   'backgroundPosition',

   'backgroundPositionX',

   'backgroundPositionY',

   'backgroundRepeat',

   'behavior',

   'border',

   'borderBottom',

   'borderBottomColor',

   'borderBottomStyle',

   'borderBottomWidth',

   'borderCollapse',

   'borderColor',

   'borderImage',

   'borderLeft',

   'borderLeftColor',

   'borderLeftStyle',

   'borderLeftWidth',

   'borderRadius',

   'borderRight',

   'borderRightColor',

   'borderRightStyle',

   'borderRightWidth',

   'borderSpacing',

   'borderStyle',

   'borderTop',

   'borderTopColor',

   'borderTopStyle',

   'borderTopWidth',

   'borderWidth',

   'bottom',

   'boxSizing',

   'captionSide',

   'clear',

   'clip',

   'color',

   'content',

   'counterIncrement',

   'counterReset',

   'cssFloat',

   'cssText',

   'cue',

   'cueAfter',

   'cueBefore',

   'cursor',

   'direction',

   'display',

   'elevation',

   'emptyCells',

   'filter',

   'firstLetter',

   'firstLine',

   'float',

   'font',

   'fontEffect',

   'fontFamily',

   'fontSize',

   'fontSizeAdjust',

   'fontStretch',

   'fontStyle',

   'fontVariant',

   'fontWeight',

   'getAttribute',

   'getAttributeNode',

   'getExpression',

   'getPropertyCSSValue',

   'getPropertyPriority',

   'getPropertyValue',

   'height',

   'icon',

   'imeMode',

   'includeSource',

   'invert',

   'item',

   'keyEquivalent',

   'layerBackgroundColor',

   'layerBackgroundImage',

   'layoutFlow',

   'layoutGrid',

   'layoutGridChar',

   'layoutGridCharSpacing',

   'layoutGridLine',

   'layoutGridMode',

   'layoutGridType',

   'left',

   'length',

   'letterSpacing',

   'lineBreak',

   'lineHeight',

   'listStyle',

   'listStyleImage',

   'listStylePosition',

   'listStyleType',

   'margin',

   'marginBottom',

   'marginLeft',

   'marginRight',

   'marginTop',

   'markerOffset',

   'marks',

   'maxHeight',

   'maxWidth',

   'minHeight',

   'minWidth',

   'mozAppearance',



   'mozBackgroundClip',

   'mozBackgroundInlinePolicy',

   'mozBackgroundOrigin',

   'mozBinding',

   'mozBorderBottomColors',

   'mozBorderLeftColors',

   'mozBorderRadius',

   'mozBorderRadiusBottomleft',

   'mozBorderRadiusBottomright',

   'mozBorderRadiusTopleft',

   'mozBorderRadiusTopright',

   'mozBorderRightColors',

   'mozBorderTopColors',

   'mozBox',

   'mozBoxAlign',

   'mozBoxDirection',

   'mozBoxFlex',

   'mozBoxFlexGroup',

   'mozBoxOrdinalGroup',

   'mozBoxOrient',

   'mozBoxPack',

   'mozBoxSizing',

   'mozColumnCount',



   'mozColumnCount',	

   'mozColumnWidth',

   'mozCounterIncrement',

   'mozCounterReset',

   'mozDeck',

   'mozFloatEdge',

   'mozForceBrokenImageIcon',

   'mozGrid',

   'mozGridGroup',

   'mozGridLine',

   'mozGroupbox',

   'mozImageRegion',

   'mozInlineBox',

   'mozInlineGrid',

   'mozInlineStack',

   'mozKeyEquivalent',

   'mozOpacity',

   'mozOutline',

   'mozOutlineColor',

   'mozOutlineRadius',

   'mozOutlineRadiusBottomleft',

   'mozOutlineRadiusBottomright',

   'mozOutlineRadiusTopleft',

   'mozOutlineRadiusTopright',

   'mozOutlineStyle',

   'mozOutlineWidth',

   'mozPopup',

   'mozResizer',

   'mozScrollbarsHorizontal',

   'mozScrollbarsNone',

   'mozScrollbarsVertical',

   'mozStack',

   'mozUserFocus',

   'mozUserInput',

   'mozUserModify',

   'mozUserSelect',

   'navDown',

   'navIndex',

   'navLeft',

   'navRight',

   'navUp',

   'normalize',

   'onOffBehavior',

   'orphans',

   'outline',

   'outlineColor',

   'outlineOffset',

   'outlineStyle',

   'outlineWidth',

   'overflow',

   'overflowX',

   'overflowY',

   'padding',

   'paddingBottom',

   'paddingLeft',

   'paddingRight',

   'paddingTop',

   'page',

   'pageBreakAfter',

   'pageBreakBefore',

   'pageBreakInside',

   'parentRule',

   'pause',

   'pauseAfter',

   'pauseBefore',

   'pitch',

   'pitchRange',

   'pixelBottom',

   'pixelHeight',

   'pixelLeft',

   'pixelRight',

   'pixelTop',

   'pixelWidth',

   'playDuring',

   'posBottom',

   'posHeight',

   'posLeft',

   'posRight',

   'posTop',

   'posWidth',

   'position',

   'quotes',

   'removeAttribute',

   'removeAttributeNode',

   'removeExpression',

   'removeProperty',

   'replace',

   'resize',

   'richness',

   'right',

   'rubyAlign',

   'rubyOverhang',

   'rubyPosition',

   'scrollbar3dLightColor',

   'scrollbarArrowColor',

   'scrollbarBaseColor',

   'scrollbarDarkShadowColor',

   'scrollbarFaceColor',

   'scrollbarHighlightColor',

   'scrollbarShadowColor',

   'scrollbarTrackColor',

   'setAttribute',

   'setAttributeNode',

   'setExpression',

   'setLinkSource',

   'setProperty',

   'size',

   'speak',

   'speakHeader',

   'speakNumeral',

   'speakPunctuation',

   'speechRate',

   'stress',

   'styleFloat',

   'tableLayout',

   'textAlign',

   'textAlignLast',

   'textAutospace',

   'textDecoration',

   'textDecorationBlink',

   'textDecorationLineThrough',

   'textDecorationNone',

   'textDecorationOverline',

   'textDecorationUnderline',

   'textIndent',

   'textJustify',

   'textJustifyTrim',

   'textKashida',

   'textKashidaSpace',

   'textOverflow',

   'textShadow',

   'textTransform',

   'textUnderlinePosition',

   'top',

   'unicodeBidi',

   'useLinkSource',

   'verticalAlign',

   'visibility',

   'voiceFamily',

   'volume',

   'wapAccessKey',

   'wapInputFormat',

   'wapInputRequired',

   'wapMarquee',

   'wapMarqueeDir',

   'wapMarqueeLoop',

   'wapMarqueeSpeed',

   'wapMarqueeStyle',

   'whiteSpace',

   'widows',

   'width',

   'wordBreak',

   'wordSpacing',

   'wordWrap',

   'writingMode',

   'zIndex',

   'zoom'

	);



	

  $method_blocks = rand(1,count($methods));

  $style_enthrophy = rand(1,12);

  $dscount = count($distort);

  $feedback = array('OVERDRIVE','FUZZY');

  $lng = array('<','>');

	

  shuffle($distort);

  shuffle($methods);

  shuffle($smash);

	

  echo "<style>"; 

	

	$styles  .= " * {  rn";

	for($i = 0; $i < $style_enthrophy; $i++) {

		$styles  .= $styletag[rand(0,count($styletag))] .":". $smash[rand(0,8)] . ";rn";

	}

	$styles  .= " }  rn";

	

	echo $styles;

	

	echo "</style>rnrn</head><body>";

	

	for($k=0;$k<$method_blocks;$k++) {

		$m .= $methods[$k].'="' .$smash[rand(0,8)].'" ';

	}

		

	for($j = 0; $j < rand(1,$dscount); $j++ ) {

		$htmlblock .= str_replace('>',' '.$m.'>',$distort[$j]) . $feedback[rand(0,2)] . str_replace('<','</',$distort[$j]) . "rn";

	}



	echo $htmlblock;

	echo "rnrn";

	

	// EOF

?>

12:53
Oracle multiple security vulnerabilities, updated since 18.07.2008
» ‎ Securityvulns news channel

New Critical Patch Update patches nearly 50 different vulnerabilities in all Oracle products. Applications: WebLogic Server 6.1, WebLogic Server 7.0, Oracle 9i, Oracle 10g, WebLogic Server 8.1, ORACLE 11g, PeopleSoft Enterprise PeopleTools 8.48, PeopleSoft Enterprise PeopleTools 8.49, WebLogic Server 10.0, WebLogic Server 9.0, WebLogic Server 9.1, WebLogic Server 9.2, PeopleSoft Enterprise CRM 8.9, PeopleSoft Enterprise CRM 9.0 (21.07.2008)

12:53
Bugtraq: [ GLSA 200807-11 ] PeerCast: Buffer overflow
» ‎ SecurityFocus Vulnerabilities

[ GLSA 200807-11 ] PeerCast: Buffer overflow
12:53
Bugtraq: [ GLSA 200807-10 ] Bacula: Information disclosure
» ‎ SecurityFocus Vulnerabilities

[ GLSA 200807-10 ] Bacula: Information disclosure
12:53
Bugtraq: E-Mail header Injection in HiFriend
» ‎ SecurityFocus Vulnerabilities

E-Mail header Injection in HiFriend
12:53
Bugtraq: [SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities
» ‎ SecurityFocus Vulnerabilities

[SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities

12:53
Slashdot: Kaminsky's DNS Attack Disclosed, Then Pulled
» ‎ Rootsecure.net

Slashdot: Kaminsky's DNS Attack Disclosed, Then Pulled
12:53
2008 Pwnie Awards: Nominees Announced
» ‎ Rootsecure.net

2008 Pwnie Awards: Nominees Announced
12:53
c|net: Last HOPE to become Next HOPE "Despite calling the event this weekend Last HOPE, it ...
» ‎ Rootsecure.net

c|net: Last HOPE to become Next HOPE "Despite calling the event this weekend Last HOPE, it won't be the final one"
12:53
ZDNet Blog: Kaspersky's Malaysian site hacked by Turkish hacker
» ‎ Rootsecure.net

ZDNet Blog: Kaspersky's Malaysian site hacked by Turkish hacker
12:53
The Register: Researcher's hypothesis may expose uber-secret DNS flaw
» ‎ Rootsecure.net

The Register: Researcher's hypothesis may expose uber-secret DNS flaw
12:53
c|net: Tracking Last HOPE hackers
» ‎ Rootsecure.net

c|net: Tracking Last HOPE hackers
12:53
c|net: Social Engineering 101 - Mitnick and other hackers show how it's done
» ‎ Rootsecure.net

c|net: Social Engineering 101 - Mitnick and other hackers show how it's done
12:53
c|net: For the love of lock picking
» ‎ Rootsecure.net

c|net: For the love of lock picking
12:53
Mail Channels: O2 Leaking Customer Photos?
» ‎ Rootsecure.net

Mail Channels: O2 Leaking Customer Photos?
12:53
BBC News: Oyster card hack to be published "Details of how to copy the Oyster cards used on...
» ‎ Rootsecure.net

BBC News: Oyster card hack to be published "Details of how to copy the Oyster cards used on London's transport network can be published, a Dutch judge has ruled"
12:53
Light Blue Touchpaper: Metrics for security and performance in low-latency anonymity systems
» ‎ Rootsecure.net

Light Blue Touchpaper: Metrics for security and performance in low-latency anonymity systems
12:53
Silicon Alley Insider: Uber-Hacker Kevin Mitnick Signs Tell-All Book Deal "latest hack, whi...
» ‎ Rootsecure.net

Silicon Alley Insider: Uber-Hacker Kevin Mitnick Signs Tell-All Book Deal "latest hack, which involves scripting the asterisk open-source telephony program to show Caller ID information for anyone who calls him, even if that phone's Caller ID is set to private"

12:53
FGA-2008-16-2.txt
» ‎ Packet Storm Security Last Files

EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a NULL pointer reference denial of service vulnerability.
12:53
FGA-2008-16.txt
» ‎ Packet Storm Security Last Files

EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a plaintext password hash disclosure vulnerability.
12:53
html5whitepaper.pdf
» ‎ Packet Storm Security Last Files

Abusing HTML 5 Structured Client-Side Storage - A whitepaper analyzing security implications of this technology and how showing how different attacks can be conducted.
12:53
mojoauto-sql.txt
» ‎ Packet Storm Security Last Files

MojoAuto remote blind SQL injection exploit that leverages mojoAuto.cgi.
12:53
mojojobs-sql.txt
» ‎ Packet Storm Security Last Files

MojoJobs remote blind SQL injection exploit that leverages mojoJobs.cgi.

12:53
html5whitepaper.pdf
» ‎ Packet Storm Security Miscellaneous Files

Abusing HTML 5 Structured Client-Side Storage - A whitepaper analyzing security implications of this technology and how showing how different attacks can be conducted.

12:53
zdaemonull.zip
» ‎ Packet Storm Security Last 20

ZDaemon version 1.08.07 denial of service exploit that makes use of a NULL pointer vulnerability.
12:53
zdaemonull.txt
» ‎ Packet Storm Security Last 20

ZDaemon version 1.08.07 suffers from a NULL pointer vulnerability that allows for a denial of service.
12:53
glsa-200807-12.txt
» ‎ Packet Storm Security Last 20

Gentoo Linux Security Advisory GLSA 200807-12 - bannedit reported a boundary error when handling overly long IRC MODE messages (CVE-2007-4584). Nico Golde reported an insecure creation of a temporary file within the e_hostname() function (CVE-2007-5839). Versions less than or equal to 1.1-r4 are affected.
12:53
dsa-1612-1.txt
» ‎ Packet Storm Security Last 20

Debian Security Advisory 1612-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
12:53
DSEGRG-08-31.txt
» ‎ Packet Storm Security Last 20

Interact E-Learning System version 2.4.1 suffers from a local file inclusion vulnerability in help/help.php.
12:53
FGA-2008-16-2.txt
» ‎ Packet Storm Security Last 20

EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a NULL pointer reference denial of service vulnerability.
12:53
FGA-2008-16.txt
» ‎ Packet Storm Security Last 20

EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a plaintext password hash disclosure vulnerability.
12:53
html5whitepaper.pdf
» ‎ Packet Storm Security Last 20

Abusing HTML 5 Structured Client-Side Storage - A whitepaper analyzing security implications of this technology and how showing how different attacks can be conducted.
12:53
mojoauto-sql.txt
» ‎ Packet Storm Security Last 20

MojoAuto remote blind SQL injection exploit that leverages mojoAuto.cgi.
12:53
mojojobs-sql.txt
» ‎ Packet Storm Security Last 20

MojoJobs remote blind SQL injection exploit that leverages mojoJobs.cgi.
12:53
mojopersonals-sql.txt
» ‎ Packet Storm Security Last 20

MojoPersonals remote blind SQL injection exploit that leverages mojoClassified.cgi.
12:53
mojoclassifieds-sql.txt
» ‎ Packet Storm Security Last 20

MojoClassifieds version 2.0 remote blind SQL injection exploit.
12:53
glsa-200807-11.txt
» ‎ Packet Storm Security Last 20

Gentoo Linux Security Advisory GLSA 200807-11 - Nico Golde reported a boundary error in the HTTP::getAuthUserPass() function when processing overly long HTTP Basic authentication requests. Versions less than 0.1218-r1 are affected.
12:53
glsa-200807-10.txt
» ‎ Packet Storm Security Last 20

Gentoo Linux Security Advisory GLSA 200807-10 - Matthijs Kooijman reported that the make_catalog_backup script uses the MySQL password as a command line argument when invoking other programs. Versions less than 2.4.1 are affected.
12:53
flip-rfi.txt
» ‎ Packet Storm Security Last 20

Flip version 3.0 Final suffers from a remote file inclusion vulnerability.
12:53
arctic-sql.txt
» ‎ Packet Storm Security Last 20

Arctic Issue Tracker version 2.0.0 remote SQL injection exploit that leverages index.php.
12:53
ezwebalbum-disclose.txt
» ‎ Packet Storm Security Last 20

EZWebAlbum suffers from a remote file disclosure vulnerability.
12:53
hifriend-xploit.txt
» ‎ Packet Storm Security Last 20

hifriend.pl from Hibyte Software remote header injection exploit.
12:53
myreview-disclose.txt
» ‎ Packet Storm Security Last 20

The MyReview web application versions 1.9.9 and below and 2.0 Beta suffer from a mishandling of submissions allowing for unintended downloads of said data.
12:53
maranphp-xss.txt
» ‎ Packet Storm Security Last 20

Maran PHP Blog suffers from a cross site scripting vulnerability.

12:53
zdaemonull.zip
» ‎ Packet Storm Security Last 50

ZDaemon version 1.08.07 denial of service exploit that makes use of a NULL pointer vulnerability.
12:53
zdaemonull.txt
» ‎ Packet Storm Security Last 50

ZDaemon version 1.08.07 suffers from a NULL pointer vulnerability that allows for a denial of service.
12:53
glsa-200807-12.txt
» ‎ Packet Storm Security Last 50

Gentoo Linux Security Advisory GLSA 200807-12 - bannedit reported a boundary error when handling overly long IRC MODE messages (CVE-2007-4584). Nico Golde reported an insecure creation of a temporary file within the e_hostname() function (CVE-2007-5839). Versions less than or equal to 1.1-r4 are affected.
12:53
dsa-1612-1.txt
» ‎ Packet Storm Security Last 50

Debian Security Advisory 1612-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
12:53
DSEGRG-08-31.txt
» ‎ Packet Storm Security Last 50

Interact E-Learning System version 2.4.1 suffers from a local file inclusion vulnerability in help/help.php.
12:53
FGA-2008-16-2.txt
» ‎ Packet Storm Security Last 50

EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a NULL pointer reference denial of service vulnerability.
12:53
FGA-2008-16.txt
» ‎ Packet Storm Security Last 50

EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a plaintext password hash disclosure vulnerability.
12:53
html5whitepaper.pdf
» ‎ Packet Storm Security Last 50

Abusing HTML 5 Structured Client-Side Storage - A whitepaper analyzing security implications of this technology and how showing how different attacks can be conducted.
12:53
mojoauto-sql.txt
» ‎ Packet Storm Security Last 50

MojoAuto remote blind SQL injection exploit that leverages mojoAuto.cgi.
12:53
mojojobs-sql.txt
» ‎ Packet Storm Security Last 50

MojoJobs remote blind SQL injection exploit that leverages mojoJobs.cgi.
12:53
mojopersonals-sql.txt
» ‎ Packet Storm Security Last 50

MojoPersonals remote blind SQL injection exploit that leverages mojoClassified.cgi.
12:53
mojoclassifieds-sql.txt
» ‎ Packet Storm Security Last 50

MojoClassifieds version 2.0 remote blind SQL injection exploit.
12:53
glsa-200807-11.txt
» ‎ Packet Storm Security Last 50

Gentoo Linux Security Advisory GLSA 200807-11 - Nico Golde reported a boundary error in the HTTP::getAuthUserPass() function when processing overly long HTTP Basic authentication requests. Versions less than 0.1218-r1 are affected.
12:53
glsa-200807-10.txt
» ‎ Packet Storm Security Last 50

Gentoo Linux Security Advisory GLSA 200807-10 - Matthijs Kooijman reported that the make_catalog_backup script uses the MySQL password as a command line argument when invoking other programs. Versions less than 2.4.1 are affected.
12:53
flip-rfi.txt
» ‎ Packet Storm Security Last 50

Flip version 3.0 Final suffers from a remote file inclusion vulnerability.
12:53
arctic-sql.txt
» ‎ Packet Storm Security Last 50

Arctic Issue Tracker version 2.0.0 remote SQL injection exploit that leverages index.php.
12:53
ezwebalbum-disclose.txt
» ‎ Packet Storm Security Last 50

EZWebAlbum suffers from a remote file disclosure vulnerability.
12:53
hifriend-xploit.txt
» ‎ Packet Storm Security Last 50

hifriend.pl from Hibyte Software remote header injection exploit.
12:53
myreview-disclose.txt
» ‎ Packet Storm Security Last 50

The MyReview web application versions 1.9.9 and below and 2.0 Beta suffer from a mishandling of submissions allowing for unintended downloads of said data.
12:53
maranphp-xss.txt
» ‎ Packet Storm Security Last 50

Maran PHP Blog suffers from a cross site scripting vulnerability.
12:53
hrsmulti-sql.txt
» ‎ Packet Storm Security Last 50

HRS Multi blind SQL injection exploit that makes use of picture_pic_bv.asp.
12:53
aproxcms-sql.txt
» ‎ Packet Storm Security Last 50

Aprox CMS Engine version 5.1.0.4 suffers from a SQL injection vulnerability in index.php.
12:53
oracleidir-dos.txt
» ‎ Packet Storm Security Last 50

Oracle Internet Directory version 10.1.4 remote pre-authentication denial of service exploit.
12:53
oracleuntrust-local.txt
» ‎ Packet Storm Security Last 50

Oracle 10g R2 and Oracle 11g suffers from a local root compromise vulnerable via the extjob binary.
12:53
myblog-multi.txt
» ‎ Packet Storm Security Last 50

MyBlog versions 0.9.8 and below suffer from information leak and cross site scripting vulnerabilities.
12:53
MDVSA-2008-150.txt
» ‎ Packet Storm Security Last 50

Mandriva Linux Security Advisory - Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code. a denial of service via a special Hello packet. Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges. The updated packages have been patched to correct these issues.
12:53
MDVSA-2008-149.txt
» ‎ Packet Storm Security Last 50

Mandriva Linux Security Advisory - Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges. The updated packages have been patched to correct this issue.
12:53
easypublish-sqlxssdisclose.txt
» ‎ Packet Storm Security Last 50

EasyPublish 3.0tr remote cross site scripting, SQL injection, and file disclosure exploit.
12:53
easybookmaker-xss.txt
» ‎ Packet Storm Security Last 50

EasyBookmarker 40tr suffers from a cross site scripting vulnerability.
12:53
easyecards-sqlxssdisclose.txt
» ‎ Packet Storm Security Last 50

EasyECards 310a remote cross site scripting, SQL injection, and file disclosure exploit.
12:53
easydynamicpages-sqlxssdisclose.txt
» ‎ Packet Storm Security Last 50

EasyDynamicPages 30tr remote cross site scripting, SQL injection, and file disclosure exploit.
12:53
SSRT080058-2.txt
» ‎ Packet Storm Security Last 50

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning.
12:53

SecurityFeed.info

Feeds

Unread items (100)