advisories ... ./

 

user comments
name
email
comments
 
smtp relay check
mailserver:
e-mail:
more info
translate to ...
language:
 
[1] . [2] . [3] . [4] . [5] . [6] . [7] . [8]
EyeonSecurity
Nekromantic
EyeonSecurity Forums
Ob5cureDotCom
elfqrin swg help net security
frame4 security hacker gurus computerglitch
gotr00t b0iler hackinthebox
nekromantic.com astalavista.net wand products
security-protocols
adv-knowledge rootshell wbglinks
security.nnov.ru
 
Copyright © 2001,2002 eyeonsecurity Inc., All Rights Reserved. No portions of eyeonsecurity may be used without express, written permission
 

Incredimail allows automatic over writing of files on your hard disk
This exploit lets malicious users to over write files, possibly leading to Denial of Service (cannot boot OS style :)

Extent RBS directory Transversal
Allows you to retrieve files on the hard disk, such as RBS database, which has user passwords in clear text.

CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]
Using this method malicious users may hijack user and administrative accounts, allowing them to elevate their privilage in the BBS, pose as other users, and basically control the BBS.

Web Browsers vulnerable to the Extended HTML Form Attack
An overlooked security loophole within multiple popular web browsers which allows stealing of session authentication (when using cookies), internal network penetration and other evil stuff.

Gator installer Plugin allows any software to be installed
A very obvious backdoor installed by .. guess who? Gator .. the top in spyware. This exploit allows a malicious web master to install any program on the target machine regardless of the Internet Explorer security settings.

IMail Account hijack through the Web Interface.
An account hijack method for IMail and Excite's WebMail. Allows malicious users to read mail, etc.

Multiple Vulnerabilities in MDaemon + WorldClient
A buffer overflow, remote file deletion, default user/pass and poor password encryption. When used simultaneously these issues can allow attackers to easily take over a server.

MSN Groups makes cross site scripting easy
Hotmail and MSN is vulnerable to yet another - very obvious attack. By uploading an HTML or SWF file on Groups.msn.com malicious users may steel cookies and control the user's browser .. a Cross Site Scripting attack.

Are you vulnerable to Flash XSS attacks?
A list of software and services which are known to be vulnerable to the Flash cross site scripting attack mentioned in my paper.

CGI.pm vulnerable to Cross-site Scripting.
A standard and commonly used Perl Module, CGI.pm is vulnerable to Cross Site Scripting - and therefore anyone making use of this module should fix CGI.pm on production servers.