darksecurity.de | Entries from March 2012

SSCHADV2012-011 - KnFTPd 1.0.0 'FEAT' DoS vulnerability

Posted by Stefan Schurtz on Wednesday, March 28. 2012

Advisory:	KnFTPd 1.0.0 ‘FEAT’ DoS vulnerability
Advisory ID:	SSCHADV2012-011
Author:	Stefan Schurtz
Affected Software:	Successfully tested on KnFTPd 1.0.0
Vendor URL:	http://knftp.sourceforge.net/
Vendor Status:	informed
EDB-ID:	18671

======================
Vulnerability Description
======================

The KnFTPd 1.0.0 ‘FEAT’ command is prone to DoS vulnerability

Continue reading "SSCHADV2012-011 - KnFTPd 1.0.0 'FEAT' DoS vulnerability"

SSCHADV2012-010 - WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability

Posted by Stefan Schurtz on Thursday, March 22. 2012

Advisory:	WordPress plugin ‘WordPress Integrator 1.32’ XSS vulnerability
Advisory ID:	SSCHADV2012-010
Author:	Stefan Schurtz
Affected Software:	Successfully tested on WordPress Integrator 1.32
Vendor URL:	http://wordpress.org/extend/plugins/wp-integrator/
Vendor Status:	informed
OSVDB ID:	80628

======================
Vulnerability Description
======================

The WordPress plugin ‘WordPress Integrator 1.32’ is prone to Cross-Site scripting vulnerability

Continue reading "SSCHADV2012-010 - WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability"

SSCHADV2012-009 - Star Wars Old Republic - SWTOR Char DB 1.8b Multiple security vulnerabilities

Posted by Stefan Schurtz on Thursday, March 22. 2012

Advisory:	Star Wars Old Republic – SWTOR Char DB 1.8b Multiple security vulnerabilities
Advisory ID:	SSCHADV2012-009
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Star Wars Old Republic – SWTOR Char DB 1.8b
Vendor URL:	http://swtorphpdb.sourceforge.net/
Vendor Status:	fixed
OSVDB ID:	80841, 80842

======================
Vulnerability Description
======================

SWTOR Char DB 1.8b is prone to multiple security vulnerabilities

Continue reading "SSCHADV2012-009 - Star Wars Old Republic - SWTOR Char DB 1.8b Multiple security vulnerabilities"

SSCHADV2012-008 - CMSimple_XH 1.5.2 Cross-site Scripting vulnerability

Posted by Stefan Schurtz on Wednesday, March 21. 2012

Advisory:	CMSimple_XH 1.5.2 Cross-site Scripting vulnerability
Advisory ID:	SSCHADV2012-008
Author:	Stefan Schurtz
Affected Software:	Successfully tested on CMSimple_XH 1.5.2
Vendor URL:	http://www.cmsimple-xh.com/
Vendor Status:	fixed
CVE-ID:	CVE-2012-1914

======================
Vulnerability Description
======================

CMSimple_XH 1.5.2 is prone to a Cross-site Scripting vulnerability

Continue reading "SSCHADV2012-008 - CMSimple_XH 1.5.2 Cross-site Scripting vulnerability"

SSCHADV2012-007 - PHP Address Book 6.2.12 Multiple security vulnerabilities

Posted by Stefan Schurtz on Saturday, March 10. 2012

Advisory:	PHP Address Book 6.2.12 Multiple security vulnerabilities
Advisory ID:	SSCHADV2012-007
Author:	Stefan Schurtz
Affected Software:	Successfully tested on PHP Address Book 6.2.12
Vendor URL:	http://sourceforge.net/projects/php-addressbook/
Vendor Status:	informed
EDB-ID:	18578
CVE-ID:	CVE-2012-1911, CVE-2012-1912

======================
Vulnerability Description
======================

PHP Address Book 6.2.12 is prone to multiple XSS and SQL-Injection vulnerabilities

Continue reading "SSCHADV2012-007 - PHP Address Book 6.2.12 Multiple security vulnerabilities"

[Video] - Build a backdoor in OpenSSH 5.9

Posted by Stefan Schurtz on Thursday, March 8. 2012

In this short video I will show you, how you can build a backdoor in OpenSSH 5.9

Steps

1. Define the backdoor password in auth.h
2. Edit the auth-passwd.c file and set the backdoor into it
3. Set integer ‘backdoorActive’ in log.h
4. Disable logging for the backdoor login in log.c
5. Compile
6. Test the backdoor :-)

Continue reading "[Video] - Build a backdoor in OpenSSH 5.9"

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	March '12					Forward →
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31