darksecurity.de

INFOSERVE-ADV2011-04 - Multiple Cross-Site-Scripting vulnerabilities in x3cms

Posted by Stefan Schurtz on Wednesday, January 11. 2012

Advisory:	Multiple Cross-Site-Scripting vulnerabilities in x3cms
Advisory ID:	INFOSERVE-ADV2011-04
Author:	Stefan Schurtz
Contact:	security@infoserve.de
Affected Software:	Successfully tested on x3cms 0.4.3 other versions may also be affected
Vendor URL:	http://www.x3cms.net/
Vendor Status:	Partial Fix
Secunia-ID:	SA46748

======================
Vulnerability Description
======================

x3cms 0.4.3 is prone to multiple XSS vulnerabilities

Continue reading "INFOSERVE-ADV2011-04 - Multiple Cross-Site-Scripting vulnerabilities in x3cms"

SSCHADV2011-042 - Beehive Forum 101 Multiple XSS vulnerabilities

Posted by on Thursday, January 5. 2012

Advisory:	Beehive Forum 101 Multiple XSS vulnerabilities
Advisory ID:	SSCHADV2011-042
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Beehive Forum 101
Vendor URL:	http://www.beehiveforum.co.uk/
Vendor Status:	informed

======================
Vulnerability Description:
======================

Beehive Forum 101 is prone to multiple XSS vulnerabilities

Continue reading "SSCHADV2011-042 - Beehive Forum 101 Multiple XSS vulnerabilities"

SSCHADV2011-041 - phpVideoPro Multiple XSS vulnerabilities

Posted by Stefan Schurtz on Thursday, January 5. 2012

Advisory:	phpVideoPro Multiple XSS vulnerabilities
Advisory ID:	SSCHADV2011-041
Author:	Stefan Schurtz
Affected Software:	Successfully tested on phpVideoPro 0.9.7
Vendor URL:	http://sourceforge.net/projects/phpvideopro/
Vendor Status:	fix in the latest development code

======================
Vulnerability Description:
======================

phpVideoPro 0.9.7 is prone to multiple XSS vulnerabilities

Continue reading "SSCHADV2011-041 - phpVideoPro Multiple XSS vulnerabilities"

sposition.pl - String Positioning

Posted by Stefan Schurtz on Wednesday, December 28. 2011

The Script will find the line number and positions of the @ symbols in pos.txt.

# cat pos.txt

00000000000000000000000@00000000000000000000000000
0000000000000000@000000000000000000000000000000000
00000000000000000000000000000000000000000@0@000000
000000000000000000000@0000000000000000000000000000
00000000000000000000000000@000@0000000000000000000

# ./sposition.pl
1-23, 2-16, 3-41, 3-43, 4-21, 5-26, 5-30,

Here is the code

Continue reading "sposition.pl - String Positioning"

SSCHADV2011-040 - Nagios Plugin 'check_ups' Local Buffer Overflow

Posted by Stefan Schurtz on Monday, December 26. 2011

Advisory:	Nagios Plugin 'check_ups' Local Buffer Overflow
Advisory ID:	SSCHADV2011-040
Author:	Stefan Schurtz
Affected Software:	Successfully tested on nagios-plugins-1.4.15
Vendor URL:	http://nagiosplugins.org/
Vendor Status:	informed
EDB-ID:	18278

==========================
Vulnerability Description:
==========================

The Nagios plugin 'check_ups' is prone to a Buffer Overflow

Continue reading "SSCHADV2011-040 - Nagios Plugin 'check_ups' Local Buffer Overflow"

xor-base64.pl - encrypt/decrypt a string with XOR and base64

Posted by Stefan Schurtz on Sunday, December 25. 2011

Here is a little tool written in perl, which XOR a string against a key and outputs the result base64 encoded and vice versa.

Encrypt

./xor-base64.pl -e foobar -k deadbeef
[+] Cleartext: foobar
[+] Key: deadbeef
[+] Hex: 020a0e060317
[+] Ciphertext: AgoOBgMX

Decrypt

./xor-base64.pl -d AgoOBgMX -k deadbeef
[+] Ciphertext: AgoOBgMX
[+] Hex: 020a0e060317
[+] Key: deadbeef
[+] Cleartext: foobar

And here is the code

Continue reading "xor-base64.pl - encrypt/decrypt a string with XOR and base64"

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	April '24
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30