######################### Securitylab.ir ######################## # Application Info: # Name: Empire Cms # Version: 5.1 # Download: http://www.phome.net/ ############################## # Discoverd By: Securitylab.ir # Website: http://Securitylab.ir # Contacts: admin[at]securitylab.ir & k4mr4n_st@yahoo.com ############################## # Vulnerability Info: # Type: Sql Injection # Risk: Medium #============================= # ... Read more » |
I want to ssh hop from A to B to C in a way were only B has the
key and configuration for C: +---------------+ +---------------+ +---+ | A (key for B) |---| B (key for C) |---| C | +---------------+ +---------------+ +---+ A (ssh): OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009 B (ssh): OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009 C (sshd): OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009 So far, shell connections work fine, i just type the following to obtain shell access on C: me@A $ ssh B -t ssh C me@C $ The problem now is, that i'd like to use scp, rsync etc. through ssh. So i need a transparent way integrated into ssh: me@A $ rsync foo C: But whatever ProxyCommand i use in my .ssh/config on A for Host C, A wants to authenticate with C which can't be done because A does not have credentials for C. Thanks in advance, -- Miers ... Read more » |
|
| [o] AjaxPortal v3.0 Remote File Inclusion Vulnerability | | | | Software : AjaxPortal v3.0 | | Vendor : http://myiosoft.com/download/AjaxPortal/ajaxportal-30.zip | | Author : Cru3l.b0y | | Contact : Cru3l.b0y@deltahacking.net | | Home : WwW.DeltaHacking.Net | | | [o] Vulnerable file | | | | install/di.php   ... Read more » |
############################## [+] Mega File Manager 1.0 (index.php page) Remote File Inclusion Vulnerability [+] Discovered By xhackerx [+] http://www.c99.mobi ############################## [+] Homepage : http://www.awesomephp.com/? [+] Note : The script is full of RFI vulns,but I am tired to make querys now. [+] Local File Inclusion http://127.0.0.1/[path]/index. + if you need she ... Read more » |
this is my friend's first e book said that "this is my first e-book" this e-book is talk about windows parental control.... for you that want to know how to control it. i want you to read this book first before you go on the rock....muahahahha this e-book is so great check this link http://mugi.or.id/media/p/2575.aspx |
Hi, Here's the vulnerabilities descriptions and POCs: ############################## I write to report three vulnerabilities that I found in the last version of Aardvark Topsites PHP(5.2.1) and older versions. The cause of all of them is the incorrect verification of input parameters. Here are the vulnerabilities: ================== HTML Injection (up to 5.2.0) -------------------------- For example, is possible to inject a link to any URL with any anchor text. POC: /index.php?a=search&q=psstt+ Information Disclosure 1 (up to 5.2.1) -------------------------- Disclosure of full path of the application sources when you put a negative number at the ’start’ parameter. POC: /index.ph ... Read more » |
I. The Vulnerability
Gizmo does not check SSL certificate before sending user credentials. An attacker is able to obtain username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in Gizmo for Linux 3.1.0.79. Other versions may also be affected. II. Disclosure Timeline 06/19/2009 - Vendor contact. 06/26/2009 - No answer. Public Disclosure. III. Vendor http://gizmo5.com/ IV. Credit Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com> |
aMSN SSL Certificate Vulnerability
I. The Vulnerability aMSN does not check SSL certificate before sending MSN user credentials. An attacker is able to obtain MSN username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in aMSN 0.97.2. Other versions may also be affected. II. Disclosure Timeline 06/19/2009 - Vendor contact. 06/26/2009 - No answer. Public Disclosure. III. Vendor http://www.amsn-project.net/ IV. Credit Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com> |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 iDefense Security Advisory 06.25.09 http://labs.idefense.com/ Jun 25, 2009 I. BACKGROUND Motorola Inc.'s Timbuktu Pro is a remote control software that allows remote access to a computer's desktop. It is available for Mac OS X and Windows systems and provides integration with Skype and SSH. More information is available on Motorola's web site at the following URL. http://www.netopia.com/ II. DESCRIPTION Remote exploitation of a stack-based buffer overflow vulnerability in Motorola Inc.'s Timbuktu Pro could allow attackers to execute arbitrary code with SYSTEM privileges. Timbuktu fails to properly handle user-supplied data passed ... Read more » |