|
Vulnerabilities reported to differents vendors.  Auditing Code..... 31-07-2010 " itunes.apple.com ITUNES 9 " , Successfull exploitation allows execution of Cross-site scripting (XSS) ATTACKs! APPLE.COM - ITUNES 9 last version and old version EXPLOITABLE http://www.nullcode.com.ar/crash/Apple-Itunes9.txt http://packetstorm.linuxsecurity.com/1008-exploits/itunes-xss.txt 03-07-2010 " NTSOFT BBS E-Market Professional " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs! 2009-2010 http://www.securityfocus.com/bid/41401 http://securityreason.com/wlb_show/WLB-2010070034 http://seclists.org/bugtraq/2010/Jul/28 http://xforce.iss.net/xforce/xfdb/60152 20-06-2010 " AtMail Webmail client 1.03 " Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs! http://www.nullcode.com.ar/crash/AtMail%20%20open%20Source%20Webmail.txt http://packetstormsecurity.org/1006-exploits/atmail-xssexeclfi.txt 25-05-2010 " Copyright 2008 HostFriendz.com " Successfull exploitation allows execution of SQL INJECTION ATTACKs! http://www.nullcode.com.ar/crash/Copyright%202008%20HostFriendz.com.txt.txt 13-05-2010 "© 2006–2010 Badoo Services Limited" , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs! 65.874.522 users Affected!!!! http://inj3ct0r.com/exploits/11591 http://packetstormsecurity.org/filedesc/badoo-xss.txt.html http://www.secnews.co.uk/article/27486/badoo_services_limited__xss_vulnerabilities http://www.triviasecurity.net/exploits/Badoo-Services-Online-Community-XSS-vulnerabilities/2044 29-07-2009 " NTSOFT BBS E-Market Professional " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks. ![]()
http://packetstormsecurity.org/0907-exploits/ntsoft-xss.txt http://www.securityfocus.com/bid/35893 http://securityreason.com/securityalert/6454 20-02-2009 " Microsoft Calc.exe Version 5.1 XP sP3 " "Access Violation Exception"
Download Information and proof:
-----------------------------------------
http://www.nullcode.com.ar/crash/calc.htm ---->(video-crash step by step)
http://www.nullcode.com.ar/crash/logs.zip ---->(Dump,Log,Ida) 10-02-2009 " Novell -QuickServer " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks. http://securitytracker.com/alerts/2009/Feb/1021695.html
http://www.securityfocus.com/archive/1/500825
http://packetstormsecurity.org/0902-exploits/nqfs-xss.txt
http://www.governmentsecurity.org/aggregator/categories/4
http://www.buslab.org/index2.php?option=com_content&do_pdf=1&id=294347
http://seclists.org/bugtraq/2009/Feb/0078.html http://secunia.com/Advisories/33886/ 16-01-2009 "Copyright 2008 Future US " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks. http://packetstormsecurity.org/0901-exploits/copyright-xss.txt A lot of sites affected. | MovieBlips - Your daily movie news
MMABlips - News to fight for
RacingBlips - News built for speed
CyclingNews - The world centre of cycling
WallStreetBlips - Show me the money
BeltwayBlips - All politics, all the time
EarthBlips - Re-imagine the planet
| ShowHype - Biggest stories, best fans
TVBlips - For TV aficionados only
42Blips - For science fiction fans
ComicsBlips - Excelsior! Comics news galore!
TotalFilm - Welcome to the movies!
BallHype - Best stories, biggest fans
ActionSportsBlips - Surf, Skate, Ski, Snowboard
BikeRadar - The world is for riding
| 12-01-2009 "Ovidentia" , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks. http://www.packetstormsecurity.org/0901-exploits/ovidentia-portalxss.txt http://www.securityfocus.com/bid/33230/info
14-10-2008 "ActivePortail® CMS Copyright AGIIR Network 2008 ",Successful exploitation allows execution of XSS and Remote Java Inclusion Attacks
http://packetstormsecurity.org/0810-exploits/activeportail-xss.txt 04-10-2008 "Kewego",Successful exploitation allows execution of Cross-site scripting (XSS) Attacks all version affected (www.kewego.-) , and a lot sites affected.(TV Broadcast, Newspaper and Magazine publishing and Web Sites) http://www.nullcode.com.ar/ncs/crash/XSS-Kewego.txt VU#954428.
01-10-2008 "Developed by orbamic",Successful exploitation allows execution of XSS and Remote Java Inclusion Attacks http://packetstormsecurity.org/0810-exploits/orbamic-xss.txt Sites Affected: | Arts London University Students Union
Buck's New University Students' Union
Bradford University Students' Union
De Montfort Students Union
Edge Hill Students Union
Gloucestershire Students' Union
Hull University Students' Union
| Liverpool University Guild of Students
Plymouth University Students' Union
Sussex University Students' Union University of London Union
Westminster University Students' Union
Worcester University Students' Union
Salford University Students' Union
| 14-09-2008 Turba Contact Manager ,Successful exploitation allows execution of XSS and Remote Java Inclusion Attackshttp://packetstormsecurity.org/0809-exploits/turba-xss.txt http://www.securityfocus.com/bid/31168/info 06-09-2008 MS Organization Chat 2.0 Successful exploitation allows execution of arbitrary code http://www.nullcode.com.ar/ncs/crash/orgchart.htm http://www.nullcode.com.ar/ncs/crash/proof.rar ---->(proof.opx) http://www.securityfocus.com/bid/31059/info http://web.nvd.nist.gov/view/vuln/detail;jsessionid=9459368150cb95bb1e850723a525?execution=e1s1 http://osvdb.org/show/osvdb/48000 27-08-2008 MercadoLibre.com over SSL Security Compromised and Successful exploitation Phishing -XSS- RFI flaw (High Impact) http://packetstormsecurity.org/0808-exploits/mercadolibre-xssrfi.txt 24-08-2008 Deremate.com Security Compromised and Successful exploitation XSS RFI flaw
(High Impact)
http://packetstormsecurity.org/0808-exploits/deremate-xssrfi.txt 09-08-2008 Microsoft Windows APP : Nslookup allows execution of arbitrary code Download video of Poc:
http://www.nullcode.com.ar/ncs/crash/nsloo.htm
http://www.securityfocus.com/bid/30636/references http://cyberinsecure.com/zero-day-microsoft-windows-nslookupexe-vulnerability-exploited-in-the-wild/ http://blogs.zdnet.com/security/?p=1721 http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txt 26-06-2008 Linkara Free comunity all version Multiple Cross-Site Scripting Vulnerabilities (www.linkara.com)
http://packetstormsecurity.org/0806-exploits/linkara-xss.txt 24-06-2008 Power By Trabajando.com Multiple Cross-Site Scripting Vulnerabilities Cientos de sitios Chilenos afectados por dicha vulnerabilidad,(vendor notificado) http://www.securityfocus.com/bid/29887/info http://packetstormsecurity.org/0806-exploits/trabajando-xss.txt 20-06-2008 Microsoft WordPad 5.1 Successful exploitation http://packetstormsecurity.org/0806-exploits/wordpad-crash.tgz 18-06-2008 Microsoft Word Successful exploitation allows execution of arbitrary code http://www.securityfocus.com/bid/29769 http://packetstormsecurity.org/0806-exploits/msword-crash.tgz http://blogs.zdnet.com/security/?p=1324 http://www.symantec.com/security_response/vulnerability.jsp?bid=29769 http://blogs.technet.com/b/srd/archive/2009/04/14/ms09-010-reducing-the-text-converter-attack-surface.aspx (High Impact)
02-06-2008 Oracle Corporation BEA WebLogic Portal Multiple Remote Vulnerabilities
(High Impact)
http://www.packetstormsecurity.org/0806-exploits/bea-xss.txt
23/05/2008 Horde Kronolith Calendar (XSS - RFI) Multiple Remote Vulnerabilities http://www.packetstormsecurity.org/filedesc/hordekrono-xss.txt.html http://www.securityfocus.com/bid/29365/info 15/05/2008 - Horde Turba Contact Manager 2.1.7 (XSS - RFI) Multiple Remote Vulnerabilities http://www.securityfocus.com/bid/29213 http://packetstormsecurity.org/0805-exploits/hordeturba-xss.txt http://securitydot.net/vuln/exploits/vulnerabilities/articles/24860/vuln.html 01/05/2008 - Zent Cart 2008 SQL Injection Remote Vulnerabilities http://packetstormsecurity.org/0805-exploits/zencart-sql.txt http://www.securityfocus.com/bid/29020 26/03/2008 - GeeCarts (XSS - RFI) Multiple Remote Vulnerabilities http://www.packetstormsecurity.org/filedesc/geocarts-xssrfi.txt.html http://www.securityfocus.com/bid/28470 24/02/2008 - MWhois (Matt's Whois Lookup) (XSS - RFI) Multiple Remote Vulnerabilities http://packetstormsecurity.org/0802-exploits/mattswhois-xss.txt
http://secunia.com/advisories/29093/ http://www.securityfocus.com/bid/27974 http://xforce.iss.net/xforce/xfdb/40825 http://nvd.nist.gov/nvd.cfm http://osvdb.org/ 12/02/2008 - Job Board Software all versions (XSS - RFI) Multiple Remote Vulnerabilities http://packetstormsecurity.org/0802-exploits/jobboard-xssrfi.txt http://secunia.com/advisories/28908/ http://www.packetstormsecurity.org/filedesc/jobboard-xssrfi.txt.html
http://www.securityfocus.com/bid/27743
21/01/2008 - WebEditor <= 1.0.4 XSS & RFI Multiple Remote Vulnerabilities http://packetstormsecurity.org/0801-exploits/webeditor-xssrfi.txt 21/01/2008 - WebSTAR Mail <= 4.4.1 XSS & RFI Multiple Remote Vulnerabilities http://packetstormsecurity.org/0801-exploits/webstar-xssrfi.txt 02/11/2007 - Helios Calendar <=1.2.1 Beta (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26312 19/10/2007 - SocketMail <=2.2.1 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26138
19/10/2007 - SocketKB <=1.1.5 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26136
16/10/2007 - BlaB! Chat < 3.3 (XSS) Multiple Remote Vulnerabilities
http://packetstormsecurity.org/0710-exploits/blabchat-xss.txt
05/10/2007 - MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/25942 http://www.xssed.com/advisory/100/MailBee_WebMail_XSS_Vulnerabilities/
03/10/2007 - UebiMiau <=2.7.x (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/25912
|
