Inicio


Iván Javier Sánchez.

Information Security Manager.
Null Code Services.



Security Issues 0Days

Vulnerabilidades reportadas públicamente a diferentes vendors.

( Ivan Sanchez )

 

06-09-2008   MS Organization Chat 2.0  Successful exploitation allows execution of arbitrary code

http://www.nullcode.com.ar/ncs/crash/orgchart.htm
http://www.nullcode.com.ar/ncs/crash/proof.rar   ---->(proof.opx)

 27-08-2008   MercadoLibre.com   over SSL Security Compromised and  Successful exploitation Phishing -XSS- RFI flaw

 (High Impact)

http://packetstormsecurity.org/0808-exploits/mercadolibre-xssrfi.txt

 

24-08-2008  Deremate.com  Security Compromised and  Successful exploitation XSS RFI flaw

 (High Impact)

http://packetstormsecurity.org/0808-exploits/deremate-xssrfi.txt

 

09-08-2008 Microsoft Windows APP : Nslookup  allows execution of arbitrary code

Download video of Poc:


http://www.nullcode.com.ar/ncs/crash/nsloo.htm

http://www.securityfocus.com/bid/30636/references 

http://cyberinsecure.com/zero-day-microsoft-windows-nslookupexe-vulnerability-exploited-in-the-wild/

http://blogs.zdnet.com/security/?p=1721

http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txt

 

26-06-2008  Linkara Free comunity all version  Multiple Cross-Site Scripting Vulnerabilities (www.linkara.com)

http://packetstormsecurity.org/0806-exploits/linkara-xss.txt  

 

24-06-2008  Power By Trabajando.com  Multiple Cross-Site Scripting Vulnerabilities

Cientos de sitios Chilenos afectados por dicha vulnerabilidad,(vendor notificado) 

http://www.securityfocus.com/bid/29887/info 

http://packetstormsecurity.org/0806-exploits/trabajando-xss.txt

 

20-06-2008  Microsoft WordPad 5.1 Successful exploitation

http://packetstormsecurity.org/0806-exploits/wordpad-crash.tgz 

 

18-06-2008 Microsoft Word  Successful exploitation allows execution of arbitrary code

http://www.securityfocus.com/bid/29769 

http://packetstormsecurity.org/0806-exploits/msword-crash.tgz

http://blogs.zdnet.com/security/?p=1324

(High Impact)


02-06-2008 Oracle Corporation BEA WebLogic Portal   Multiple Remote Vulnerabilities

(High Impact)

http://www.packetstormsecurity.org/0806-exploits/bea-xss.txt

 

23/05/2008  Horde  Kronolith Calendar (XSS - RFI) Multiple Remote Vulnerabilities

http://www.packetstormsecurity.org/filedesc/hordekrono-xss.txt.html

http://www.securityfocus.com/bid/29365/info

 

15/05/2008 -  Horde Turba Contact Manager 2.1.7 (XSS - RFI) Multiple Remote Vulnerabilities

http://www.securityfocus.com/bid/29213

http://packetstormsecurity.org/0805-exploits/hordeturba-xss.txt

http://securitydot.net/vuln/exploits/vulnerabilities/articles/24860/vuln.html 

 

01/05/2008 - Zent Cart 2008 SQL Injection  Remote Vulnerabilities

http://packetstormsecurity.org/0805-exploits/zencart-sql.txt

http://www.securityfocus.com/bid/29020

 

26/03/2008 - GeeCarts (XSS - RFI) Multiple Remote Vulnerabilities

http://www.packetstormsecurity.org/filedesc/geocarts-xssrfi.txt.html

http://www.securityfocus.com/bid/28470

 

24/02/2008 - MWhois (Matt's Whois Lookup) (XSS - RFI) Multiple Remote Vulnerabilities

http://packetstormsecurity.org/0802-exploits/mattswhois-xss.txt
http://secunia.com/advisories/29093/

http://www.securityfocus.com/bid/27974

http://xforce.iss.net/xforce/xfdb/40825

http://nvd.nist.gov/nvd.cfm 

http://osvdb.org/ 

 

12/02/2008 - Job Board Software all versions    (XSS - RFI) Multiple Remote Vulnerabilities

http://packetstormsecurity.org/0802-exploits/jobboard-xssrfi.txt

http://secunia.com/advisories/28908/

http://www.packetstormsecurity.org/filedesc/jobboard-xssrfi.txt.html

http://www.securityfocus.com/bid/27743
 

21/01/2008 - WebEditor <= 1.0.4 XSS & RFI Multiple Remote Vulnerabilities

http://packetstormsecurity.org/0801-exploits/webeditor-xssrfi.txt 

21/01/2008 - WebSTAR Mail <= 4.4.1 XSS & RFI Multiple Remote Vulnerabilities

http://packetstormsecurity.org/0801-exploits/webstar-xssrfi.txt

 

02/11/2007 - Helios Calendar <=1.2.1 Beta (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26312 

19/10/2007 - SocketMail <=2.2.1 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26138

19/10/2007 - SocketKB <=1.1.5 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/26136

16/10/2007 - BlaB! Chat < 3.3 (XSS) Multiple Remote Vulnerabilities
http://packetstormsecurity.org/0710-exploits/blabchat-xss.txt

05/10/2007 - MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/25942

http://www.xssed.com/advisory/100/MailBee_WebMail_XSS_Vulnerabilities/

03/10/2007 - UebiMiau <=2.7.x  (XSS) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/25912


 

 

 

 

 

 
 


CECF CECF GCFA