Information Security Manager.
Iván Javier Sánchez.
Null Code Services.
| Security Issues 0Days |
|
Vulnerabilities reported to differents vendors.
03-07-2010 " NTSOFT BBS E-Market Professional " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs! 2009-2010 http://www.securityfocus.com/bid/41401 http://securityreason.com/wlb_show/WLB-2010070034 http://seclists.org/bugtraq/2010/Jul/28 http://xforce.iss.net/xforce/xfdb/60152
20-06-2010 " AtMail Webmail client 1.03 " Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs! http://www.nullcode.com.ar/crash/AtMail%20%20open%20Source%20Webmail.txt http://packetstormsecurity.org/1006-exploits/atmail-xssexeclfi.txt
25-05-2010 " Copyright 2008 HostFriendz.com " Successfull exploitation allows execution of SQL INJECTION ATTACKs! http://www.nullcode.com.ar/crash/Copyright%202008%20HostFriendz.com.txt.txt
13-05-2010 "© 2006–2010 Badoo Services Limited" , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution ATTACKs! 65.874.522 users Affected!!!! http://inj3ct0r.com/exploits/11591 http://packetstormsecurity.org/filedesc/badoo-xss.txt.html http://www.secnews.co.uk/article/27486/badoo_services_limited__xss_vulnerabilities http://www.triviasecurity.net/exploits/Badoo-Services-Online-Community-XSS-vulnerabilities/2044
29-07-2009 " NTSOFT BBS E-Market Professional " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks. http://packetstormsecurity.org/0907-exploits/ntsoft-xss.txt http://www.securityfocus.com/bid/35893 http://securityreason.com/securityalert/6454
20-02-2009 " Microsoft Calc.exe Version 5.1 XP sP3 " "Access Violation Exception" Download Information and proof:
10-02-2009 " Novell -QuickServer " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks. http://securitytracker.com/alerts/2009/Feb/1021695.html http://secunia.com/Advisories/33886/ 16-01-2009 "Copyright 2008 Future US " , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks. http://packetstormsecurity.org/0901-exploits/copyright-xss.txt A lot of sites affected.
12-01-2009 "Ovidentia" , Successfull exploitation allows execution of Cross-site scripting (XSS) and Remote Java Execution Attacks. http://www.packetstormsecurity.org/0901-exploits/ovidentia-portalxss.txt http://www.securityfocus.com/bid/33230/info
http://packetstormsecurity.org/0810-exploits/activeportail-xss.txt 04-10-2008 "Kewego",Successful exploitation allows execution of Cross-site scripting (XSS) Attacks all version affected (www.kewego.-) , and a lot sites affected.(TV Broadcast, Newspaper and Magazine publishing and Web Sites) http://www.nullcode.com.ar/ncs/crash/XSS-Kewego.txt VU#954428. 01-10-2008 "Developed by orbamic",Successful exploitation allows execution of XSS and Remote Java Inclusion Attacks http://packetstormsecurity.org/0810-exploits/orbamic-xss.txt Sites Affected:
http://packetstormsecurity.org/0809-exploits/turba-xss.txt http://www.securityfocus.com/bid/31168/info
06-09-2008 MS Organization Chat 2.0 Successful exploitation allows execution of arbitrary code http://www.nullcode.com.ar/ncs/crash/orgchart.htm http://www.nullcode.com.ar/ncs/crash/proof.rar ---->(proof.opx) http://www.securityfocus.com/bid/31059/info http://web.nvd.nist.gov/view/vuln/detail;jsessionid=9459368150cb95bb1e850723a525?execution=e1s1 http://osvdb.org/show/osvdb/48000
27-08-2008 MercadoLibre.com over SSL Security Compromised and Successful exploitation Phishing -XSS- RFI flaw (High Impact) http://packetstormsecurity.org/0808-exploits/mercadolibre-xssrfi.txt
24-08-2008 Deremate.com Security Compromised and Successful exploitation XSS RFI flaw (High Impact) http://packetstormsecurity.org/0808-exploits/deremate-xssrfi.txt
09-08-2008 Microsoft Windows APP : Nslookup allows execution of arbitrary code Download video of Poc:
http://www.securityfocus.com/bid/30636/references http://cyberinsecure.com/zero-day-microsoft-windows-nslookupexe-vulnerability-exploited-in-the-wild/ http://blogs.zdnet.com/security/?p=1721 http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txt
26-06-2008 Linkara Free comunity all version Multiple Cross-Site Scripting Vulnerabilities (www.linkara.com) http://packetstormsecurity.org/0806-exploits/linkara-xss.txt
24-06-2008 Power By Trabajando.com Multiple Cross-Site Scripting Vulnerabilities Cientos de sitios Chilenos afectados por dicha vulnerabilidad,(vendor notificado) http://www.securityfocus.com/bid/29887/info http://packetstormsecurity.org/0806-exploits/trabajando-xss.txt
20-06-2008 Microsoft WordPad 5.1 Successful exploitation http://packetstormsecurity.org/0806-exploits/wordpad-crash.tgz
18-06-2008 Microsoft Word Successful exploitation allows execution of arbitrary code http://www.securityfocus.com/bid/29769 http://packetstormsecurity.org/0806-exploits/msword-crash.tgz http://blogs.zdnet.com/security/?p=1324 http://www.symantec.com/security_response/vulnerability.jsp?bid=29769 (High Impact)
23/05/2008 Horde Kronolith Calendar (XSS - RFI) Multiple Remote Vulnerabilities http://www.packetstormsecurity.org/filedesc/hordekrono-xss.txt.html http://www.securityfocus.com/bid/29365/info
15/05/2008 - Horde Turba Contact Manager 2.1.7 (XSS - RFI) Multiple Remote Vulnerabilities http://www.securityfocus.com/bid/29213 http://packetstormsecurity.org/0805-exploits/hordeturba-xss.txt http://securitydot.net/vuln/exploits/vulnerabilities/articles/24860/vuln.html
01/05/2008 - Zent Cart 2008 SQL Injection Remote Vulnerabilities http://packetstormsecurity.org/0805-exploits/zencart-sql.txt http://www.securityfocus.com/bid/29020
26/03/2008 - GeeCarts (XSS - RFI) Multiple Remote Vulnerabilities http://www.packetstormsecurity.org/filedesc/geocarts-xssrfi.txt.html http://www.securityfocus.com/bid/28470
24/02/2008 - MWhois (Matt's Whois Lookup) (XSS - RFI) Multiple Remote Vulnerabilities http://packetstormsecurity.org/0802-exploits/mattswhois-xss.txt http://www.securityfocus.com/bid/27974 http://xforce.iss.net/xforce/xfdb/40825
12/02/2008 - Job Board Software all versions (XSS - RFI) Multiple Remote Vulnerabilities http://packetstormsecurity.org/0802-exploits/jobboard-xssrfi.txt http://secunia.com/advisories/28908/ http://www.packetstormsecurity.org/filedesc/jobboard-xssrfi.txt.html http://www.securityfocus.com/bid/27743 21/01/2008 - WebEditor <= 1.0.4 XSS & RFI Multiple Remote Vulnerabilities http://packetstormsecurity.org/0801-exploits/webeditor-xssrfi.txt 21/01/2008 - WebSTAR Mail <= 4.4.1 XSS & RFI Multiple Remote Vulnerabilities http://packetstormsecurity.org/0801-exploits/webstar-xssrfi.txt
02/11/2007 - Helios Calendar <=1.2.1 Beta (XSS) Multiple Remote Vulnerabilities 19/10/2007 - SocketMail <=2.2.1 (XSS) Multiple Remote Vulnerabilities http://www.xssed.com/advisory/100/MailBee_WebMail_XSS_Vulnerabilities/
|
|||||
Auditing Code.....
