This whitepaper discusses getting a shell via local file inclusion using the proc/self/environ method.
f44a0909a494a885dd582da411b77ae0a025e7893da8bff98c4c86167b3fbfa5
Whitepaper discussing TCP/IP fragmented packets. Written in Turkish.
3eb1e736de2a73f79bf58ba7e0ca79b65320e7d285e2ea8ce67a094d96db1d1d
This whitepaper focuses on discussing how to use the SQL XFS deviation to execute cross site scripting attacks.
d5389cf7c67fab6b3327828f65c48169a619c6b29291a442aab792d853abc3f4
Mandriva Linux Security Advisory 2009-192 - Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. This update provides phpmyadmin 3.2.0.1, which is not vulnerable to this issue.
a25bc1c9c07bd970668c91dfa4f9027d4fd9f449949fee75b5faa6affc00bd11
SUSE Security Announcement - A specially crafted Shockwave-Flash (SWF) file could cause a buffer overflow in the flash-player plugin. This buffer overflow can probably be exploited to execute arbitrary code remotely.
9c145062d4387103164347ba1fdb5070b4fa232183ed065f9d873ded408caf20
Ubuntu Security Notice USN-811-1 - Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL certificate, Firefox would display the spoofed page as trusted.
fd214a085a63ba45443b5611745a693b150a444bf8e8a7728d48059d6966ffb6
Silurus Classifieds suffers from cross site scripting vulnerabilities.
2b2f51aaf7864a4be12de605b50a787b5647bde22df6bf8ccb60b840195f9c16
Virtue Shopping Mall suffers from a remote SQL injection vulnerability.
614d4ffc660f667c42ba5198c3e659c1fc05ca7dcd0cc2e365d4f8ea6a46a4b8
Virtue News Manager suffers from a remote SQL injection vulnerability.
758a32c7596ffad2a73cc4859512c3cecee0e59a83d030c06418ae61b36f9824
Virtue Book Store suffers from a remote SQL injection in detail.php.
8a54a0758a9a0dfb6813a0f73391a0236473ae9499909f1cf0c27efb022e0daf
Palm Pre WebOS versions 1.0.4 and below suffer from an arbitrary html injection vulnerability.
388afe43695652de87e411d8ed175a52521f0c756bb18627debceeef7dedfaaf
Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control 11 (11.1.0.6, 11.1.0.7) and Oracle Enterprise Manager 10g Grid Control 10.2.0.4 (and previous patchsets) suffer from multiple SQL injection vulnerabilities.
1f9e8a8d70e706e7a333b2c2deb353c2994c4cfe3b579aeac098feb6ae91a71e
This is a brief tutorial on remote and local file inclusion attacks. Written in German.
4a3e6145d0a0a7301e5157b69be48a9913d2849e368c4a7e5d9a8eadfe0c6bcb
This is a brief write up discussing blind SQL injection attacks. Written in French.
850e44ffacd06e23d7caec378232e76af6b7f4ef2eb9209c89c61b21dba24190
Whitepaper called Optimizacion de SQL Union Injection en MYSQL. Written in Spanish.
89d8781420c427ea8b45be477b8596c114134e005d430eea4c74bd2273a6baef
Portel suffers from a blind remote SQL injection vulnerability.
bb36f49b8c5e8c632eca711b49aa7250fceecd8b91e98f1fa5000340b9e67833
Irokez CMS 0.7.1 suffers from a remote SQL injection vulnerability.
ecbf28add8c7d8e84dc281315a74e8e12f3cf3a794ec7be70594fd308bd55e23
Forum Script suffers from a persistent cross site scripting vulnerability.
a1eda262f0e2bbc874478635d8beec226eba3e0b1823e37dcc29a03b847f9041
Directory Escort Script suffers from a cross site scripting vulnerability.
3f4d3e2c773b2c62067f9e1c6090bf12ddfda7cf8a08f09f639e41ce6976d5d0
Auction Website Script suffers from a remote SQL injection vulnerability.
5e20baa8a39daf6b81ff212b4375a837aaeb106346735a10d6f7038da35a0cc2
AJauctionPro Oopd version 3.0 suffers from a cross site scripting vulnerability.
023550e19dac3ab5bbd61fc7a7e8dfea73bffcdd64a040ef1854d29e3f9e0306
CS-Cart versions 2.0.5 and below suffer from a remote SQL injection vulnerability.
f3932067a98b57e97ac08258f33afd7ef263341a7329fcec80132aae6b1aee04
Ubuntu Security Notice USN-810-2 - USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site.
141dc865e1cc92a69424274d23598cd30ffe65f83e74c1fb4dd4182ff17a9887
Ubuntu Security Notice USN-810-1 - Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site.
551f75cb720ebd7eaa1e942d3bd0085543b035e372926a826f94e7e0b94f1eb5
In-Portal version 4.3.1 suffers from a local file inclusion vulnerability.
ee05a4c24b9d21334fd46c599e895ffa41d734a9e76825baf4cf1bc0054d43ec