 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 306
 Members: 0
 Total: 306
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Sql injection and global variables poison in XMB Forum 1.9.1 |
|
 Posted: Tue Aug 09, 2005 8:00 pm |
 |
|
| Heintz |
| Valuable expert |
 |
|
| Joined: Jun 12, 2004 |
| Posts: 88 |
| Location: Estonia/Sweden |
|
|
 |
|
 |
|
http://www.securityfocus.com/archive/1/407701/30/0/threaded
Vendor notified at and partial patch:
http://forums.xmbforum.com/viewthread.php?tid=754523
firstly the input validation at xmb.php:
foreach ($global as $num => $array) {
if (is_array($array)) {
extract($array, EXTR_OVERWRITE);
}
}
this should put to not overwrite any variables cause
it overwrite server set variables too. this creates problems
when user submits a additional field in form:
<input type="text" name="_SERVER[REMOTE_ADDR]" value="555.555.555.555">
secondly there is a case of sql injection in include/u2u.inc.php
line ~491:
Code:
$in = '';
foreach ( $u2u_select as $value ) {
if ( $GLOBALS['type'.$value] != 'outgoing' ) {
$in .= ( empty( $in ) ) ? "$value" : ",$value";
}
}
...
$db->query( "UPDATE $table_u2u SET readstatus='no' WHERE u2uid IN($in) AND owner='$self[username]'" );
the variable $in is not actually validated and could and will cause problems if not fixed.
Greets #rainbowcrack and http://www.waraxe.us
thought i disclose an old issue, sorry for greets being short, but i didnt think it was a very big thing to greet about at the moment  |
|
_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
| Posted: Wed Aug 10, 2005 9:47 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Congrats, Heintz. Nice work! |
|
|
|
|
| Posted: Wed Sep 07, 2005 10:07 pm |
|
|
| Twist |
| Regular user |
 |
|
| Joined: Jul 22, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
| so how and what do i do, using this to take over someones forum... |
|
|
|
|
| Posted: Sat Sep 10, 2005 6:07 am |
|
|
| slimjim100 |
| Valuable expert |
|
|
| Joined: Jun 09, 2004 |
| Posts: 208 |
| Location: USA |
|
|
|
|
|
|
Great Work Heintz! Plain-Text.info loves you  |
|
|
|
|
| Posted: Sun Jan 25, 2009 10:44 pm |
|
|
| miqrogroove |
| Beginner |
|
|
| Joined: Jan 26, 2009 |
| Posts: 2 |
|
|
|
|
|
|
|
Hello and thank you all for this information. I was given the opportunity to take over XMB development last year. Fixing this bug was one of my first official acts.
I could not find the original notification about this bug, so I have forwarded the original link to the new CVE vendor statement.
I will personally handle any new security notices for XMB. You are welcome to re-test the new versions 1.9.10 and 1.9.11.
Enjoy |
|
|
|
|
| Posted: Sun Jan 25, 2009 11:10 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| OK, XMB will be in my TODO list |
|
|
|
|
www.waraxe.us Forum Index -> XMB forum
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
