 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 427
 Members: 0
 Total: 427
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
viewtopic 2.0.10 |
|
 Posted: Fri Feb 11, 2005 11:18 pm |
 |
|
| moep |
| Beginner |
 |
|
| Joined: Feb 12, 2005 |
| Posts: 1 |
|
|
|
 |
|
 |
|
hi,
I read about the flaw in viewtopic and tried it out myself.
But the whole thing didn't work as it should which is a bit strange.
If I insert a %2527 it prints an error message where I can see, that it indeed leaves the ' unquoted.
| Code: | | Fatal error: Failed evaluating code: preg_replace('#\b(')\b#i', '\1', '> |
But everthing else [ e.g. = , ( , ) ] gets quoted even if it is encapsed by %2527[...]%2527. Did I get the whole thing wrong, or shouldn't the '...' prevent the replace thingy from doing so?
Is is patched then? But then it shouldn't throw a error message at all, shouldn't it?
 |
|
|
|
|
| Posted: Fri Feb 25, 2005 3:16 pm |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Mon May 30, 2005 12:41 pm |
|
|
| erila |
| Regular user |
 |
|
| Joined: May 30, 2005 |
| Posts: 8 |
|
|
|
|
|
|
|
Hi
That URL appears to be dead now - is the paper available elsewhere?
I'm looking for info about exploits in 2.0.10 myself now.
Thanks in advance. |
|
|
|
|
| Posted: Mon May 30, 2005 2:05 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| erila wrote: | Hi
That URL appears to be dead now - is the paper available elsewhere?
I'm looking for info about exploits in 2.0.10 myself now.
Thanks in advance. |
I did some Google query and found this mirror location:
www.geocities.com/paperecho/phpbbworm-eng.pdf
 |
|
|
|
|
|
|
|
|
| Posted: Tue May 31, 2005 2:43 pm |
|
|
| y3dips |
| Valuable expert |
|
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| waraxe wrote: | | erila wrote: | Hi
That URL appears to be dead now - is the paper available elsewhere?
I'm looking for info about exploits in 2.0.10 myself now.
Thanks in advance. |
I did some Google query and found this mirror location:
www.geocities.com/paperecho/phpbbworm-eng.pdf
|
waraxe already open the secret 
yes i store it in geocities, you know they have limited bandwidth for an hour , so if its dead maybe u can download it in another time , coz my echo.or.id has limited bandwidth too thats why i place it in geocities :p 
but Now my friends (echo staff) has mirror it , u can download it from here
http://mirror.dedidwianto.or.id/echo/paper/phpbbworm-eng.pdf |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
