From thomas.mackenzie at upsploit.com  Tue Mar  1 11:37:54 2011
From: thomas.mackenzie at upsploit.com (Thomas Mackenzie)
Date: Tue, 1 Mar 2011 17:37:54 -0000
Subject: [VIM] Vulnerability Categories
Message-ID: <007601cbd837$65ea5cd0$31bf1670$@upsploit.com>

Hi all,

 

Was wondering if any of you had categories of vulnerabilities that cover all
vulnerabilities that could come through the upSploit gateway.

 

Thanks,

Tom

 

--

https://www.upsploit.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.attrition.org/pipermail/vim/attachments/20110301/2779a649/attachment.html>

From theall at tenable.com  Wed Mar  2 20:05:23 2011
From: theall at tenable.com (George A. Theall)
Date: Wed, 2 Mar 2011 21:05:23 -0500
Subject: [VIM] PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting
Message-ID: <324A1A9C-7011-4976-A029-4F2EB9473A53@tenable.com>

NassRawI posted to Bugtraq of a cross-site scripting in PhotoPost PHP  
4.8c involving the 'si' parameter of the 'showgallery.php' script (http://archives.neohapsis.com/archives/bugtraq/2011-03/0027.html 
). BID 46649 was created to track that even though the issue appears  
to be covered already by BID 12157. How come SecurityFocus didn't just  
update the older BID? Rob?


George
-- 
theall at tenablesecurity.com




From rkeith at securityfocus.com  Thu Mar  3 11:30:18 2011
From: rkeith at securityfocus.com (rkeith)
Date: Thu, 03 Mar 2011 10:30:18 -0700
Subject: [VIM] PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting
In-Reply-To: <324A1A9C-7011-4976-A029-4F2EB9473A53@tenable.com>
References: <324A1A9C-7011-4976-A029-4F2EB9473A53@tenable.com>
Message-ID: <4D6FD02A.90903@securityfocus.com>

We'll get this fixed up. Thanks for pointing it out George.

-Rob

On 03/02/2011 07:05 PM, George A. Theall wrote:
> NassRawI posted to Bugtraq of a cross-site scripting in PhotoPost PHP
> 4.8c involving the 'si' parameter of the 'showgallery.php' script
> (http://archives.neohapsis.com/archives/bugtraq/2011-03/0027.html). BID
> 46649 was created to track that even though the issue appears to be
> covered already by BID 12157. How come SecurityFocus didn't just update
> the older BID? Rob?
> 
> 
> George

From theall at tenable.com  Wed Mar 30 05:57:32 2011
From: theall at tenable.com (George A. Theall)
Date: Wed, 30 Mar 2011 06:57:32 -0400
Subject: [VIM] Joomla Media Local File Inclusion
Message-ID: <E1E32E2A-33B0-46D6-BDCC-0A0ACE168678@tenable.com>

Bugtraq 47043 looks questionable to me. There's no list of versions  
affected or explanation of the vulnerability other than the PoC:

   http://www.example.com/[path]/components/com_media/helpers/ 
media.php?file=[LFI]%00

And while Joomla includes the component in its distribution file in  
many versions (it doesn't in Joomla 1.0.15, the only version from the  
1.0.x series I checked), the supposedly affected file is nothing more  
than a class file. It doesn't include / require any other files nor  
have calls to include() or require() or its variants. At least in  
Joomla versions 1.5.22, 1.6.1 (both current), 1.5.12, or 1.5.5.

Any thoughts, Rob?


George
-- 
theall at tenablesecurity.com