.:: Criolabs ::.

 


Criolabs is dedicated to discovery all kind of software vulnerabilities.

 



.:: Staff ::.

 


Manuel Lopez
Carlos Saenz





.:: Contact ::.

 


contact(at)criolabs.net

 


Advisories
 

Subjects 2.0 Postnuke module SQL-Injection vulnerabilities.
@Date: Sep 09 2004.
Multiple SQL-Injections, Proof of concept to retrieve the MD5 password hash of a user.

getIntranet Multiple vulnerabilities.
@Date: Sep 09 2004.
Multiple SQL-Injections, Cross-Site Scripting, ID spoof, File upload vulnerability, ASP code execution on the server, Privilege escalation vulnerability...
getInternet SQL-Injection vulnerabilities.
@Date: Sep 09 2004.
An attacker can use stored procedures like master..xp_cmdshell to perform remote execution.
Password Protect XSS and SQL-Injection vulnerabilities.
@Date: Aug 30 2004.
A remote user can use an sql-injection attack to login as admin or manipulate the database, also can conduct XSS attacks.
ADSL Barricade (SMC7204BRA) Denial of Service.
@Date: Aug 30 2004.
Denial of service in the web-based management user interface
Vulnerabilities in Merak Webmail Server.
@Date: Aug 17 2004.
Cross-Site Scripting, Full path disclosure, Exposure of PHP files, SQL-Injection.. (Advisory Attachment)
Props XSS and Remote File Viewing Vulnerability.
@Date: May 1 2004.
A remote user can view files on the system. A remote user can also conduct cross-site scripting attacks.

NewsPHP Authentication Flaw Lets Remote Users Gain Administrative Access.
@Date: Apr 12 2004.
A remote user can gain administrative access on the application. A remote authenticated administrator can upload arbitrary files. Cross-site scripting attacks are also possible.

A-CART Input Validation Hole Lets Remote Users Inject SQL Commands and XSS.
@Date: Mar 29 2004.
A remote user can inject SQL commands and conduct cross-site scripting attacks.
Expinion Member Management System Input Validation Holes Let Remote Users Inject SQL and Conduct Cross-Site Scripting Attacks.
@Date: Mar 20 2004.
A remote user can inject SQL commands and conduct cross-site scripting attacks.
Expinion News Manager Authentication Flaw Lets Remote Users Gain Administrator Access.
@Date: Mar 20 2004.
A remote user can hijack the administrator's account, inject SQL commands, and conduct cross-site scripting attacks.
ASP Portal Has Multiple Flaws That Let Remote Users Hijack Accounts, Inject SQL Commands, and Conduct Cross-Site Scripting Attacks.
@Date: Feb 14 2004.
A remote user can inject SQL commands and can hijack user accounts. A remote user can also conduct cross-site scripting attacks.
MaxWebPortal Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks.
@Date: Feb 11 2004.
A remote user can supply a specially crafted value to execute certain SQL queries on the target system's database.
A remote user can conduct cross-site scripting attacks.
PHPX Cookie Authentication Flaw Lets Remote Users Hijack a Target User's Account.
@Date: Feb 3 2004.
A remote user can hijack a target user's account. A remote user can conduct cross-site scripting attacks.
|        

SecurityTracker advisories
 
 
|        

 


.:: Latest virus ::.

 




.:: News ::.