You said :
By PHP Emperor
but this was a small advisory/exploit from KAPDA by me :
http://www.milw0rm.com/exploits/1807
http://www.securityfocus.com/bid/18043
and also orginal advisory :
http://www.kapda.ir/advisory-327.html
Hiox Guestbook 3.1
Homepage:
http://hscripts.com/scripts/php/gb.php
Description
A free guest book script that can be added in to any html website with php.
Effected files:
index.php
Exploit:
The input forms for signing the guestbook arent sanatized properally. This
could lead users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1069-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze, Dann Frazier
May 20th, 2006
/*
---
[N]eo [S]ecurity [T]eam [NST]® Advisory #22
---
Program : PunBB 1.2.11
Homepage: http://www.punbb.org
Vulnerable Versions: PunBB 1.2.11 lower ones
Risk: Low!
Destiney Rated Images Script v0.5.0
Homepage:
http://destiney.com/scripts
Description:
Destiney Rated Images script is continuation of the free phpRated script. Rated
Images is a web application written in
PHP for use with MySQL. Rated Images allows visitors to your site to list their
Destiney Links Script v2.1.2 - XSS Vulnv Full path errors.
Homepage:
http://destiney.com/scripts
Description:
Destiney Links is an Open Source project written in PHP for use with the MySQL
Server entity. Links provides a pre-built, dynamically generated, Link site.
Links counts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1070-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze, Dann Frazier
May 21th, 2006
Captivate 1.0
Homepage:
http://new-place.org/scripts/
Description:
A basic but highly-customizable PHP gallery script with optional thumbnail
creation. Designed with screencaps in mind, it works best for large galleries
of same-sized images.
Effected files:
gallery.php
Inproper
Vendor: Power-Place
www.power-place.net
(PHP Easy Galerie 1.1)
-
Author:Craziest
Contact: craziest(at)gmail(dot)com
Vuln discovered by BrEakerS
--
Method:An attacker can exploit
if the exception raises in some extension in the user profile and the page can
catch path to the user profile and so a remote attacker will know the user login
PoC: https://bugzilla.mozilla.org/attachment.cgi?id=164547
#!/usr/bin/php -q -d short_open_tag=on
?
echo XOOPS = 2.0.13.2 'xoopsOption[nocommon]' exploit\r\n;
echo by rgod [EMAIL PROTECTED];
echo site: http://retrogod.altervista.org\r\n\r\n;;
/*
works with:
magic_quotes_gpc = Off
register_globals = On
*/
if ($argc4) {
echo Usage: php
___
XAMPP - Multiple Priviledge Escalation and Rogue Autostart
___
Ref : TZO-072006-Xampp
Author : Thierry Zoller
WWW :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1069-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze, Dann Frazier
May 20th, 2006
Hi y'all,
the celebration week for Java is over, so let's come back to
some old bugs. 2,5 years ago I found a bug in 1.4.2_02 which
let browsers crash. Naively I submitted the bug to their database
and waited that the bug would be fixed. But until now, nothing happened.
Therefore I donate the
Vendor: http://www.phpwcms.de
Bugs: Path Disclosure, XSS, Local File Inclusion,
Remote Code Execution
Vulnerable Version: phpwcms 1.2.5-DEV (prior versions
also maybe affected)
Exploitation: Remote with browser
Description:
phpwcms is a web content management system optimized
= Skype - URI Handler Command Switch Parsing
=
= Vendor Website:
= http://www.skype.com
=
= Affected Version:
= Skype for Windows:
= All releases prior to and including 2.0.*.104
= Release 2.5.*.0 to and including
:
: By: Mr-X
: Email: [EMAIL PROTECTED]
: Subject: modules name(Sections)SQL Injection
:
:
: example:-
: /modules.php?name=Surveysop=resultspollID=8mode=order=thold=[SQL]
What product is this in? Searching for modules name sections is not that
: --
: foud by: BoNy-m
: Site: http://www.alshmokh.com
: E-mail: [EMAIL PROTECTED]
: --
:
: Search:
: allinurl:tseekdir.cgi
:
: example:
: /tseekdir.cgi?location=/etc/passwd%00
: /tseekdir.cgi?id=1055location=/etc/passwd%00
:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1071-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 22nd, 2006
Advisory: Perlpodder Remote Arbitrary Command Execution
RedTeam identified a security flaw in perlpodder which makes it possible
for a malicious podcast server to execute arbitrary shell commands on
the victim's client.
Details
===
Product: perlpodder
Affected Versions: All versions up to
Advisory: Prodder Remote Arbitrary Command Execution
RedTeam identified a security flaw in prodder which makes it possible
for a malicious podcast server to execute arbitrary shell commands on
the victim's client.
Details
===
Product: Prodder
Affected Versions: All versions up to
BitZipper Archive Extraction Directory traversal
BitZipper is an advanced data compression tool for
Windows that enables you to unzip 18 different
compression and encoding formats with superior
ease-of-use.
Create 8 different types of compressed files
http://www.bitzipper.com
Credit:
The
Hi there,
Website Baker 2.6.4 includes security fixes that should hopefully fix all of
these problems.
Ryan.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00600177
Version: 1
HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary
Code Execution, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin
ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-016.html
May 22, 2006
-- CVE ID:
CVE-2006-2496
-- Affected Vendor:
Novell
-- Affected Products:
Novell eDirectory 8.8
Novell iMonitor 2.4
-- TippingPoint(TM) IPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1073-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 22nd, 2006
Suggested Risk Level: Low.
Type of Risk: Information Leakage, Information Injection, Unauthorized
Access.
Affected Software: Novell Client for Windows, versions 4.9 and 4.8 (On
windows XP Pro and Windows 2000 Workstation).
This versions are the only one tested, thus other version may
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2006-05-17-1
-
ASPR #2006-05-17-1: Buffer Overflow In Retroclient Service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1072-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 22nd, 2006
Bojan actually makes a good point here. Is it possible you are filling up
the connection table during the scan?
--
Jim Clausing
GCFA, GCIA, GCFW, GSIP, GSOC, GREM, CISSP, CCSA
GPG fingerprint = EBD0 F967 3B1C 9EA6 79AD 8939 978A 079C 8BAB F921
On or about Wed, 17 May 2006, Bojan Zdrnja
--
Foud By: Brh CrAzY CrAcKeR
Site: www.alshmokh.com
Email:[EMAIL PROTECTED]
--
$query = $db-query(SELECT * FROM .TABLE_PREFIX.forums f WHERE 1=1
$forumlist);
$comma = - ;
while($forum =
On 8 May 2006 at 16:01, Zaninotti, Thiago wrote:
Folks,
During some specific tests with our upcoming Web App Security Scanner tool,
we have found that Apache would kindly accept HTML injection through
Expect header. Originally meant to be a protocol flow control that would
give web
--
- CANews Remote Multiple Vulnerability -
-= http://colander.altervista.org/advisory/CANews.txt =-
--
-= CodeAvalanche News Version 1.2
I want to correct one thing, in vBulletin board, there is a peculiarity.
The PATH is fixed by the program, by means of a filter catching the error, so
the local directory where the forum is installed is erased and you can only see
the web path..
Att.
sirdarckcat
On 5/17/06, Erick Mechler [EMAIL PROTECTED] wrote:
:: SYNdefender is disabled on the Nokia/Checkpoint firewall. Nokia's response
:: after seeing the results of the scan has been that SYNdefender is still
:: functional even if we disable it and valid authorized scans won't be
:: allowed from the
Original bug/exploit was sent to Sony Online Entertainment December 5th (5
months ago)
They havent fixed it yet.
You can read details here:
http://johnhasson.com/blog/archive/2006/05/18/175.aspx
Summary:
When logging into the forums (tested with the Matrix Online game forums) your
#Aria-Security.net Advisory
#Discovered by: O.u.t.l.a.w
# www.Aria-security.net
#Gr33t to: A.u.r.a [EMAIL PROTECTED] Smok3r DrtRp
#---
Software: BeoPed Portal
Link And Online Demo : http://www.beoped.com/beoportal/index.php
:single CPU Sun microsystems system running solaris7, 8, or 9
:(haven't tested on 10). E.g. netra.
:
:if you telnet to a local router, disable nagle (on purpose
:or by accident or whatever - if nagle is turned off), and then
TCP_NODELAY by any other name, I assume.
:ping another device with
phpRaid view.php XSS Vulnerability
Script : phpRaid
Script Website : http://www.spiffyjr.com/
Version : phpRaid v2.9.5
This Xss Works On phpRaid
Exploit ;
1-)
Http://www.example.com/phpRaid/view.php?scriptalert('Xss%20Vulnerability');/script
2-)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0028
Package names: kernel, mysql
Summary: Multiple vulnerabilities
Date: 2006-05-19
Affected
I found a bug in artmedic Newsletter 4.1 (proably even in newer versions) which
lets an attacker run arbitrary php-code and bypass the password protection.
The reason for this is mistake in design.
log.php:
?php
$time = time();
$date = date(d.m.Y, H:i:s);
$remote = getenv(REMOTE_ADDR);
Hello Ahmad:
I am wondering why you have not given option for Windows 2000 SP4
Professional in your python code. Is there any technical difficulty?
I think one can include the following snippet in your code after line # 95
---
elif value == '4:
Hello Sanjay
There was no technical difficulty. That was just a POC
to proof the vulnerability and not to exploit it in
the wild. The choice at your disposal is limit less.
You can also debug the programe on windows 2003 server
and include the offsets. you can debug it on windows
2000
http://bugs.php.net/bug.php?id=35429
I've written about that bug earlier, but php team didn't evaluate it as
a bug..
--
Kamil 'K3' Sienicki
Hackernetwork.Com Mail XSS Vulnerability
We use this method for steal mail adress.We use XSS (cross site scripting).
We will send this with xss code to someone and then if he or she open this
mail after that their cookies come to our log adress.
We use Proxomitron for login this mails and
For those unfamiliar with MS quarantine control, you can read Jon Hassel's
tutorial on Windows 2003 Network Access Quarantine Control (NAQC)
[http://www.securityfocus.com/infocus/1794], and the ISA 2004 VPN Quarantine
(ISAQ) feature [http://www.securityfocus.com/infocus/1799].
A simplistic
48 matches
Mail list logo
