Re: e107 website system Vulnerability

Heh, I every site that i've come across running the e107 portal seems to ask for admin login before you could use this exploit...Are you sure all versions are vulnerable? Doesn't even work on my own system without asking for login. ---

Certain operating systems can be sometimes locally DoSed when runningon particular types of hardware with certain versions of BIOS in specificmultiboot configurations (and you thought XSS is too much?

Yes, of course the subject line is silly... but in fact, the vulnerable combination actually occurs quite often. Still, I'm posting it here not because it's a very serious flaw, but because I find it amusing and unique. It's a CPU/BIOS/OS vulnerability, of sorts, and nobody's at fault, of course.

Re: e107 website system Vulnerability

Artoor, First off, I ask as a concerned party as I use this software quite a bit and for the fact that the vendor wasn't contacted before a 'High' severity issue was release to the wild. I'm currently unable to reproduce this at all. When I try the exploit code as provided against e107 (version

paFileDB 3.1

hola, paFileDB 3.1 (http://www.phparena.net) allows arbitrary file-upload and os-command execution. (security report attached) nice day, mEi -- WebSec.org / Martin Eiszner Gurkgasse 49/Top14 1140 Vienna Austria / EUROPE [EMAIL PROTECTED] http://www.websec.org tel: 0043 699 121772 37 paf

MDKSA-2003:071-1 - Updated xpdf packages fix arbitrary code execution vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: xpdf Advisory ID:

e107 website system Vulnerability

Informations : Advisory Name: e107 website system Vulnerability Author: hiruvim <[EMAIL PROTECTED]> Discover by: hiruvim <[EMAIL PROTECTED]> Website vendor : http://e107.org Affected System(s): All versions Severity: High Platform(s): Windows and Unix Issue: Security holes enable attackers

[ESA-20032407-018] Several local 'kernel' vulnerabilities.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ++ | Guardian Digital Security Advisory July 24, 2003 | | http://www.guardiandigital.comESA-20032407-018 | |

[CLA-2003:704] Conectiva Security Announcement - apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : apache SUMMARY : Denial of service vulnerabi

HP 4550 Printer - Remote XSS DoS -

-- - EXPL-A-2003-018 exploitlabs.com Advisory 018 -- -= HP Color LaserJet 4550 =- Donnie Werner July 22, 2003 http://exploitlabs.com Prod

RE: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !

I can positively confirm this vulnerability on both WMP 7 and 8 on Windows 98, ME, 2000, XP and 2003. The default Enhanced Security Configuration of IE on Windows 2003 does nothing to prevent automatically opening certain media types. The ASF file can be automatically opened through an IFRAME, bot

MDKSA-2003:078 - Updated mpg123 packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: mpg123 Advisory ID:

ZH2003-12SA (security advisory): PHP-G�stebuch Ver. 1.60 Beta

ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta Published: 23/07/2003 Released: 23/07/2003 Name: PHP-Gästebuch (http://www.php-gaestebuch.de) Affected System(s): All versions (?) Severity: Medium/High Platform(s): Windows and Unix Issue: Information disclosure enables atta

Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure

Integrigy Security Alert __ Oracle E-Business Suite AOL/J Setup Test Information Disclosure July 23, 2003 __ Summary: The Oracle Applications AOL/J Setup Test

Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow

Integrigy Security Alert __ Oracle E-Business Suite FNDWRR Buffer Overflow July 23, 2003 __ Summary: The Oracle Applications FNDWRR CGI program, used to retrie