Title : PHPWebGallery Multiple Cross Site Scripting Vulnerabilities
Author: Mourad aka Psych0
Moroccan Security Team
Vendor: www.phpwebgallery.net
Software: PHPWebGallery
Version: 1.4.1
category.php and picture.php scripts are vulnerable to XSS attacks.
Exploits:
http://target/phpwebgallery_di
Title : phpMyForum Cross Site Scripting & CRLF injection
Author: Mourad aka Psych0
Moroccan Security Team
Vendor: www.phpmyforum.de
Version: 4.0
Examples:
http://target/path/index.php?page=[xsscode]&type=text%2Fcss
http://target/path/index.php?template=css&type=some_url%0d%0aSet-Cookie%3Aheader
Title : Jbook Cross Site Scripting
Author: Mourad aka Psych0
Moroccan Security Team
Vendor: www.jmuller.net
Version: 1.3
Jbook Guestbook is a PHP/MySQL based guestbook script.
Vulnerability in index.php, this issue can allow an
attacker to bypass content filters and potentially carry out xss att
New eVuln Advisory:
phpNewsManager Multiple SQL Injections
http://evuln.com/vulns/110/summary.html
Summary
eVuln ID: EV0110
CVE: CVE-2006-1560
Vendor: SkinTech Group
Vendor's Web Site: http://www.skintech.org/
Software: phpNewsManager
Versions: 1.48
Critical Lev
#!/usr/bin/php -q -d short_open_tag=on
http://retrogod.altervista.org\r\n\r\n";;
echo "-> this works against register_globals=On \r\n";
echo "a dork: inurl:\"lists/?p=subscribe\" |
inurl:\"lists/index.php?p=subscribe\"\r\n";
echo " -ubbi phplist\r\n\r\n";
if ($argc<4) {
echo "Usage: php ".$argv[0
Author : Ph03n1X
email : [EMAIL PROTECTED]
site : http://kandangjamur.net/
vendor : www.vegadns.org
version: 0.99
XSS
PoC :
http://exam.com/vegadns/index.php?VDNS_Sessid=m42644r75o1eg4f7mb7e4rnpg7&message=%3Ch1%3E%3Cmarquee%3Ealoo%3C/marquee%3E%3C/h1%3E
Vulnerable script is located in ind
It does, as long as IPv4 is all you have bound to the interfaces.
t
On 4/5/06 1:35 AM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> spoketh
to all:
> Yes, but i think that ISA should stop all level 3 protocols when the rules
> "Stop all traffic" is enabled, don't you ?
>
> Its a good politic to sto
My BlackICE stops this from XSS from happening, however changing the URL
from a .ae domain to a .com and leaving the rest in tact, I am then
prompted.
http://www.google.com/search?hl=ar&q=alert("1")&meta=
Ashes
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent:
The "no excuse" is binding IPv6 to the adapters in the first place and
expecting an IPv4 app to filter it. ISA doesn't filter NetBEUI either...
So, don't bind NetBEUI to the adapter, or better yet, if you do, don't
expect it to be filtered.
t
On 4/5/06 3:12 AM, "Christine Kronberg" <[EMAIL PRO
Original: http://www.silent-products.com/advisory4.5.06.txt
Myspace.com - Intricate Script Injection Vulnerability
Reported April 5th, 2006
Introduction
The following article details a real vulnerability within the major social
network Myspace.com. The seriousness of this script
MyBB 1.10 'newthread.php' < CrossSiteScripting >
[ Devil-00 | D3vil-0x1 ]
[*] Conditions [*]
1- your unregisterd user
2- you have permissions to do newthread
[---]
do newthread with this username :-
alert(document.cookie);D3vil-0x1
Then Preview it ;)
[---]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 2.4.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1608
- --- 0.Description ---
PHP is an HTML-embedded scripting language. Much of i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 26.3.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1494
- --- 0.Description ---
PHP is an HTML-embedded scripting language. Mu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[function *() php/apache Crash PHP 4.4.2 and 5.1.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 21.3.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1549
- --- 0.Description ---
PHP is an HTML-embedded scripting language. Mu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 26.2.2006
- -Public: 8.4.2006
from SecurityReason.Com
CVE-2006-0996
- --- 0.Description ---
PHP is an HTML-embedded scripting language. M
#!/usr/bin/php -q -d short_open_tag=on
http://retrogod.altervista.org\r\n\r\n";;
echo "dork: Welcome to your PHPOpenChat-Installation!\r\n\r\n";
if ($argc<4) {
echo "Usage: php ".$argv[0]." host path cmd OPTIONS\r\n";
echo "host: target server (ip/hostname)\r\n";
echo "path: path to PhpO
k k k k k kk kk kk k k k
k k k k k k k k k kk k k kk kk k k k k
kk <><> k k k kk kk kk kk k k k k kk
k k k k k k k kk k kkk k k k
TUGZip Archive Extraction Directory traversal
TUGZip is a powerful award-winning freeware archiving
utility for Windows® that provides support for a wide
range of compressed, encoded and disc-image files, as
well as many other very powerful features; all through
an easy to use application interfa
Dear Christine Kronberg,
--Wednesday, April 5, 2006, 2:12:10 PM, you wrote to bugtraq@securityfocus.com:
CK>is open for any attacks as long as they are IPv6 based. If that
CK>is right, this is an extremly nasty bug. If ISA Server 2004 and
CK>Windows 2003 Basic Firewall cannot
Dear bugtraq-Reader
Last Thursday 6th April 2006, Oracle released a note on the Oracle
knowledgebase Metalink with details about an unfixed security vulnerability
(=0day) and a working test case (=exploit code) which effects all versions of
Oracle from 9.2.0.0 to 10.2.0.3. This note "363848.1
XMB Forum 1.9.5 (I have not tested this on earlier versions)
allows users to embed flash (.swf) videos in their posts.
Normally, you could set an option on the tag to say that ActionScript
cannot run, but in this case we don't.
The way we execute our code is by making a flash movie containing th
You can find a few more of these using CSSDIE and/or Hamachi:
http://metasploit.com/users/hdm/tools/see-ess-ess-die/cssdie.html
http://metasploit.com/users/hdm/tools/hamachi/hamachi.html
-HD
On Friday 07 April 2006 10:12, [EMAIL PROTECTED] wrote:
> http://weirdtech.org/xpl.html
>
> Any scrollbar
Overflow.pl Security Advisory #5
Clam AntiVirus Win32-UPX Heap Overflow (not default configuration)
Vendor: Clam AntiVirus
Affected version: Prior to 0.88.1
Vendor status: Fixed version released (0.88.1)
Author: Damian Put <[EMAIL PROTECTED]>
URL: http://www.overflow.pl/adv/clamavupxinteger.txt
> They don't need more servers, just better software. If you think open
> recursion (DNS DoS amplification) is an issue ISPs can ignore, I suggest
> you look at the history of open SMTP relays and networks
> supporting/allowing directed broadcast.
I'll address the "ignore" part.
I don't think cl
http://weirdtech.org/xpl.html
Any scrollbar css property causes the crash to occur.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1025-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 6th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00637553
Version: 1
HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized
Access
NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.
Release Dat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00637342
Version: 1
HPSBUX02110 SSRT061110 rev.1 - HP-UX Running wu-ftpd Remote Denial
of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted
upon as soon as possibl
hmm, apparently the code-breaker's site is undergoing major works right now.
The html version of the article [Award BIOS COde Injection] available at:
http://www.geocities.com/mamanzip/Articles/POST_jump_table_hacking.html
And the much improved version of the old CodeBreaker's Award BIOS Revers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1023-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 5th, 2006
Hello,
Thank you for the disclosure of this issue. I'd like to better understand
the extent of the problem, for which the code snippets have been very
helpful, but I still would need some help in the case of the server
vulnerability.
Could you confirm my impression that the server vulnerabilit
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1026-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
April 6th, 2006
Author : KaDaL-X
email : [EMAIL PROTECTED]
site : http://kandangjamur.net/
Multiple vulnerability in jupiter CMS
Vendor : http://www.highstrike.net/
version 1.1.5
Vulnerability code found in file modules/online.php
PoC:
XSS
http://xxx/jupiter/jupiter/index.php?n=modules/online&&a=1&language=1&l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1030-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 8th, 2006
On Mon, Apr 03, 2006 at 11:20:34PM +0200, Luigi Auriemma wrote:
> Application: Doomsday engine
> The Doomsday engine contains many functions used for the visualization
> of the messages in the console.
> Both Con_Message and conPrintf are vulnerable to a format string
> vulnerability which could
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory
===
Cisco Optical Networking System 15000 series and Cisco Transport Controller
Vulnerabilities
===
Adv
Virtual War File inclusion
-
Site:http://www.vwar.de/
Demo:http://www.vwar.de/demo/
---
File Ýnclusion
// get functions
$vwar_root = "./";
require ($vwar_root . "includes/functions_common.php");
require ($vwar_root . "includes
Sending it late as I missed to send this to bugtraq during the disclosure.
Google Reader "preview" and "lens" script improper feed validation
===
I. DESCRIPTION
Google Reader (http://www.google.com/reader/) helps organise the con
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1029-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 8th, 2006
Tuesday 4 of April of 2006, I have detected that it is possible to mount an
attack of the type Cross Site Scripting (XSS) in cherokee-0.5.0 and all
previous versions.
The problem resides, when introducing code HTML in the URL. Because previously,
it was let now of a seemed failure, from version
Dave Korn writes:
> Matthijs wrote:
> > I hope nobody generates passwords with ANY kind of pseudo-RNG.
>
> This is the main point, anyway.
>
> > By the way, if the random function can only generate numbers between 0
> > and 32767, won't 2 bytes be enough then? The algorithm will perform
42 matches
Mail list logo