TalentSoft Web+Shop Path Disclosure

TalentSoft Web+Shop Path Disclosure Software: Web+Shop Version: 5.3.6 Website: http://www.webplus.com Bug: path disclosure Exploitation: Remote Description: Web+Shop is a user-friendly e-commerce shopping cart application for the web. Vulnerability: Web+Shop installation path can be disclosed by

Re: IBM

Hello, For IBM Tivoli products, http://www-306.ibm.com/software/sysmgmt/products/support/Tivoli_Proactive_Notification.html contains our contact information. I'm not certain of the contact points for the other brands, but if you report involves one of them, we will ensure that the report is p

ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow

ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-008.html April 13, 2006 -- CVE ID: CVE-2006-0092 -- Affected Vendor: Novell -- Affected Products: Novell GroupWise Messenger 2 -- TippingPoint(TM) IPS Customer Protection: T

SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow

SEC-CONSULT Security Advisory 20060413-0 title: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow program: Opera vulnerable version: <= 8.52 homepage: www.opera.com found: 2

Secunia Research: Adobe Document Server for Reader Extensions Multiple Vulnerabilities

== Secunia Research 13/04/2006 Adobe Document Server for Reader Extensions Multiple Vulnerabilities == Table of Contents Affected Softwa

SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit

--- SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit --- Discovered By SnIpEr_SA Author: SnIpEr_SA Exploit in Perl : http://www.milw0rm.com/expl

MyBB 1.10 New CrossSiteScripting ' member.php '

//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --// Webattack :- /mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url=">alert(1); //-- FixIT --// Open member.php GoTo Line :- 1030 .. if($mybb->input['url']) {

Re: Jupiter CMS <= 1.1.5 multiple XSS attack vectors.

The problem has been fixed, and now all bbcode is filtered before it is posted

phpMyAdmin 2.7.0-pl1

App: phpMyAdmin 2.7.0-pl1 Advistory by: p0w3r Exploit: /phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=[XSS] Example: /phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_c

RE: IBM

Try: [EMAIL PROTECTED] and [EMAIL PROTECTED] (these are in the US, not sure if they segment responsibility) -- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.co

Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2

Steven M. Christey wrote: > 3) One does not expect an interpreted language to segfault Behavior of an application in resource exhaustion scenarios is, for objective reasons, quite hard to handle. There might be no stack available to invoke an error handling routine, there might be no memory for I

MyBB 1.10 New XSS ' member.php '

//-- MyBB 1.10 New XSS ' member.php ' --// Webattack :- 1- Logout 2- Open Firefox 3- Use [ Live HTTP Headers ] 4- Do Register 5- Agree It 6- Edit Cookies By Live HTTP Headers 7- Add This Cookies :D mybb[referrer]=">HTML; //-- FixIT --// Open member

Re: Confixx 3.1.2 <= SQL Injection

hotfixes has been released http://www.swsoft.com/en/download/confixx/confixx31 http://download1.swsoft.com/Confixx/security_hotfix/release_notes.txt

Recon 2006: speaker lineup announcement

RECON 2006 - http://recon.cx Montreal, Quebec, Canada 16 - 18 June 2006 We are pleased to announce the final speaker lineup selection for the RECON conference. RECON is a computer security conference being held in Montreal. The conference offers a single track of presentations over the span of t

Re: google xss

On 4/10/06, pagvac <[EMAIL PROTECTED]> wrote: > Very nice observation. Good reminder that sometimes you don't need to > go fancy using different encodings and so on. Sometimes, changing a > simple field value can make a difference (such as in this case). Many > people have tried really hard to fin

RevoBoard [email] tag XSS

Revoboard (php) is based on an earlier version of PunBB. I know for sure that this affects v1.8. The email tag parser obsfucates emails to stop harvesters. To execute code, do this: [php] $code = '\'" onMouseover="javascript:alert(/xss/)">'; for($a=0;$a

phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit

--- phpWebSite <= 0.10.? (topics.php) Remote SQL Injection Exploit --- Discovered By SnIpEr_SA Author: SnIpEr_SA Exploit in Perl : http://www.milw0rm.c

Re: Multiple vulnerabilities in Blur6ex

The XSS issue in the shard parameter appears to be resultant from a more serious file inclusion vulnerability. This is the kind of diagnosis error that I have mentioned in the past [1]. Notice that the error message shows that it took the "shard" parameter and directly inserted it into a filenam

[BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Multiple Vulnerabilities in MS IE 6.0 SP2 Recently, I discovered three vulnerabilities in Microsoft Internet Explorer 6 SP2 with all patches applied. All of these bugs are located in `mshtml.dll' and are caused by incorrect handling of specially

[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 --- | BuHa Security-Advisory #11|Apr 12th, 2006 | --- | Vendor | W3C's Amaya| | URL | http://www.w3.org/Am

[eVuln] qliteNews SQL Injection Vulnerability

New eVuln Advisory: qliteNews SQL Injection Vulnerability http://evuln.com/vulns/114/summary.html Summary eVuln ID: EV0114 CVE: CVE-2006-1571 Vendor: r2xDesign.net Vendor's Web Site: http://www.r2xdesign.net/ Software: qliteNews Versions: 2005.07.01 Critical Lev

[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 --- | BuHa Security-Advisory #10|Apr 12th, 2006 | --- | Vendor | W3C's Amaya| | URL | http://www.w3.org/Am

[BuHa-Security] DoS Vulnerability in Firefox 1.5.0.1

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 --- | BuHa Security-Advisory #9 |Apr 12th, 2006 | --- | Vendor | Mozilla Firefox| | URL | http://www.mozilla.c

SimpleBBS v1.1(posts.php) remote command execution

[W]orld [D]efacers Team == Summary eVuln ID: WD10 Vendor: SimpleBBS Vendor's Web Site: www.simplemedia.org Software: SimpleBBS Forums Sowtware's Web Site: www.simplemedia.org Versions: v1.1 v 1.0.* Class: Remote PoC/Exploit: A

Windows Help Heap Overflow

/* * $ An open security advisory #15 - Windows Help Heap Overflow *

PatroNet CMS Xss Vuln

--- PatroNet CMS Xss Vuln --- Site : http://www.patronet.hu/ Bug : http://victim/";>alert(/Soot/) --- Source : http://soot.shabgard.org/bugs/PatroNet-CMS.txt Credit : Soot Shabgard Sec

Re: phpWebsite <= SQL Injection (friend.php) & (article.php)

This report incorrectly states that all versions up to the current version are vulnerable. The files used by the exploit were only present in phpWebSite up to version 0.83 which was released in 2002. v0.9x and later are not vulnerable.

Clansys Multiple Xss Vulnerabilities

- Clansys v.1.1 Multiple Xss Vulnerabilities - Bug: Clansys v.1.0 1- http://victim/path/index.php?page=archiv&func=search ">alert(/Soot/) Clansys v.1.1 1- http://victim/path/index.php?page=";>ale

[USN-270-1] xpdf vulnerabilities

=== Ubuntu Security Notice USN-270-1 April 13, 2006 kdegraphics, koffice, xpdf, cupsys, poppler, tetex-bin vulnerabilities CVE-2006-1244 === A security issue affects the foll

[security bulletin] HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00629555 Version: 6 HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as p