Script: DMCounter
Version: 0.9.2-b
Language: PHP
Problem: Remote File Include
Vendor: http://sourceforge.net/projects/dmcounter
Discovered by: beford xbefordx gmail com
Description
=
Statistics software based on PHP which does not require any database
support but just uses flat
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
dork: JMK's Picture Gallery
and last path to add : admin_gallery.php3?action=addupload=1
example:hhtp://www.site.com/path/.../admin_gallery.php3?action=addupload=1
credits:AlpEren,tugr@
google dork - inurl:planetgallery
last path add to /admin/gallery_admin.php
example:
http://site.com/planetgallery/admin/gallery_admin.php
no pass, no login, sending your shell.
credits:tugr@,AlpEren
google dork:powered by free-php.net poll
last path add to /admin/
select poll and modify or addnew poll
credits:tugr@
==
Secunia Research 01/05/2006
- WinHKI unacev2.dll Buffer Overflow Vulnerability -
==
Table of Contents
Affected
Ehlo,
Ian MacPhedran writes:
On Wed, 26 Apr 2006, Aaron Phillips wrote:
Konqueror 2.3.1 and Firefox 2.0a1 don't appear to be vulnerable. Be nice
to hear about Opera and IE.
Under Windows XP, neither Opera 8.54 nor IE 7.0 have any problems. (Nor
do OffByOne or Amaya, for what that's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1047-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 30th, 2006
The file http://w148.de/~cmertes/nachbarhaus1.exr will crash the Mac OS 10.4
Finder.app when it tries to preview it i.e. when opening the folder containing
the file. Safari will crash when opening a html page with an img tag
referring to this file. Preview.app and other applications are
#--
#Aria-Security.net Advisory
#Discovered by: O.U.T.L.A.W
# www.Aria-security.net
#Gr33t to: A.u.r.a [EMAIL PROTECTED] Smok3r
#---
» Software: Thyme 1.3
» Link:
---
foud by CrAzY CrAcKeR
Site:http://www.alshmokh.com
---
Bug is found in this script 4images 1.7.1
DB Error: Bad SQL Query: SELECT cat_id, cat_name, cat_description,
cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage,
auth_download, auth_upload,
Invision Power Board v2.1.5 Remote SQL Injection
Filename:- func_mod.php
Functionname:- post_delete()
Lines :- 89 To 209
Bug Found By :- Devil-00
Greetz :-
Rock Master ^ Hackers Pal ^ n0m4rcy ^
OpenBB 1.0.8 Full Path Disclosure
Bug Found By :- Devil-00
Gr33tz :- Www.securitygurus.neT
Rock Master
Hackers Pal
n0m3rcy
-= 1-2 =-
Full Path Disclosure
Exploits :-
Jon,
You failed to explain why would we take the time and knowledge to do this
for you, especially when you requested the information to be privately sent
only to you?
Original Message Follows
From: Jon R. Kibler
To: [EMAIL PROTECTED],
?php
/*
I-RATER Platinum Remote File Inclusion exploit Cod3d by [EMAIL PROTECTED]
Gr33t:Oulaw - A.u.r.a - drTp - Cl0wn - b3hzad - Str0ke and all Persian Cyb3r
Team
Site:http://www.Aria-security.net
Dork:Powered by I-RATER PLATINUM
example:
Author : KaDaL-X
email : [EMAIL PROTECTED]
website : http://kandangjamur.net
Software tested
Version : 0.99.4
Vendor : http://xine.sourceforge.net
Proof Of Concept :
Type in your unix console something like this :
kandangjamur$xine %p-%p.mp3
Then, there are two error alert box
Discovered by: Qex
Date: 28 April 2006
/weblog_posting.php?mode=quoter=[SQL]w=1
Patches for 10.2.0.2.0 have been released but the bug is not solved. Patches
for other plattforms (such as HPUX or AIX) have been re-scheduled. It's not
important because ANY plattform (even with latest CPU) is vulnerable.
An exploit for Oracle 10.2.0.2.0 was published by N1v1hD $3c41r3 and
18 matches
Mail list logo
