# ERNE ERNEALiZM BU ASK BiTMEZ
# WTools v0.0.1-ALPH - Remote File Include Vulnerabilities
# site: http://www.comscripts.com/jump.php?action=script&id=1880
# Script : WTools v0.0.1-ALPH
# Credits : ERNE
# Contact : [EMAIL PROTECTED] and irc.gigachat.net #ku
A important vulnerability into functions.php will allow a malicious user to
insert a remote file.
The Vulnerable Code:
include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' .
$phpEx );
(The phpbb_root_path isn't initialize and PHPBB_IN isn't checked)
Hi all;
Summary:
A directory transversal issue was found in LedgerSMB 1.0.0 involving the
terminal variable. This vulnerability was inherited from the SQL-Ledger
codebase. Due to the fact that SQL-Ledger has a built-in text editor,
this issue could result in arbitrary code execution on the s
# Subject:
--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "
# Vulnerable version:
--- "Newsscript version 0.5"
# Vendor URL:
--- Emaill - [EMAIL PROTECTED]
--- Website - http://webmaster-journal.com
# Available in:
---http://www.comscripts.com/scripts/
=
NullFlag
[EMAIL PROTECTED]
FROM SAUDI ARABIA
-
Producer: NETGEAR
http://www.netgear.com
=
In the login window when trying to send in the username field big amount of
data (like 1000 byte)
it gonna be DoSed.
You need to rest the router after that.
Th
I. SYNOPSIS
Title: Session Token Remains Valid After Logout in IBM Lotus Domino Web Access
7.0.1
Release Date: 09/12/2006
Affected Application: IBM Lotus Domino Web Access 7.0.1
(versions prior to 7.0.1 were not tested but may still be vulnerable).
Nominal Severity: Low
Severity If Success
Computer Terrorism (UK) :: Incident Response Centre
www.computerterrorism.com
Security Advisory: CT12-09-2006-2.htm
==
Microsoft Publisher Font Parsing Vulnerability
==
Advisory Date: 12th, Septembe
Computer Terrorism (UK) :: Incident Response Centre
www.computerterrorism.com
Security Advisory: CT12-09-2006
Adobe/Macromedia Flash Player - Remote Code Execution
A
rPath Security Advisory: 2006-0167-1
Published: 2006-09-12
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:
xorg-x11=/[EMAIL PROTECTED]:devel//1/6.8.2-30.2-1
xorg-x11-fonts=/[EMAIL PROTECTED]:devel//1
Hi,
this was also nicely described for ASP by Brett Moore
http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf
(French translation :
https://www.securinfos.info/jerome/DOC/0x00_vs_ASP_File_Uploads_FR.pdf )
Best regards
/JA
3APA3A a écrit :
Author: ShAnKaR
Title: multi
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [ERRATA UPDATE]GLSA 200609-05:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Apple QuickTime Player H.264 Codec Remote Integer Overflow
by Piotr Bania <[EMAIL PROTECTED]>
http://www.piotrbania.com
All rights reserved.
Severity: Critical - potencial remote code execution.
CVE:CVE-2006-4386
Apple QuickTime H.264 Integer Overflow Vulnerability
By Sowhat of Nevis Labs
Date: 2006.09.12
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060912.txt
CVE:CVE-2006-4381
Vendor:
Apple Inc.
Affected Versions:
Apple QuickTime versions < 7.1.3
Overview:
By carefully crafting
Apple QuickTime FLIC File Heap Overflow Vulnerability
iDefense Security Advisory 09.12.06
http://www.idefense.com/intelligence/vulnerabilities/
Sep 12, 2006
I. BACKGROUND
Quicktime is Apple's media player product used to render video and other
media. For more information visit http://www.apple.
Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer
Overflow Vulnerability
iDefense Security Advisory 09.12.06
http://www.idefense.com/intelligence/vulnerabilities/
Sep 12, 2006
I. BACKGROUND
The X Window System is a graphical windowing system based on a
client/server
model. More i
Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow
Vulnerability
iDefense Security Advisory 09.12.06
http://www.idefense.com/intelligence/vulnerabilities/
Sep 12, 2006
I. BACKGROUND
The X Window System is a graphical windowing system based on a
client/server
model. More informa
Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2
http://research.eeye.com/html/advisories/published/AD20060912.html
Release Date:
September 12, 2006
Date Reported:
August 24, 2006
Severity:
High (Code Execution)
Systems Affected:
Internet Explorer 5 SP4 with MS06-042 - Wi
17 matches
Mail list logo