Estate Agent Manager = v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability

*** # Title : Estate Agent Manager = v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability # Author : ajann *** Example:

Mega Mall [ multiples injection sql full path disclosure ]

vendor site: http://products.kaonsoftwares.com/ product: mega-mall bug:injection sql full path disclosure language: asp risk: high injection sql (get): http://site.com/mega-mall/product_review.php?t=[sql] http://site.com/mega-mall/product_review.php?t=0productId=[sql]

MyStats =1.0.8 [injection sql, multiples xss, array full path disclosure]

MyStats =1.0.8 [injection sql, multiples xss, array full path disclosure] vendor site: http://emcity.nexenservices.com/mystats/index.php product :MyStats 1.0.8 bug: injection sql, multiples xss, array full path disclosure risk : medium [1/3] Connexion Variable XSS Exploits:

PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit

+ + + PHPKit 1.6.1 RC2 + + Original advisory: + http://www.bb-pcsecurity.de/ + + + + Affected Software .: PHPKit 1.6.1 RC2 + Venedor ...:

TOPSTORY BASIC Version 1.0 = Remote File Include Vulnerability

# TOPSTORY BASIC Version 1.0 = Remote File Include Vulnerability # Script.. :TOPSTORY # Discovered By : rUnViRuS # Class.. : Remote # Original Advisory : http://sec-area.com # # file :- index.php # bug Code :- include($tst[headerfile]);

[SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1209-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 12th, 2006

Exophpdesk V1.2 - Remote File Include

== # Exophpdesk V1.2 - Remote File Include by Firewall # Application Affect: Exophpdesk V1.2 # Sorce Code:

Wordpress File Inclusion

WordPress Remote File Inclusion Download:http://wordpress.org/latest.zip Found by _ANtrAX_ http://foro.c-group.org ~~~ Vulnerable Code: { global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query,

[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue

[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue Details === Product: ShopSystems Affected Version: = 4.0 Immune Version: none Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.shopsystems.biz Vendor-Status: informed Advisory-Status: published Credits

phpManta - Mdoc = 1.0.2 (view-sourcecode.php) Local File Include Exploit

#!/usr/bin/perl #[Script Name: phpManta - Mdoc = 1.0.2 (view-sourcecode.php) Local File Include Exploit #[Coded by : ajann #[Author : ajann #[Contact: :( use IO::Socket; use LWP::Simple; @apache=( ../../../../../var/log/httpd/access_log, ../../../../../var/log/httpd/error_log,

UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability

*** # Title : UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability # Author : ajann *** ###http://[target]/[path]//detail.asp?ID=[SQL]

NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit

From:Filistin,Lubnan,IraQ,Turkey #!/usr/bin/perl #[Script Name: NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit #[Coded by : ajann #[Author : ajann #[Contact: :( use IO::Socket; if(@ARGV 3){ print

NuRems 1.0 Remote XSS/SQL Injection Exploit

From:Filistin,Lubnan,IraQ,Turkey NuRems 1.0 Remote XSS/SQL Injection Exploit XSS: form name=RequestForm action=http://x/sch1.asp; method=POST select name=stcode size=10 option value=XSS HEREAlabama /select td align=center INPUT TYPE=submit VALUE=Show cities... /form /XSS SQL:

Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability

On 11/7/06, Raphael Marichez [EMAIL PROTECTED] wrote: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability

*** # Title : NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability # Author : ajann From:Filistin,Lubnan,IraQ,Turkey ***

Re: feedsplitter considered harmful

Anyone look at the posted fix to this vulnerability yet? From the http://chxo.com/software/feedsplitter/ website: Sep 19, 2006: Mandatory Upgrade: Feedsplitter 2006-09-19 Mandatory upgrade. This fixes the issues articulated in this post. I'm sorry this took so long to fix, the author

NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit

#From:Filistin,Lubnan,IraQ,Turkey #!/usr/bin/perl #[Script Name: NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit #[Coded by : ajann #[Author : ajann #[Contact: :( use IO::Socket; if(@ARGV 3){ print

[SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1208-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 11th, 2006

XSS in Email Signature Script

Vulnerability Type: XSS in Email Signature Script Download Page: http://www.liquism.com/downloads/email/ Exploit: type the following in the filed or submit it as _POST using javascript http request. scriptalert(1);/script Regards milado

infinicart [ multiples injection sql xss (post) ]

vendor site: http://www.ecommercemax.com/ product : infinicart bug: multiples injection sql xss language : asp risk : high injection sql (get): /infinicart-demo/browse_group.asp?groupid=[sql] /infinicart-demo/added_to_cart.asp?productid=[sql] /infinicart-demo/browsesubcat.asp?catid=[sql]

shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit

#!/usr/bin/perl ## # shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit # # Bug iN shambo2.php [include($mosConfig_absolute_path . '/components/com_shambo2/define.php');] # # you can test it on http://www.kittycleveland.com/site/ # # Bug Found coded By Crackers_Child ## # [EMAIL

Re: Cross Site Scripting (XSS) Vulnerability in Netquery by VIRtech

This issue has been resolved in ALL current Netquery downloads at http://virtech.org/tools/ and, for those who downloaded prior to November 11, 2006, a patch is available at the same location. The following information is from the README.txt file included in the patch: This patch for

Web Interface remote file inclusion

Software:Web based bibliography management system Download link: http://sourceforge.net/projects/aigaion/ script:_basicfunctions.php author: navairum

VBulletin DoS Exploit [ all Versions ]

# VBulletin DoS Exploit by www.h4x0r.ir # # The exploit was tested on 15 machines And 13 of them got Crashed. 98% Works ;) # # important = Image Verification in (search.php) is NOT Enabled. # It works on 3.6.3 and prior [all] ! # #Perl Script use Socket; if (@ARGV 2) { usage; }

Digipass Go3 Token Dumper (at least for 2006)

The initial reverse engineering of Vasco’s Digipass Go3 algorithm follows in C++. I think this implementation is a rough approximation, if we take some limitations about 2006 and the calculations made into account. Or I'm just joking… :) This generator was able to predict an otp collision,

Phpjobscheduler 3.0 - Multiple Remote File Include

== # Phpjobscheduler 3.0 - Multiple Remote File Include by Firewall # Application Affect: phpjobscheduler 3.0 # Source Code:

Phpdebug 1.1.0 - Remote File Include by Firewall

== # Phpdebug 1.1.0 - Remote File Include by Firewall # Application Affect: Phpdebug 1.1.0 # Source Code:

ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow

ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-038.html November 9, 2006 -- CVE ID: CVE-2006-5821 -- Affected Vendor: Citrix -- Affected Products: Citrix MetaFrame XP 1.0 Citrix MetaFrame XP 2.0 Citrix MetaFrame

UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability

*** # Title : UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability # Author : ajann *** Admin Panel=

Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability

*** # Title : Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability # Author : ajann *** Products:: ASP Scripter

CPanel Multiple Cross Site Scription

#Aria-Security Team Advisory #www.Aria-security.Com For English #www.Aria-Security.net For Persian #Original Advisory : http://aria-security.net/advisory/cpanel.txt #--- #Software: CPanel #Tested On CPanel 10 #CPanel file Manager: #PoC:

Old SAP exploits

For historical purposes only (everything should compile/run fine). An TGZ archive is attached to this email, and a mirror is available on my website : http://nicob.net/mirrors/sap_sploits.tgz o testing users and passwords with RfcOpenEx (account locking bypass) : - allow networked attack on SAP

Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability

*** # Title : Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability # Author : ajann *** Example:

Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow

Hi, Very old news, http://www.securiteam.com/windowsntfocus/5QP0R156AC.html, apparently it was never patched by the vendor. On Friday 10 November 2006 18:57, [EMAIL PROTECTED] wrote: -=[ADVISORY---]=- Essentia Web Server V 2.15

ASPPortal = 4.0.0 (default1.asp) Remote SQL Injection Exploit

Perl Script Decode: #!/usr/bin/perl #AspPortal Password Decrypter #Get pass exploit.asp and this copy this window #Speical Thanks To::: Nukedx ,For ASPPORTAL Decrypter #ajann if(@1 = 1) { exploit(); } sub decrypt () { $lp = length($appass); $apkey =

UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability

*** # Title : UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability # Author : ajann # Dork : UPublisher ***

[SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1209-2[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 12th, 2006

SinFP 2.04 release, works under Windows

Hi, I'm pleased to announce the availability of SinFP 2.04, which now can run under Windows ActivePerl. SinFP is a new approach to active and passive OS fingerprinting, you can know more about its features here: http://www.gomor.org/sinfp SinFP has now more than 130 signatures in its

Challenges faced by automated web application security assessment tools

There are many challenges that web application security scanners face that are widely known within the industry however may not be so obvious to someone evaluating a product. For starters if you think you can just download, install, and run a product against any site and get a report outlining

DirectAdmin Multiple Cross Site Scription

#Aria-Security Team Advisory #www.Aria-security.Com For English #www.Aria-Security.net For Persian #Original Advisory : http://aria-security.net/advisory/directadmin.txt #--- #Software: DirectAdmin V1.28.1 #DirectAdmin level used : Admin

[FLSA-2006:211760] Updated gzip package fixes security issues

- Fedora Legacy Update Advisory Synopsis: Updated gzip package fixes security issues Advisory ID: FLSA:211760 Issue date:2006-11-13 Product: Red Hat Linux, Fedora Core Keywords:

VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - --- VMware Security Advisory Advisory ID: VMSA-2006-0006 Synopsis: VMware ESX Server 2.5.3 Upgrade Patch 4 Patch URL:

Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability

um ... doesn't that make it a *remote* privilege escalation ? in a certain way... you're right... although that requires the user complicity, strictly speaking, you're right. The guy who would manage to remotely root a box with that vulnerability would be really good. The real serious risk is

iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability

Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability iDefense Security Advisory 11.08.06 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 08, 2006 I. BACKGROUND Citrix Presentation Server is a product designed to allow remote access to applications over a

[ GLSA 200611-08 ] RPM: Buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - --- VMware Security Advisory Advisory ID: VMSA-2006-0007 Synopsis: VMware ESX Server 2.1.3 Upgrade Patch 2 Patch URL:

New Bug MiniBB Forum = 2 Remote File Include (index.php)

Title : MiniBB Forum = 2 Remote File Include (index.php) ### Discovered By ThE-LoRd-Of-CrAcKiNg {MeHdi} Sorce Code:

VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - --- VMware Security Advisory Advisory ID: VMSA-2006-0005 Synopsis: VMware ESX Server 2.5.4 Upgrade Patch 1 Patch URL:

VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - --- VMware Security Advisory Advisory ID: VMSA-2006-0009 Synopsis: VMware ESX Server 3.0.0 AMD fxsave/restore issue Knowledge base

VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - --- VMware Security Advisory Advisory ID: VMSA-2006-0008 Synopsis: VMware ESX Server 2.0.2 Upgrade Patch 2 Patch URL:

[ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: Wordpress File Inclusion

- wp-include/functions.php line:2166 -- function load_template($file) { global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query, $wp_rewrite, $wpdb; extract($wp_query-query_vars); require_once($file); }