|
|
Prev week |
Colapse all |
Post message
DGNews version 2.1 Path Disclosure Vulnerability 2007-05-28 securityresearch netvigilance com netVigilance Security Advisory #21 DGNews version 2.1 Path Disclosure Vulnerability Description: DGNews is small and simple but powered news publishing. Easy installation, no programing required. But you can still change whatever you want (for advanced users). Features: add unlimited categories, a [ more ] [ reply ] RFI In Script FlashChat_v479 2007-05-28 Raed BsdMail Com Discovered By Hasadya Raed Contact : RaeD (at) BsdMail (dot) Com [email concealed] -------------------------- Script : FlashChat_v479 Download : files.filefront.com/FlashChat+v479rar/;7192354;/fileinfo.html -------------------------- B.Files : connection.php >Require_once($f_cms); common.php > Require_once($f_cms); --------- [ more ] [ reply ] Inout Meta Searh engine Remote Code Execution 2007-05-28 BlackHawk (hawkgotyou gmail com) #!/usr/bin/php -q -d short_open_tag=on <? echo " Inout Search Engine (all version) Remote Code Execution Exploit by BlackHawk <hawkgotyou (at) gmail (dot) com [email concealed]> <http://itablackhawk.altervista.org> Thanks to rgod for the php code and Marty for the Love "; if ($argc<3) { echo "Usage: php ".$argv[0]." Host Path [ more ] [ reply ] n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory 2007-05-28 security nruns com [SECURITY] [DSA 1298-1] New otrs2 packages fix cross-site scripting 2007-05-28 Moritz Muehlenhoff (jmm debian org) [ GLSA 200705-20 ] Blackdown Java: Applet privilege escalation 2007-05-26 Raphael Marichez (falco gentoo org) Re: Pligg critical vulnerability 2007-05-26 crazy frog crazy frog (i m crazy frog gmail com) have you notified to the pligg developers?i think they have well defined policy for discloser? On 5/25/07, 242th section <242th.section (at) gmail (dot) com [email concealed]> wrote: > Pligg critical vulnerability > > Concerned version : 9.5 and ? > > Description : > > Pligg is a flexible CMS based on PHP and MYSQL. > > To re [ more ] [ reply ] Zindizayn Okul Web Sistemi v1.0 Sql VulnZ. 2007-05-26 g0rk3m-31 hotmail com # Script's Name : Zindizayn Okul Web Sistemi v1.0 (tr) # Script's MainPage : http://www.okulwebsistemi.com # Risk : Medium # Found By : ShaFuck31 # Thanks : | The RéD | DesquneR | SaboTaqe | ST@ReXT | BLaSTER | # Vulnerable file : mezungiris.asp & ogretmenkontrol.asp #Vuln : http://www.victim. [ more ] [ reply ] [USN-465-1] PulseAudio vulnerability 2007-05-25 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-465-1 May 25, 2007 pulseaudio vulnerability CVE-2007-1804 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 This advi [ more ] [ reply ] Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) 2007-05-25 diabol the japanophile (diaborusan gmail com) Well, in fact you can easily recover the data directly on the phone using something like FExplorer and an hex editor just take a look at the files in the subfolders of C:\system\Mail (hint hint: you can also copy attached files over to anywhere on the FS from there) what really sucks about this "f [ more ] [ reply ] iDefense Security Advisory 05.25.07: Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities 2007-05-25 iDefense Labs (labs-no-reply idefense com) Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities iDefense Security Advisory 05.25.07 http://labs.idefense.com/intelligence/vulnerabilities/ May 25, 2007 I. BACKGROUND Sun Microsystems Inc's Java System is a collection of server applications bundled together. One such server appl [ more ] [ reply ] rtpBreak - detects, reconstructs and analyzes any RTP session 2007-05-25 michele dallachiesa (michele dallachiesa gmail com) Ciao, I would like to announce you the first public release of rtpBreak. This is the description: --- rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In part [ more ] [ reply ] [OpenPKG-SA-2007.019] OpenPKG Security Advisory (php) 2007-05-25 OpenPKG GmbH (openpkg-noreply openpkg com) Vulnerability - cpCommerce - XSS 2007-05-25 jadoba jadoba net cpcommerce is a FOSS php-based e-commerce (shopping cart) web application. Exploit: Javascript placed inside a user's "Full Name:" field will not be stripped - it will be added to the database 'as-is' as long as it has no quotations in the string. When the admin goes to the clients view page, the [ more ] [ reply ] IE 6 / Dart Communications PowerTCP ZIP Compression Control (DartZip.dll 1.8.5.3) remote buffer overflow 2007-05-25 retrog alice it <!-- IE 6 / Dart Communications PowerTCP ZIP Compression Control (DartZip.dll 1.8.5.3) remote buffer overflow exploit / xp sp2 it by rgod site: retrogod.altervista.org software site: www.dart.com --> <html> <object classid='clsid:42BA826E-F8D8-4D8D-8C05-14ABCE99D4DD' id='DartZip'></object> <script l [ more ] [ reply ] Pligg critical vulnerability 2007-05-25 242th section (242th section gmail com) Pligg critical vulnerability Concerned version : 9.5 and ? Description : Pligg is a flexible CMS based on PHP and MYSQL. To reinitialize a forgotten password, Pligg follows a classical process. A confirmation code is generated and sent by email to the concerned user mail box. The user has to fo [ more ] [ reply ] Multiple XSS in Digirez 2007-05-25 xx_hack_xx_2004 hotmail com Hello Vulnerable : Digirez Version: 3.4 web : http://www.digiappz.com XSS : 1- http://www.example.com/room/info_book.asp?Room_name=[XSS] 2- http://www.example.com/room/week.asp?curYear=[XSS] For Example u can put : 1- http://www.example.com/room/info_book.asp?Room_name='><script>alert(1);< /scri [ more ] [ reply ] Web Directory / Search Engine v2.0 Authentication Bypass/Database Download Vulne 2007-05-25 pito pito (the-modest-pirate hotmail com) n.runs-SA-2007.009 - Avast! Antivirus SIS parsing Arbitrary Code Execution Advisory 2007-05-25 security nruns com GTP 3G © Gnuturk Portal System year=**&month= Cross-Site Scripting Vulnerability 2007-05-25 vagrant - e-hack.org (kernel-32 hotmail com) GTP 3G © Gnuturk Portal System ln&year=****&month= Cross-Site Scripting Vulnerability Vulnerability: http://www.target.com/mods.php?go=News&p=ln&year=2007&month="><h1>Vagran t</h1><script>alert(document.cookie)</script> Vulnerable: GTP 3G © Gnuturk Portal System Google d0rk: GTP 3G © Gnuturk Port [ more ] [ reply ] iDefense Security Advisory 05.24.07: Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability 2007-05-24 iDefense Labs (labs-no-reply idefense com) Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability iDefense Security Advisory 05.24.07 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2007 I. BACKGROUND Apple Mac OS X pppd is a setuid root application that is used to establish and configure connections [ more ] [ reply ] FLEA-2007-0022-1: file 2007-05-24 Foresight Linux Essential Announcement Service (foresight-security-noreply foresightlinux org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0022-1 Published: 2007-05-24 Rating: Moderate Updated Versions: file=/conary.rpath.com@rpl:devel//1/4.21-1-0.1 group-dist=/foresight.rpath.org at fl:1-devel//1/1.2.2-0.10-3 References: http://cve.m [ more ] [ reply ] |
|
Privacy Statement |
DGNews version 2.1 SQL Injection Vulnerability
Description:
DGNews is small and simple but powered news publishing. Easy installation, no programing required. But you can still change whatever you want (for advanced users). Features: add unlimited categories, aut
[ more ] [ reply ]