|
|
Prev week |
Colapse all |
Post message
[SECURITY] [DSA 1226-1] New links packages fix arbitrary shell command execution 2006-12-03 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities 2006-12-03 joey infodrom org (Martin Schulze) MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit 2006-12-03 ajannhwt hotmail com ************************************************************************ ******* # Title : MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit # Author : ajann # Contact : :( # Tested : IE 6.0 XP SP2 ************************************************************************ ****** [ more ] [ reply ] PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting 2006-12-03 ajannhwt hotmail com ************************************************************************ ************* # Title : PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability # Author : ajann # Contact : :( # Tested : Just 2.7.0-pl2 ******************************************** [ more ] [ reply ] 2[xss]Vulnerabilities in Script Mobile Ac4p.com 2006-12-03 gamr-14 hotmail com Discovered : SwEET-DeViL Product: http://www.ac4p.com tame : AL-garnei Saudi Arabia ********************* // Vulnerabilities there again this link http://www.securityfocus.com/archive/1/450496/30/0/threaded **// ################################################ \1in up.php http://site.com/path/up. [ more ] [ reply ] SMF upload XSS vulnerability 2006-12-03 Jessica Hope (jessicasaulhope googlemail com) ====================================================================== Advisory : SMF upload XSS vulnerability Release Date : December 4th, 2006 Application : Simple Machines Forum Version : SMF 1.1 Final (and earlier versions) Platform : PHP Vendor URL : http://www.simplemachines.org Authors : Jes [ more ] [ reply ] [SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities 2006-12-03 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities 2006-12-03 joey infodrom org (Martin Schulze) [ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail 2006-12-02 ISecAuditors Security Advisories (advisories isecauditors com) ============================================= INTERNET SECURITY AUDITORS ALERT 2006-010 - Original release date: September 28, 2006 - Last revised: December 1, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY ---------------- [ more ] [ reply ] Metyus Okul Yönetim Sistemi V.1.0 (tr) Sql injection Vuln. 2006-12-02 ShaFuq31 HoTMaiL CoM # LiderHack.Org # script name : Metyus Okul Yönetim Sistemi V.1.0 (tr) # Script Download : http://www.maxiasp.com/scriptler.asp?ktno=1 # Risk : High # Found By : ShaFuck31 # Thanks : Dekolax , DesquneR , ST@ReXT , SaboTaqe # Vulnerable file : uye_giris_islem.asp #Manual connect : Go to Admin [ more ] [ reply ] [ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail 2006-12-02 ISecAuditors Security Advisories (advisories isecauditors com) ============================================= INTERNET SECURITY AUDITORS ALERT 2006-011 - Original release date: September 28, 2006 - Last revised: December 1, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY ---------------- [ more ] [ reply ] listpics v5 2006-12-02 blasterim hotmail com ######################################################## # Title: listpics v5 # Author: BLaSTER # Contact: blasterim (at) hotmail (dot) com [email concealed] # Script: http://www.aspindir.com/indir.asp?id=2866 ######################################################## //Database Hacked.. # http://[target]/[path]/Database/[.mdb [ more ] [ reply ] fl0p - passive L7 flow fingerprinting 2006-12-03 Michal Zalewski (lcamtuf dione ids pl) I'd like to announce the availability of a tool called fl0p, which I hope might be of some interest to various network security dudes and dudettes on the list (and will hopefully serve as a convenient framework for cool research). The tool is a simple flow-analyzing passive L7 fingerprinter. It exa [ more ] [ reply ] [ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS 2006-12-02 ISecAuditors Security Advisories (advisories isecauditors com) ============================================= INTERNET SECURITY AUDITORS ALERT 2006-007 - Original release date: April 27, 2006 - Last revised: December 1, 2006 - Discovered by: Jesus Olmos Gonzalez - Severity: 2/5 ============================================= I. VULNERABILITY --------------------- [ more ] [ reply ] [Aria-Security Team] DuWare DuPaypal SQL Injection Vuln 2006-12-02 Advisory Aria-Security Net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=62 #----------------------------------------------------------- #Software: DuPaypal #Method: SQL Injection #Vendor: http:/ [ more ] [ reply ] [Aria-Security Team] DuWare DuDownloads SQL Injection Vuln 2006-12-02 Advisory Aria-Security Net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=60 #----------------------------------------------------------- #Software: DuDownload #Method: SQL Injection #Vendor: http [ more ] [ reply ] [Aria-Security Team] DuWare DuForum SQL Injection Vuln 2006-12-02 Advisory Aria-Security Net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=58 #----------------------------------------------------------- #Software: DUdForum 3.0 #Method: http://duware.com #Vendor [ more ] [ reply ] [ MDKSA-2006:222 ] - Updated koffice packages fixes integer overflow vulnerability 2006-12-01 security mandriva com PHPNews 1.3.0 XSS 2006-12-01 emulamex hotmail com PHP Script: PHPNews 1.3.0 Class: XSS Website: http://newsphp.sourceforge.net Found by: Detefix dork: inurl:phpnews ----- - Vulnerable Code: <?php print<<<EOT <a href="$url?action=fullnews&showcomments=1&id=$id">$subject</a> by $username on $time<br /> ----- - Exploits: http://[target]/ [ more ] [ reply ] [Aria-Security Team] DuWare DuClassMate SQL Injection Vuln 2006-12-02 Advisory Aria-Security Net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=59 #----------------------------------------------------------- #Software: DuClassmate #Method: SQL Injection #Vendor: htt [ more ] [ reply ] [Aria-Security Team] DuWare DuNews SQL Injection Vuln 2006-12-02 Advisory Aria-Security Net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=61 #----------------------------------------------------------- #Software: DuNews #Method: SQL Injection #Vendor: http://w [ more ] [ reply ] [Aria-Security Team] DuWare DuPortal SQL Injection Vuln 2006-12-02 Advisory Aria-Security Net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=63 #----------------------------------------------------------- #Software: DuPortal Pro 3.4 #Method: SQL Injection #Vendo [ more ] [ reply ] [ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability 2006-12-02 security mandriva com freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability 2006-12-01 -= SHELL =- -= SHELL =- (she1l hotmail com) Re: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow) 2006-12-01 Simon Josefsson (simon josefsson org) Solar Designer <solar (at) openwall (dot) com [email concealed]> writes: > However, in those (most common) cases when all you need is to concatenate > strings, relying on or providing an snprintf() implementation might be > an overkill. Gnulib's xvasprintf detects %s...%s format strings, which makes the code easy to analyse f [ more ] [ reply ] rPSA-2006-0222-1 tar 2006-12-01 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2006-0222-1 Published: 2006-11-30 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Indirect User Deterministic Vulnerability Updated Versions: tar=/conary.rpath.com@rpl:devel//1/1.15.1-7.1-1 References: http://www.cve.mitre.org/cgi-bin/cvena [ more ] [ reply ] |
|
Privacy Statement |
# script name : Vt-Forum Lite System V.1.3
# Script Download : http://aspindir.com/indir.asp?id=585
# Risk : High
# Found By : St@rExT
# Thanks : Dekolax , ShaFuck31 , ST@ReXT , Dekolax , Swat_Hack , Maverick , Candark , Torlaq , Woheras , Siruas
# Vulnerable file : vf_info.as
[ more ] [ reply ]