Vulnerability Report

************************************************************************
*******

# Title : Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability

# Author : ajann

# Dork : faqview.asp?key

# Script Page : http://www.t-dreams.com

[ more ]  [ reply ]

Vulnerability Report

************************************************************************
*******

# Title : Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability

# Author : ajann

# Script Page : http://www.charon.co.uk

# Exploit;

*****************************************

[ more ]  [ reply ]

In the public hacking world, so far we have mostly seen USB technology
from security vendors... not the attackers side.

A few years ago we had discussions on pen-test
(http://archives.neohapsis.com/archives/sf/pentest/2004-06/thread.html#2
),
and later bugtraq and FD on these risks, following an art

[ more ]  [ reply ]

Vendor: Plume CMS 1.1.10

Found By : D3nGeR

Scripit Site : http://plume-cms.net

in file [prepend.php]

;

include_once $_PX_config['manager_path'].'/inc/class.config.php'

code

http://site.com/[path]manager/frontinc/prepend.php?_PX_config[manager_pa
th]=[shell code ]

[ more ]  [ reply ]

Vulnerability Report

************************************************************************
*******

# Title : Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability

# Author : ajann

# Script Page : http://quadcomm.com

# Exploit;

************************************************

[ more ]  [ reply ]

a file traversal attack is possible in busybox's http daemon when you send a url encoded slash like this http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have tested with busy box 1.01 and I dont know if other versions are vulenrable

[ more ]  [ reply ]

Hi,
There is a sql injection in Moodle 1.6.1+ (and maybe
before versions) :

The "$blogEntry" parameter passed to "insert_record()"
function in /blog/edit.php, is not checked properly .

Version 1.6.2 has been released (moodle.org).

- Omid

[ more ]  [ reply ]

Hello

Title : MyBB 1.2 Full path and Cross site scripting vulnerabilities

Discovered by : HACKERS PAL

Copyrights : HACKERS PAL

Website : WwW.SoQoR.NeT

Email : security (at) soqor (dot) net [email concealed]

Full path

inc/generic_error.php?message=1

inc/datahandlers/event.php

inc/datahandlers/pm.php

inc/datahandler

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-348-1 September 18, 2006
gnutls11, gnutls12 vulnerability
CVE-2006-4790
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ub

[ more ]  [ reply ]

########################################################################
##############
#
# PhotoPost PHP 4.6 - 4.5 [PP_PATH] >> Remote File Include
Vulnerability
#
########################################################################
##############
# Found by ..........: AG-Spider
#

[ more ]  [ reply ]

BizDirectory All version == RFI

vendor : idevspot.com

By : s3rv3r_hack3r

www: hackerz.ir & h4ckerz.com

www.domain.com/BizDirectory/Feed.php?stylesheet=[xss]

www.domain.com/BizDirectory/status.php?message=[xss]

[ more ]  [ reply ]

Vulnerability Report

************************************************************************
*******

# Title : EShoppingPro v1.0(search_run.asp) Remote SQL Injection Vulnerability

# Author : ajann

# Script Page : http://www.keyvan1.com

# Exploit;

***********************************

[ more ]  [ reply ]

Suggested Risk Level: Low

Type of Risk: Disabling security component.

Affected Software: VirusScan Enterprise 7.1.0 (client side, managed
centrally by ePolicy Orchestrator), Scan Engine: 4.4.00, the "VirusScan
On-Access Scan" component.
OS Environment: Windows 2000 workstation w/SP4 and all the

[ more ]  [ reply ]

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----

# HitWeb v3.0 - Remote File Include Vulnerabilities

# site : http://www.comscripts.com/jump.php?action=script&id=12

# Script : HitWeb v3.0

# Credits : ERNE

# Contact : erne (at) ernealizm (dot) com [email concealed] and irc.gigachat.net #kurdhack

# Tha

[ more ]  [ reply ]

Hello

Title : Limbo - Lite Mambo CMS Multiple Vulnerabilities (Remote File including - Full path - make php shell - and create folder with 0777 permissions)

Discovered by : HACKERS PAL

Copyrights : HACKERS PAL

Website : WwW.SoQoR.NeT

Email : security (at) soqor (dot) net [email concealed]

/**************************

[ more ]  [ reply ]

The following references are available too:

SANS ISC:
http://isc.sans.org/diary.php?storyid=1701
http://isc.sans.org/diary.php?storyid=1705

Microsoft Security Advisory #925444:
http://www.microsoft.com/technet/security/advisory/925444.mspx

US-CERT VU#377369:
http://www.kb.cert.org/vuls/id/377369

[ more ]  [ reply ]

rPath Security Advisory: 2006-0169-1
Published: 2006-09-15
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
firefox=/conary.rpath.com@rpl:devel//1/1.5.0.7-0.1-1
thunderbird=/conary.rpath.com@rpl:devel/

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Hi,

Apple Quicktime <= 7.1 is prone to a heap overflow vulnerability.

This flaw could lead to a remote code execution,if an attacker tricks
the victim to visit a malicious webpage with a specially crafted .fli
animation embedded.

The flaw is located within the "COLOR_64 chunk" Quicktime parser.

[ more ]  [ reply ]

I. BACKGROUND

Roller is the open source blog server that drives Sun Microsystem's blogs.sun.com employee blogging site, IBM DeveloperWorks blogs, thousands of internal blogs at IBM Blog Central, the Javalobby's 10,000 user strong JRoller Java community site, and hundreds of other blogs world-

[ more ]  [ reply ]

vendor : easypage.org

BY : s3rv3r_hack3r

www : hackerz.ir & h4ckerz.com

bug : >

default.aspx?page=Search&app=Search&srch=[sql]

and more ...

[ more ]  [ reply ]

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
=-==-=

+

+BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability

+

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
=-==-=

+

+Author: xoron (turkish hacker)

+

=-==-==-==-==-==-==-==-==-=

[ more ]  [ reply ]

* phpQuiz sensitive file (install.php without authentification) + Files containing interesting info (passwords for sql db)

* By : sn0oPy

* Risk : verry high

* Site : http://phpquiz.com/

* Dork : intitle:"phpQuiz" | " Développé par PhpQuiz v.1.0 " | "© PhpQuiz" | inurl:"PhpQuiz"

* exp

[ more ]  [ reply ]

Hello,

I would like to inform you about a vulnerability in Norton Personal Firewall.

Description:

Norton insufficiently protects its driver '\Device\SymEvent' against a manipulation by malicious applications and it
fails to validate its input buffer. It is possible to open this driver and send

[ more ]  [ reply ]

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
=-==-=

+

+Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability

+

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
=-==-=

+

+Author: xoron (turkish hacker)

+

=-==-==-==-==-==-==-

[ more ]  [ reply ]

#############################SolpotCrew Community################################

#

# phpBB XS (phpbb_root_path) Remote File Include

#

# Download file : http://www.phpbbxs.eu/dload.php?action=category&cat_id=2

#

####################################################################

[ more ]  [ reply ]

The IT Association @System http://www.atsystem.org is organizing the 4th
edition of the Convention on IT Security "Net&System Security" which
will be held at the Auditorium of Pisaâ??s CNR on October 17, 2006.
The event is being organized in collaboration with and coordination of
representatives of

[ more ]  [ reply ]

#############################Solpot Crew Community##############################

#

# ReviewPost 2.5 (RP_PATH) Remote File Inclusion

#

# Donwload File : http://3-bius.com/ReviewPost.zip

#

########################################################################
#########

#

#

# Bug Fou

[ more ]  [ reply ]