Multiple Cross Site Scripting Vulnerabilities were identified in
SoftComplex Inc. 's PHP Event Calendar, a reusable PHP script that
extends a web site's functionality with an event scheduler or news
archive.
http://www.softcomplex.com/products/php_event_calendar/

Attached is the advisory which deta

[ more ]  [ reply ]

# ForumJBC v4 < = Cross-Site Scripting - XSS Exploit ;

# Discovred By : ThE__LeO ;

# Software : ForumJBC v4 ;

# Site Of SoftWare : http://jbc.unlimited.free.fr

# Version : 4 ;

# Exploit : http://Www.Victime.Com/[Script]/haut.php?nb_connecte=<sc

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1175-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Noah Meyerhans
September 13th, 2006

[ more ]  [ reply ]

Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2
http://research.eeye.com/html/advisories/published/AD20060912.html

Release Date:
September 12, 2006

Date Reported:
August 24, 2006

Severity:
High (Code Execution)

Systems Affected:
Internet Explorer 5 SP4 with MS06-042 - Win

[ more ]  [ reply ]

Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow
Vulnerability

iDefense Security Advisory 09.12.06
http://www.idefense.com/intelligence/vulnerabilities/
Sep 12, 2006

I. BACKGROUND

The X Window System is a graphical windowing system based on a
client/server
model. More informat

[ more ]  [ reply ]

Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer
Overflow Vulnerability

iDefense Security Advisory 09.12.06
http://www.idefense.com/intelligence/vulnerabilities/
Sep 12, 2006

I. BACKGROUND

The X Window System is a graphical windowing system based on a
client/server
model. More in

[ more ]  [ reply ]

Apple QuickTime FLIC File Heap Overflow Vulnerability

iDefense Security Advisory 09.12.06
http://www.idefense.com/intelligence/vulnerabilities/
Sep 12, 2006

I. BACKGROUND

Quicktime is Apple's media player product used to render video and other
media. For more information visit http://www.apple.c

[ more ]  [ reply ]

Apple QuickTime H.264 Integer Overflow Vulnerability

By Sowhat of Nevis Labs
Date: 2006.09.12

http://www.nevisnetworks.com
http://secway.org/advisory/AD20060912.txt

CVE: CVE-2006-4381

Vendor:
Apple Inc.

Affected Versions:
Apple QuickTime versions < 7.1.3

Overview:
By carefully crafting a co

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-344-1 September 12, 2006
libxfont, xorg vulnerabilities
CVE-2006-3739, CVE-2006-3740
===========================================================

A security issue affects the following Ubuntu releases:

U

[ more ]  [ reply ]

Computer Terrorism (UK) :: Incident Response Centre

www.computerterrorism.com

Security Advisory: CT12-09-2006

============================================================

Adobe/Macromedia Flash Player - Remote Code Execution

============================================================

[ more ]  [ reply ]

Computer Terrorism (UK) :: Incident Response Centre

www.computerterrorism.com

Security Advisory: CT12-09-2006-2.htm

==============================================

Microsoft Publisher Font Parsing Vulnerability

==============================================

Advisory Date: 12th, Sept

[ more ]  [ reply ]

Apple QuickTime Player H.264 Codec Remote Integer Overflow
by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]>
http://www.piotrbania.com
All rights reserved.

Severity: Critical - potencial remote code execution.

CVE: CVE-2006-4386

Orginal URL:
http://piotrbania.com/all/adv/quicktime-integer-ove

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200609-05:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

I. SYNOPSIS

Title: Session Token Remains Valid After Logout in IBM Lotus Domino Web Access 7.0.1

Release Date: 09/12/2006

Affected Application: IBM Lotus Domino Web Access 7.0.1

(versions prior to 7.0.1 were not tested but may still be vulnerable).

Nominal Severity: Low

Severity If Success

[ more ]  [ reply ]

=============

NullFlag

nullflag (at) gmail (dot) com [email concealed]

FROM SAUDI ARABIA

-------------

Producer: NETGEAR

http://www.netgear.com

=============

In the login window when trying to send in the username field big amount of data (like 1000 byte)

it gonna be DoSed.

You need to rest the router after that.

Tha

[ more ]  [ reply ]

# Subject:

--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "

# Vulnerable version:

--- "Newsscript version 0.5"

# Vendor URL:

--- Emaill - mail (at) webmaster-journal (dot) com [email concealed]

--- Website - http://webmaster-journal.com

# Available in:

---http://www.coms

[ more ]  [ reply ]

Hi all;

Summary:
A directory transversal issue was found in LedgerSMB 1.0.0 involving the
terminal variable. This vulnerability was inherited from the SQL-Ledger
codebase. Due to the fact that SQL-Ledger has a built-in text editor,
this issue could result in arbitrary code execution on the ser

[ more ]  [ reply ]

A important vulnerability into functions.php will allow a malicious user to insert a remote file.

The Vulnerable Code:

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

(The phpbb_root_path isn't initialize and PHPBB_IN isn't checked)

[ more ]  [ reply ]

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----

# WTools v0.0.1-ALPH - Remote File Include Vulnerabilities

# site : http://www.comscripts.com/jump.php?action=script&id=1880

# Script : WTools v0.0.1-ALPH

# Credits : ERNE

# Contact : erne (at) ernealizm (dot) com [email concealed] and irc.gigachat.net #ku

[ more ]  [ reply ]

rPath Security Advisory: 2006-0167-1
Published: 2006-09-12
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:
xorg-x11=/conary.rpath.com@rpl:devel//1/6.8.2-30.2-1
xorg-x11-fonts=/conary.rpath.com@rpl:dev

[ more ]  [ reply ]

Hi,
There are 2 sql injections in Tikiwiki 1.9.4 (and maybe before versions) :

I) There is a call to "get_process()" function in "tiki-g-admin_processes.php"
file, without checking "pid" parameter :

File /tiki-g-admin_processes.php, Line 35 :
:: $info = $processManager->get_process($_REQUEST["pid"

[ more ]  [ reply ]

Hello

Title : CMS.R. the Content Management System admin authentication baypass

Discovered by : HACKERS PAL

Copyrights : HACKERS PAL

Website : WwW.SoQoR.NeT

Email : security (at) soqor (dot) net [email concealed]

The Vulnerability works 100% with magic_quotes_gpc = off

put the user name value (' or 1=1/*)

[code]

[ more ]  [ reply ]

Author: ShAnKaR
Title: multiple PHP application poison NULL byte vulnerability
Applications: phpBB 2.0.21, punBB 1.2.12
Threat Level: Critical
Original advisory (in Russian): http://www.security.nnov.ru/Odocument221.html

Poison NULL byte vulnerability for perl CGI applications was described
in

[ more ]  [ reply ]

Hello

insert this code in your project :

=============

private sub Label1_click()

msgbox(prompt,vbokcancel,"test",,"test") as vbmsgboxresult

end sub

=============

PoC : http://silversmith.persiangig.com/PoC.rar

=============

Abolfazl Mallahzadeh

Ashiyane Digital Security Team

[ more ]  [ reply ]

#############################SolpotCrew Community################################

#

# Mcgallerypro (path_to_folder) Remote File Inclusion

#

# Download file : http://phpforums.net/mcgp/mcgp.zip/mcgp.zip

#

########################################################################
###

[ more ]  [ reply ]