-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1172-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 9th, 2006

[ more ]  [ reply ]

Hello,,

Multible Injections in Jetbox CMS

Discovered By : HACKERS PAL & mohajali

Copy rights : HACKERS PAL & mohajali

Website : http://www.soqor.net

Email Address : security (at) soqor (dot) net [email concealed]

This Contains multible injections and vulnerabilities in Jetbox CMS

/*******************************

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()]

Author: Maksymilian Arciemowicz (cXIb8O3)

Date:

- - Written: 05.09.2006

- - Public: 09.09.2006

SecurityAlert Id: 42

CVE: CVE-2006-4625

SecurityRisk: High

Affected Software: P

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:163
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

Cross Context Scripting in Firefox Sage Extension.
http://www.gnucitizen.org/blog/cross-context-scripting-with-sage

This proves that Firefox Extensions can be as dangerous as random
flash or quicktime media files. Moreover, the POC provides a real
example of how RSS feed Hacking really works.

--

[ more ]  [ reply ]

Hi,

I recently tested an RSA SecurID SID800 Token
http://www.rsasecurity.com/products/securid/datasheets/SID800_DS_0205.pd
f

The token is bundled with some windows software designed to make
user's life easier. Interestingly, this software provides a function
which directly copies the current token

[ more ]  [ reply ]

Airscanner Mobile Security Advisory #06070101:

Abidia & OAnywhere (All versions)

Product:

Abidia & OAnywhere

Platform:

Tested on Windows Mobile Pocket PC 2005

Requirements:

Mobile device running Windows Mobile Pocket PC with Abidia & OAnywhere

Credits:

Seth Fogie

Airscanner Mobile

[ more ]  [ reply ]

Airscanner Mobile Security Advisory #06260602:

Pocket Expense Pro 3.9.1

Product:

Pocket Expense Pro 3.9.1

Platform:

Tested on Windows Mobile Pocket PC 2005

Requirements:

Mobile device running Windows Mobile Pocket PC with Pocket Expense Pro 3.9.1 installed

Credits:

Seth Fogie

Air

[ more ]  [ reply ]

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----

# mcNews v1.3 - Remote File Include Vulnerabilities

# site : http://www.comscripts.com/jump.php?action=script&id=845

# Script : mcNews v1.3

# Credits : ERNE

# Contact : erne (at) ernealizm (dot) com [email concealed] and irc.gigachat.net #kurdhack

# Than

[ more ]  [ reply ]

#### #### ## # ####

# # # # # # #

### #### # # # ###

# # # # ## #

#### # # # # ####

# ERNE ---- ERNEALİZM ---- BU ASK BiTMEZ----

# Akarru v0.4.3.34 - Remote File Include Vulnerabilities

# site : http://www.comscripts.com/jump.php?action=script&ipt

[ more ]  [ reply ]

It sees Following threads:

http://www.google.co.ve/search?hl=es&q=%22Powered+by+Wordpress+2.0.5%22&
meta=

Version 2.0.4 No Vulnerable.

perhaps there was a bad Interpretation in the version of Wodpress, but that is thus. One was thus.

[ more ]  [ reply ]

About:

Timesheet.php is a PHP application designed to keep track of the hours worked by multiple people on multiple projects. It allows users to log in through their web browser and manage the times that they are clocked on or clocked off.

Description:

A vulnerability can be found on the fi

[ more ]  [ reply ]

I. BACKGROUND

Yahoo! Inc. is an American computer services company with a mission to "be

the most essential global Internet service for consumers and businesses". It

operates an Internet portal, including the popular Yahoo! Mail. The global network of Yahoo! websites received

3.4 billion pag

[ more ]  [ reply ]

rPath Security Advisory: 2006-0166-1
Published: 2006-09-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
bind=/conary.rpath.com@rpl:devel//1/9.3.2_P1-0.1-1
bind-utils=/conary.rpath.com@rpl:devel//1/9.3.2_P1-0

[ more ]  [ reply ]

rPath Security Advisory: 2006-0165-1
Published: 2006-09-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Weakness
Updated Versions:
mailman=/conary.rpath.com@rpl:devel//1/2.1.6-14.2-1

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?na

[ more ]  [ reply ]

#====================================================================

#PhotoKorn Gallery => 1.52 (dir_path) Remote File Inclusion Exploit

#====================================================================

#

#Critical Level : Dangerous

#

#By Saudi Hackrz

#

#================================

[ more ]  [ reply ]

RISE-2006001

X11R6 XKEYBOARD extension Strcmp() buffer overflow vulnerability

Released: September 07, 2006

Last updated: September 07, 2006

INTRODUCTION

There exists a vulnerability within a string manipulation function of the X11R6

(X11R6.4 and lower) X Window System library, which when

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-343-1 September 07, 2006
bind9 vulnerabilities
CVE-2006-4095, CVE-2006-4096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.0

[ more ]  [ reply ]

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----

# News Evolution v3.0.3 - Remote File Include Vulnerabilities

# site : http://www.comscripts.com/jump.php?action=script&id=825

# Script : News Evolution v3.0.3

# Credits : ERNE

# Contact : erne (at) ernealizm (dot) com [email concealed] and irc.gigachat.net #

[ more ]  [ reply ]

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----

# ACGV News v0.9.1 - Remote File Include Vulnerabilities

# site : http://www.comscripts.com/jump.php?action=script&id=1420

# Script : ACGV News v0.9.1

# Credits : ERNE

# Contact : erne (at) ernealizm (dot) com [email concealed] and irc.gigachat.net #kurdhack

[ more ]  [ reply ]

Hello Bug Traq readers,

The Black Hat Briefings Japan '06 speakers have been selected. We received many presentations this year and we have chosen a broad sampling of topics facing security professionals today, with an emphasis on issues facing Asian Pacific region . The <http://www.blackhat.com/ht

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1171-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
September 7th, 2006

[ more ]  [ reply ]

Hi,

there's a severe vulnerability in the Linux kernel source code archives:

The Linux kernel is distributed as tar archives in the form of
linux-2.6.17.11.tar.bz2 from kernel.org. It is usually unpacked,
configured and compiled under /usr/src. Since installing a new kernel
requires root privileg

[ more ]  [ reply ]

Hi,
There are some sql injections in BLOG:CMS v4.1 (and maybe before versions) ,
which can be exploited by both users and non user visitors :

The "xagent", "xpath", "xreferer" and "xdns" parameters are not checked
properly before passed to sql query in /admin/plugins/NP_Log.php .

The "pitem" param

[ more ]  [ reply ]

Hi,
There are several sql injections in RunCMS 1.4.1 (and maybe before versions) :

The "uid" parameter in /class/sessions.class.php, is not checked correctly,
which can cause 2 sql injections .

Also, "timezone_offset" and "umode" parameters in /class/xoopsuser.php,
can make sql injections in 2 que

[ more ]  [ reply ]

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----

# WM-News v0.5 - Remote File Include Vulnerabilities

# site : http://www.comscripts.com/jump.php?action=script&id=203

# Script : WM-News v0.5

# Credits : ERNE

# Contact : erne (at) ernealizm (dot) com [email concealed] and irc.gigachat.net #kurdhack

# Th

[ more ]  [ reply ]