|
|
Colapse all |
Post message
[ MDKSA-2006:122 ] - Updated php packages fix multiple vulnerabilities 2006-07-13 security mandriva com [USN-318-1] libtunepimp vulnerability 2006-07-13 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-318-1 July 13, 2006 libtunepimp vulnerability http://bugs.musicbrainz.org/ticket/1764 =========================================================== A security issue affects the following Ubuntu releas [ more ] [ reply ] Orbitmatrix PHP Script v1.0 2006-07-13 luny youfucktard com Orbitmatrix PHP Script v1.0 Homepage: http://www.orbitcoders.com/ Affected files: index.php Possible SQL injection?: http://www.example.com/index.php?page_name=' And by trying a XSS vuln as shown below on page_name we see the query below which is displayed on screen: http://www.exa [ more ] [ reply ] [USN-317-1] zope2.8 vulnerability 2006-07-13 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-317-1 July 13, 2006 zope2.8 vulnerability CVE-2006-3458 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 This advisor [ more ] [ reply ] SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution 2006-07-12 research symantec com [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities 2006-07-13 matdhule gmail com ECHO_ADV_38$2006 ------------------------------------------------------------------------ ----------------------- [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities ------------------------------------------------------------------------ --------------------- [ more ] [ reply ] [ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability 2006-07-12 security mandriva com NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability 2006-07-12 NSFOCUS Security Team (security nsfocus com) NSFOCUS Security Advisory (SA2006-05) Microsoft Excel SELECTION Record Memory Corruption Vulnerability Release Date: 2006-07-12 CVE ID: CVE-2006-1302 http://www.nsfocus.com/english/homepage/research/0605.htm Affected systems & software =================== Microsoft Excel 2000 Microsoft Excel 2 [ more ] [ reply ] Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. 2006-07-12 Amelie (amelie not-noticeably net) Hi there, I would like to point out that the security vulnerability quoted below (and seen here: http://archives.neohapsis.com/archives/bugtraq/2006-06/0234.html - submitted to bugtraq on June 12, 2006) concerning the CodeGrrl.com script, PHPAskIt, is incorrect. I am the author of this script a [ more ] [ reply ] Re: WordPress 2.0.3 SQL Error and Full Path Disclosure 2006-07-12 zck zck (zckzck gmail com) (1 replies) Isn't this actually an SQL Injection rather than information leakage? Try : http://localhost/wordpress/index.php?paged=%27 I mean, the error message (this time in English) is: WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server ve [ more ] [ reply ] RE: WordPress 2.0.3 SQL Error and Full Path Disclosure 2006-07-13 Aaron Newman (aaroncharlesnewman yahoo com) New CVE number states Excel Style handling as a separate issue 2006-07-11 Juha-Matti Laurio (juha-matti laurio netti fi) New CVE document http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3431 published recently confirms the information that Microsoft Excel Style handling vulnerability aka Nanika.xls issue is a separate vulnerability. This vulnerability mentioned affects only to Simplified Chinese, Traditional C [ more ] [ reply ] NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability 2006-07-12 NSFOCUS Security Team (security nsfocus com) NSFOCUS Security Advisory (SA2006-06) Microsoft Excel COLINFO Record Buffer Overflow Vulnerability Release Date: 2006-07-12 CVE ID: CVE-2006-1304 http://www.nsfocus.com/english/homepage/research/0606.htm Affected systems & software =================== Microsoft Excel 2000 Microsoft Excel 2002 M [ more ] [ reply ] Lazarus Guestbook Cross Site Scripting Vulnerabilities 2006-07-12 simo64 gmail com Produce : Lazarus Guestbook Website : http://carbonize.co.uk/Lazarus/ Version : <= 1.6 Problem : Cross Site Scripting 1) The first probleme is in codes-english.php ,"show" parameter in lang/codes-english.php isn't properly sanitised This can be exploited to execute arbitrary HTML and javasc [ more ] [ reply ] TOPo v.2.2.178 Account Reset 2006-07-12 darkz gsa gmail com TOPo v.2.2.178 Account Reset Author: Attila Gerendi (Darkz) Date: July 12, 2006 Package: TOPo (http://ej3soft.ej3.net/) Versions Affected: 2.2.178 (Other versions may also be affected.) Severity: Password Reset Description: It is possible to overide an existing entry posting a new entr [ more ] [ reply ] NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability 2006-07-12 NSFOCUS Security Team (security nsfocus com) NSFOCUS Security Advisory (SA2006-04) Microsoft Office GIF Filter Buffer Overflow Vulnerability Release Date: 2006-07-12 CVE ID: CVE-2006-0007 http://www.nsfocus.com/english/homepage/research/0604.htm Affected systems & software =================== Microsoft Office 2000 Microsoft Office XP Micr [ more ] [ reply ] FLV Players Multiple Input Validation Vulnerabilities 2006-07-12 xzerox linuxmail org Produce : FLV Players 8 Website : http://www.videospark.com [+] Fullpath Disclosure : 1) http://localhost/flv8/paginate.php Fatal error: Class simplepagemaker: Cannot inherit from undefined class object in /var/www/zero/httpdocs/flv8/paginate.php on line 45 2) http://localhost/flv8/play [ more ] [ reply ] [ MDKSA-2006:117-1 ] - Updated libmms packages fix buffer overflow vulnerability 2006-07-12 security mandriva com Microsoft Excel Array Index Error Remote Code Execution 2006-07-12 Sowhat (smaillist gmail com) Microsoft Excel Array Index Error Remote Code Execution By Sowhat of Nevis Labs 2006.07.11 http://www.nevisnetworks.com http://secway.org/advisory/AD20060711.txt Vendor Microsoft Inc. Products affected: Microsoft Office 2000 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Office 20 [ more ] [ reply ] RE: Old vulnerable sotwares collection 2006-07-10 John Rigali (jrigali verbumdei us) Older versions of various freely distributable programs can be found at OldVersion.com (http://www.oldversion.com/). ---------- John Rigali Information Technology Coordinator Verbum Dei High School http://www.verbumdeihs.com/ Working in the Jesuit Tradition -----Original Message----- From: Jerome [ more ] [ reply ] SMB Information Disclosure Vulnerability 2006-07-11 Avert avertlabs com ________________________________________________________________________ _______ McAfee, Inc. McAfee® Avert® Labs Security Advisory Public Release Date: 2006-07-11 SMB Information Disclosure Vulnerability CVE-2006-1315 ______________________________________________________________________ [ more ] [ reply ] rPSA-2006-0128-1 samba samba-swat 2006-07-11 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0128-1 Published: 2006-07-11 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: samba=/conary.rpath.com@rpl:devel//1/3.0.23-1-0.1 samba-swat=/conary.rpath.com@rpl:devel//1/3.0.23-1-0. [ more ] [ reply ] |
|
Privacy Statement |
----- Flatnuke 2.5.7 arbitrary file upload / remote code execution -------------
software:
site: http://www.flatnuke.org/
------------------------------------------------------------------------
--------
if user Gallery uploads are enabled (not the default) you can go to:
[ more ] [ reply ]