|
|
Colapse all |
Post message
Re: PHP security (or the lack thereof) 2006-06-19 flaps dgp toronto edu (Alan J Rosenthal) >For example, allowing users to upload and execute any C executable file to a >public web server can prove to be quite dangerous. > >I think the same can be said for allowing PHP on a public web server, you >have just allowed anyone with a website to compromise the entire machine. I think the relev [ more ] [ reply ] Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc. 2006-06-19 brian phorum org This is a bogus report. Please mark it as such or remove it. This so called exploit is nothing but an attemtpt to defame the name of Phorum. 1. common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phor [ more ] [ reply ] Re: file include exploits in nucleus 3.23 2006-06-17 nukedx nukedx com These files are not vulnerable, I checked the codes of them and i see that for action.php, include('./config.php'); // common functions include_once($DIR_LIBS . 'ACTION.php'); media.php, include('../config.php'); include($DIR_LIBS . 'MEDIA.php'); // media classes server.php-> include( [ more ] [ reply ] Bypassing of web filters by using ASCII 2006-06-21 k huwig iku-ag de (1 replies) Opera 9 DoS PoC 2006-06-21 N9 critical lt Critical Security advisory #009 [http://www.critical.lt] Advisory can be reached: http://www.critical.lt/?vuln/349 We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas Shouts to Lithuanian girlz! and our friends ;] Product: Opera 9 (8.x is immune to this) Vuln type: Denial of Service [ more ] [ reply ] JEdit ActiveX Control Information Disclosure vulnerability 2006-06-21 bulten srlabs net JEdit ActiveX Control Information Disclosure vulnerability Publish Date: July 17, 2006 Status: SRLabs.net contacted with the vendor at July 7 2006 to request security contact for sending information about vulnerability but couldn't get any response yet Vendor: Jaguarsoft (http://www.jag [ more ] [ reply ] Excel 0-day FAQ updated with Microsoft advisory information 2006-06-21 Juha-Matti Laurio (juha-matti laurio netti fi) Microsoft Excel 0-day Vulnerability FAQ document at SecuriTeam Blogs has been updated with information included to related Microsoft Security Advisory. Updates included to Revision History too. Additionally, my research say there was sample available as early as 12th June. TrendMicro TROJ_EMBED.AN [ more ] [ reply ] [ MDKSA-2006:108 ] - Updated xine-lib packages fix buffer overflow vulnerabilities 2006-06-21 security mandriva com [ MDKSA-2006:107 ] - Updated arts packages fix vulnerability in artswrapper 2006-06-21 security mandriva com Sendmail MIME DoS vulnerability 2006-06-20 Jain, Siddhartha (Siddhartha Jain kla-tencor com) Hi, I am trying to understand how the below mentioned sendmail vulnerability. http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc The description says that the DoS occurs when sendmail goes in a deeply nested malformed MIME message and uses the MIME 8-bit to 7-bit conversion function [ more ] [ reply ] ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code) 2006-06-20 mbrooks kliconsulting com Ultimate PHP Board v. 1.9.6 GOLD Current Security Advisory [Vulnerability List Affecting Ultimate PHP Board =>1.96 GOLD] Multiple Issues Resulting In Remote Code Execution Private Key Collision Generator Decryption/Encryption without brute force Insecure Session Management NON-SQ [ more ] [ reply ] RahnemaCo "page.php" Remote File Inclusion[2] 2006-06-17 CrAzY CrAcKeR hotmail com ======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r ======================================== Example:- /shop/page.php?pageid=http://site/ [ more ] [ reply ] Module's Name Content<<--V1.0 SQL injection 2006-06-17 CrAzY CrAcKeR hotmail com ======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r ======================================== Example:- /modules.php?name=Content&pa=list_ [ more ] [ reply ] Module's Name Downloads <<--V 7 SQL injection 2006-06-17 CrAzY CrAcKeR hotmail com ============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r ============================================= Example:- /modules.php?name=Downlo [ more ] [ reply ] [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities 2006-06-20 admin majorsecurity de [MajorSecurity #18] Ralf Image Gallery <= - Multiple XSS, Remote File Include and directory traversal vulnerabilities ---------------------------------------------- Software: RIG[Ralf Image Gallery] Version: <=0.7.4 Type: Cross site scripting + remote file include + directory traversal [ more ] [ reply ] vBulletin<<--v3.5.X "member.php" Cross Site Scripting 2006-06-20 CrAzY CrAcKeR hotmail com ============================================= Discovered By: CrAzY CrAcKeR Site: www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r ============================================= Example:- /vb/member.php?u=[XSS] [ more ] [ reply ] display.cgi 2006-06-20 soltan_defacer yahoo com #################### Azhteam Digital Security Team ###################### ############################################## Abrior's Encore WebForum ( display.cgi ) Find by : soltan_defacer www.azhteam.com # Greetings; s.defacer - azhteam - lvl3hr - edi.programe ######################## [ more ] [ reply ] trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows 2006-06-20 Martin Herfurt (martin herfurt trifinite org) trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows (TRSA00001) http://trifinite.org/trifinite_advisory_toshiba.html Author: Martin Herfurt <martin.herfurt (at) trifinite.org> Organization: trifinite.org Web: http://trifinite.org/ Summary This advisory describes [ more ] [ reply ] |
|
Privacy Statement |
Site:http://eduha.forever.kz/
Demo:http://nextlevel.astrakhan.ru/meeting/
----------------------------------------------------
Example:
http://victim/path/index.php?act=add
add photo(upload php phpshell)
Bug Video: http://www.biyosecu
[ more ] [ reply ]