|
|
Colapse all |
Post message
TikiWiki Sql injection & XSS Vulnerabilities 2006-06-13 bug (at) securitynews (dot) ir [email concealed] (bug securitynews ir) [REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock. 2006-06-13 Reversemode (advisories reversemode com) Microsoft Kernel Object Manager is prone to a deadlock vulnerability which could be exploitable, making unkillable any desired process running on the affected machine. + Paper/Advisory -Reversing mrxsmb.sys, Chapter II "NtClose DeadLock" - (pdf) + Exploit Code (c source code) Both two can be down [ more ] [ reply ] blur6ex <= 0.3.462 'ID' blind sql injection 2006-06-12 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "blur6ex <= 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: \"powered by blur6ex\"\r\n\r\n"; /* works regardless of php.ini [ more ] [ reply ] # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. 2006-06-12 erne (at) ernealizm (dot) com [email concealed] (erne ernealizm com) Web-CMS <<--1.0 "print.php" SQL injection 2006-06-12 CrAzY CrAcKeR hotmail com ============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Sw33t h4ck3r Breeeeh-BoNy_m-Rootshill-LiNuX_rOOt-SauDiVirUs ============================================= Example:- /cms/print.ph [ more ] [ reply ] [REVERSEMODE ADVISORY] MS06-030 - Microsoft Mrxsmb.sys privilege escalation advisory 2006-06-13 Reversemode (advisories reversemode com) Microsoft Server Message Block Redirector Driver (mrxsmb.sys)does not verify user-mode buffer properly, allowing to any user to overwrite any desired memory address. The successful exploitation results in Ring0 code execution. + Paper/Advisory: -Reversing mrxsmb.sys. Chapter I "Getting Ring0"-(pd [ more ] [ reply ] iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow 2006-06-13 labs-no-reply (labs-no-reply idefense com) Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow iDefense Security Advisory 06.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities June 13, 2006 I. BACKGROUND Windows Media Player is a video and audio file player for Windows based systems. It supports mul [ more ] [ reply ] Re: Shoutpro 1.0 Version - Remote File Include Vulnerability 2006-06-13 Steven M. Christey (coley mitre org) # if ($path){ # $ips = file("$path/lists/bannedips.php"); # } else { # $ips = file("lists/bannedips.php"); # } # if (in_array($REMOTE_ADDR,$ips)) { # echo($bannedmessage); # die; There might be a terminology problem here. I don't see how this can be used to execute code. Yes, the file() call cou [ more ] [ reply ] iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS 2006-06-13 labs-no-reply (labs-no-reply idefense com) Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS iDefense Security Advisory 06.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities June 13, 2006 I. BACKGROUND Microsoft Windows Operating System is system software for Intel based PCs. More information can be found at t [ more ] [ reply ] iDefense Security Advisory 06.13.06: Microsoft Internet Explorer ART File Heap Corruption Vulnerability 2006-06-13 labs-no-reply (labs-no-reply idefense com) Microsoft Internet Explorer ART File Heap Corruption Vulnerability iDefense Security Advisory 06.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities June 13, 2006 I. BACKGROUND Internet Explorer is the web browser included in Microsoft Corp.'s Windows products. II. DESCRIP [ more ] [ reply ] ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability 2006-06-13 zdi-disclosures 3com com ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-017.html June 13, 2006 -- CVE ID: CVE-2006-2382 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 6 All Versions Internet Explorer 5 SP4 -- T [ more ] [ reply ] iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow 2006-06-13 labs-no-reply (labs-no-reply idefense com) Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow iDefense Security Advisory 06.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities June 13, 2006 I. BACKGROUND Microsoft Windows Operating System is system software for Intel based PCs. More information can be found [ more ] [ reply ] High Risk Vulnerability in Microsoft Windows RASMAN Service 2006-06-13 Peter Winter-Smith (peter ngssoftware com) Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in the Microsoft Windows Remote Access Connection Manager (RASMAN) service which (under certain versions of the OS) can allow a remote, anonymous attacker to gain complete control over a vulnerable system. The vulnerability [ more ] [ reply ] multiple Xss exploits in 35mmslidegallery V6 2006-06-13 black code (black-cod3 hotmail com) multiple Xss exploits in 35mmslidegallery V6 forum type : 35mmslidegallery V6 bug found by : black-code team : $!T3-D0WN type : Xss #################################################### exploits : http://example.com/lumet/album/index.php?imgdir='><script>alert(10)</scr ipt> http://example.comr/lum [ more ] [ reply ] SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution 2006-06-13 research symantec com VBZooM <<--V1.01 "language.php" SQL injection 2006-06-13 CrAzY CrAcKeR hotmail com ============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Sw33t h4ck3r Breeeeh-BoNy_m-Rootshill-LiNuX_rOOt-SauDiVirUs ============================================= Example:- /language.php [ more ] [ reply ] [SECURITY] [DSA 1096-1] New webcalendar packages fix arbitrary code execution 2006-06-13 joey infodrom org (Martin Schulze) VBZooM <<--V1.11 "subject.php" SQL injection 2006-06-13 CrAzY CrAcKeR hotmail com ============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Sw33t h4ck3r Breeeeh-BoNy_m-Rootshill-LiNuX_rOOt-SauDiVirUs ============================================= Example:- /subject.php? [ more ] [ reply ] VBZooM <<--V1.02 "meaning.php" SQL injection 2006-06-13 CrAzY CrAcKeR hotmail com ============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Sw33t h4ck3r Breeeeh-BoNy_m-Rootshill-LiNuX_rOOt-SauDiVirUs ============================================= Example:- /meaning.php? [ more ] [ reply ] VBZooM <<-- V1.11 "show.php" SQL injection 2006-06-13 CrAzY CrAcKeR hotmail com ============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Sw33t h4ck3r Breeeeh-BoNy_m-Rootshill-LiNuX_rOOt-SauDiVirUs ============================================= Example:- /show.php?Use [ more ] [ reply ] Simpnews <= All version - Remote File Include Vulnerabilities 2006-06-13 SpC-x Bsdmail Org (1 replies) # SaVSaK.CoM | SpC-x - The-BeKiR | # Simpnews <= All version - Remote File Include Vulnerabilities # Risk : High # Class: Remote # Script : Simpnews # Credits : SpC-x - The-BeKiR # Thanks : Ejder - FasTBoY - ERNE - RMx # Code : # require_once($path_simpnews.'/langchk.php'); [ more ] [ reply ] Re: Simpnews <= All version - Remote File Include Vulnerabilities 2006-06-13 str0ke (str0ke milw0rm com) |
|
Privacy Statement |
[#] Security Advisory
[^] http://securitynews.ir/
[>] Advisory Title: TikiWiki Sql injection & XSS Vulnerabilities
[@] Author : bug [@] securitynews.ir
[$] Product Vendor : http://tikiwiki.org/
[.] Affected Versions : 1.9.3.2 (and may
[ more ] [ reply ]