#######################################################################

Luigi Auriemma

Application: Quake 3 engine
http://www.idsoftware.com
http://www.icculus.org/quake3/
Versions: Quake 3 <= 1.32c
Icculus.

[ more ]  [ reply ]

Hi to all!

Because it isn't a new problem and is well known by virus and spyware
writters I decide to release to the public now. Full disclosure.

Attached goes a simple paper that describes this "very-advanced"
technique that was applicable at 1993 and is currently applicable.

Regards,
Joxean K

[ more ]  [ reply ]

Hello,

there's a XSS Bug in www.ICQ.com

http://www.icq.com/boards/atoz.php?letter=oOOoOooOOOoO%3Cscript%3Ealert%
28%27www.SR-Crew.de.tt%27%29%3C/script%3E

[ more ]  [ reply ]

===================================

Discovery By: CrAzY CrAcKeR

Site: www.alshmokh.com

I want to thank my friend:-

nono225-mHOn-rageh-LoverHacker-BoNy_m

Breeeeh-Rootshil-LiNuX_rOOt-SauDiVirUS

===================================

Example:-

/messages.php?id=[SQL]

==================

[ more ]  [ reply ]

Muts & I like to announce a new and stable release of "<< BackTrack".
This project i a merger out of two well known security penetration
testing focused linux live distributions (Whax and Auditor). After
hundreds of combined man hours, we can provide you with the finest
linux and windows tools on on

[ more ]  [ reply ]

There's a vulnerability in Timberland's search engine.

The variable 'keywords' in searchHandler/index.jsp is not correctly sanitized.

URL:

hxxp://www.timberland.com/searchHandler/index.jsp?keywords=[XSS Code]

Example:

hxxp://www.timberland.com/searchHandler/index.jsp?keywords=<script>aler

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2006-0001
Synopsis: VMware ESX Server Cross Site Scripting issue
VMware ESX 2.5.2 prior to upgrade p

[ more ]  [ reply ]

Hello.

This issue has been solved already and should not work since the whole log in system has been improved.

Thank you for sharing

[ more ]  [ reply ]

Yep.

I can confirm this for firefox 1.5.0.3 on ubuntu dapper amd64.

Filling a bug report

[ more ]  [ reply ]

#!/usr/bin/php -q -d short_open_tag=on

<?

echo "LifeType <= 1.0.4_r3270 SQL injection / admin credentials disclosure\r\n";

echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";

echo "site: http://retrogod.altervista.org\r\n";

echo "dork: \"Powered by LifeType\" \"RSS 0.90\" \"RSS 1.0\" \"RSS 2.0\" \"Valid XHT

[ more ]  [ reply ]

#!/usr/bin/php -q -d short_open_tag=on

<?

echo "DotClear <= 1.2.4 prepend.php/'blog_dc_path' arbitrary remote inclusion\r\n";

echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";

echo "site: http://retrogod.altervista.org\r\n\r\n";

echo "dork: \"propulsé par DotClear\" \"fil atom\" \"fil rss\" +commentaires\

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1089-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
June 3rd, 2006

[ more ]  [ reply ]

[MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability

------------------------------------------------------------------------
-------------

Software: dotWidget CMS

Version: <=1.0.6

Type: Remote File Include Vulnerability

Date: June, 2nd 2006

Vendor: dotWidget

[ more ]  [ reply ]

********************************************************************

*Title:

*phpBB2 Remote File Include

*

*

*Credit:

*Canberx

*

*

*Thanx:

*Forewer-Partizan

*

*

*Mail:

*canberx (at) linuxmail (dot) org [email concealed] www.canberx.tk

*

*

*Google Dork:

*Powered by phpBB © 2001, 2002 phpBB Group

*

*

*Expl

[ more ]  [ reply ]

# Title : LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability

# Author : ajann

#Vulnerability;

$$$ http://[target]/[path]/viewmsg.asp?msgid= SQL TEXT

$$$ Example:

http://[target]/[path]/viewmsg.asp?msgid=-1%20union%20select%20epass,0,0
,0,email,0,0,0,0,0

[ more ]  [ reply ]

This is not vulnerable,PHP-Nuke having a special in their files and when includes mainfile.php it overwrites the global variables and it caused to make an arbitrary file inclusion.

But in MyBloggie there is no common vulnerability like it.I checked all files and all versions did not see any vulnera

[ more ]  [ reply ]

the Blackhat agenda for USA 2006 session had just been published : URL
<http://www.blackhat.com/html/bh-usa-06/bh-usa-06-schedule.html>

The first remark is that this year, Blackhat USA, will be an incredible
briefing !

There will be several Zero day announcements. For example: Brendan
O'Connor

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1088-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
June 3rd, 2006

[ more ]  [ reply ]

Type: SQL Injection

Risk: Critical

Product: CoolForum <= 0.8.3 beta

********************************

Vulnerability

*************

// File: editpost.php

// Line 38

//

if(isset($_REQUEST['post'])) $post = intval($_REQUEST['post']);

else $post = 0;

--

// Line 77

//

$canedit = getrighte

[ more ]  [ reply ]

____________________ ___ ___ ________

\_ _____/\_ ___ \ / | \\_____ \

| __)_ / \ \// ~ \/ | \

| \\ \___\ Y / | /_______ / \______ /\___|_ /\_______ /

\/ \/ \/ \/

.OR.ID

ECHO_ADV_32$2006

----

[ more ]  [ reply ]