-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:092
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

We appreciate your comments,

Did you check truecrypt video ? http://www.safehack.com/Advisory/truecrypt/truecrypt.html

We are not saying maybe it is documented feature. We did not see that and the objective was not to test truecrypt but it was to test pgp. It was a trial on truecrypt and we report

[ more ]  [ reply ]

Homepage:

http://www.tuttophp.altervista.org/morrisguest-ing.htm

Description:

Morris Guestbook is a text-based guestbook with the following features: Data storing on text file, paging of messages on screen, words crypting, counting of inserted messages, blockage of messages with both html tag

[ more ]  [ reply ]

Homepage:

http://www.tuttophp.altervista.org/smileguest-ing.htm

Description:

Smile Guestbook is a cool text-based guestbook with smilies inserting and other features below

Effected files:

view.php

An XSS attack is possible due to no filtering of pagina variable:

http://www.example.com

[ more ]  [ reply ]

Homepage:

http://www.tuttophp.altervista.org/main.php

Description:

Text-based guestbook with the following features: - Data storing on text file - Paging of messages on screen - Blockage of messages with words too long into - Blockage of messages with both html tags(<>) - Validity-checking of e

[ more ]  [ reply ]

MyYearBook.com - Personal community site like myspace.com

Effected files:

Input forms of:

editing profile

posting a blog

search boxes

posting a bulletin

posting a comment

---------------------------

XSS Vulnerabilities proof of concept:

When editing your profile, it seems <scri

[ more ]  [ reply ]

I forgotten to say that IE6 SP2 is not affected.

[ more ]  [ reply ]

I've successfully tested in english version of Windows XP pro SP2 with IE 6.

it's very strange...

2006/5/25, r0xes <r0xes.ratm (at) gmail (dot) com [email concealed]>:
> Nope. Also, doesn't work on WinXP Home Sp2 with IE 6.
> => Maybe it is only Windows ___yourlanguage__ ?
>
>
> On 5/24/06, unknown user < mac68k (at) gmail (dot) com [email concealed]>

[ more ]  [ reply ]

Vacation Retal Script v1.0

Homepage:

http://www.vacationrentalscript.com/

Description:

Vacation Rentals is the best solution for your vacation rental online business. It?s easy to install, easy to use, provides lots of features and option details. Just check the online demo and convince your

[ more ]  [ reply ]

Super Link Exchange Script v1.0

Homepage:

http://www.ebizunion.com/guidetosuper.php

Description:

Main Features: 1. Add unlimited nested category/sub-category, 2. Can check reciprocal link back, 3. Can hide and delete no link back sites. 4. Template can be edited and suitable to fit your curr

[ more ]  [ reply ]

PHPSimple Choose v0.3

Homepage:

http://phpsimplechoose.sourceforge.net

Description:

Do you need to add some fun to your site? Look no further. With PHPSimpleChoose you can let your users input terms and have one randomly choosen. Every bit of text is changeable, and we are working on al

[ more ]  [ reply ]

iBoutique.MALL

Homepage: http://www.netartmedia.net/mall/

Description:

Based on iBoutique 4.0, iBoutique.MALL is a powerful multi user mall software solution. It makes possible for the new vendors to signup and create their own customized online stores with ease.

Effected files: index.php

[ more ]  [ reply ]

Some link on the website Vodafone.de contains

a little vulnerability that could be used for

illegal purposes.

It could be used for phishing or other purposes.

hxxp:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]

hxxps:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]

Actual

[ more ]  [ reply ]

rPath Security Advisory: 2006-0080-1
Published: 2006-05-24
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Local System User Deterministic Vulnerability
Updated Versions:
postgresql=/conary.rpath.com@rpl:devel//1/8.1.4-1-0.1
postgresql-server=/conary.rpath.com@rpl:d

[ more ]  [ reply ]

There is nothing to fix here, there is no vulnerability. Please visit the following post from the official Kaspersky Lab forum: http://forum.kaspersky.com/index.php?showtopic=14734&view=findpost&p=120
857

[ more ]  [ reply ]

i disable my all of IE plugins and restart IE and test again.
but, exploit worked.

how about refresh the exploit page, and retry click on exploit page?

p.s do you using any antivirus program? if you do, how about disable
antivirus program, and retry click on exploit page?

2006/5/25, s89df987 s9f8

[ more ]  [ reply ]

Here is some information about the issue with PGP and Truecrypt. We cannot speak for the Truecrypt people, but much of the explanation applies to their software as well as ours.

We are disappointed that the people who developed this report released it in a web site and on bugtraq before contactin

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security/ http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

do you click on the exploit page?

if you don't, you must click on the exploit page.
also, if you run this exploit in local, must activate active content.

but if you do(and doesn't crashed), how about refresh the exploit
page, and retry click on exploit page?

i think it will be work.

2006/5/25, r

[ more ]  [ reply ]

Advisory : Cross Site Scripting in Seditio (http://www.neocrome.net)

Release Date : 24/05/2005

Last Modified : 24/05/2005

Author : Yunus Emre Yilmaz ( http://yns.zaxaz.com)

Application : Seditio v102 ( maybe older versions)

Risk : Critical

Problem :

Ldu's logging

[ more ]  [ reply ]

This bug was not discovered by SnoB[http://www.cyber-security.org] !!!!!!!!!

It was posted long before yours and has the same description and input examples. Seems like you have stolen it. That's really lame!

Here are the original issues:

(Take a look on the release date)

http://www.secur

[ more ]  [ reply ]

This is not vulneability because KIS includes firewall for breaking of self-made downloaders :)

[ more ]  [ reply ]

ENGLISH

# Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

# Dork : "Copyright 2004 easy-content forums"

# Author : ajann

# Exploit;

SQL INJECTİON--------------------------------------------------------

### http://[target]/[path]/userview.asp?startlet

[ more ]  [ reply ]

Assetman <= 2.4a XSS

Discovered by: Nomenumbra

Date: 23/5/2006

impact:moderate (privilege escalation,possible defacement)

Assetman doesn't filter any of it's input, allowing users

to inject arbitrary HTML or javascript code.

Nomenumbra

[ more ]  [ reply ]

ByteHoard <= 2.1 multiple vulnerabilities

Discovered by: Nomenumbra

Date: 23/5/2006

impact:high (file manipulation,privilege escalation,possible defacement)

ByteHoard versions up to 2.1 are prone to multiple vulnerabilities, including directory traversal.

[0x00] Directory traversal:

Us

[ more ]  [ reply ]

PHP AGTC-Membership system <= v1.1a XSS

Discovered by: Nomenumbra

Date: 23/5/2006

impact:moderate (privilege escalation,possible defacement)

Ordinary users can add users to the user management system as well,

or change their own email address, which isn't properly sanitized, thus

allowing

[ more ]  [ reply ]

PHPResidence <= 0.6 XSS

Discovered by: Nomenumbra

Date: 23/5/2006

impact:moderate (privilege escalation,possible defacement)

PHP Residence software doesn't sanitize any of it's input,

allowing a malicious attacker (providing he/she has an account)

to inject arbitrary HTML or javascript cod

[ more ]  [ reply ]