SecurityFocus

Plume CMS Remote File Include 2006-05-26
beford (xbefordx gmail com)

Vendor: Plume CMS http://plume-cms.net
Vuln: Remote File Include
Discovered: beford <xbefordx gmail com>

Vulnerable File/Code

./plume-1.0.3/manager/frontinc/prepend.php

[code]
include_once $_PX_config['manager_path'].'/conf/config.php';
[/code]

http://urlanda.org/manager/frontinc/prepend.php?_P

[ more ] [ reply ]

RE: Realty Pro One Property Listing Script 2006-05-25
Krpata, Tyler (tkrpata bjs com)

Isn't the SQL injection vulnerability a bit more critical here?

-----Original Message-----
From: luny (at) youfucktard (dot) com [email concealed] [mailto:luny (at) youfucktard (dot) com [email concealed]]
Sent: Tuesday, May 23, 2006 7:39 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Realty Pro One Property Listing Script

Realty Pro One

http://realtypro1.

[ more ] [ reply ]

Multiple XSS Vulnerabilities in Tikiwiki 1.9.x 2006-05-25
blwood skynet be

Multiple XSS Vulnerabilities in Tikiwiki 1.9.x

Discovered by Blwood

http://www.blwood.net

** Public **

-------------

Tiki-lastchanges

http://www.site.com/tiki-lastchanges.php?days=3&offset=%22%3E%3Cscr%3Csc
ript%3Eipt%3Ealert('Blwood')%3C/scr%3C/script%3Eipt%3E

ht

[ more ] [ reply ]

my Web Server << v-1.0 Denial of Service Exploit 2006-05-25
s3rv3r_hack3r yahoo com

#!/usr/bin/perl

#my Web Server << v-1.0 Denial of Service Exploit

#vendor : Eitsop.s5.com

use IO::Socket;

use strict;

my($socket) = "";

if($socket = IO::Socket::INET->new(

PeerAddr => $ARGV[0],

PeerPort => $ARGV[1],

Proto => "TCP"))

[ more ] [ reply ]

Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities 2006-05-25
ajannhwt hotmail com

ENGLISH

# Title : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Author : ajann

# Exploit;

SQL INJECTİON--------------------------------------------------------

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT

###http://[target]/[path]/forum_se

[ more ] [ reply ]

[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability 2006-05-25
admin majorsecurity de

[MajorSecurity]Socketmail <= 2.2.6 - Remote File Include Vulnerability

--------------------------------------------------------

Software: Socketmail

Version: <=2.2.6

Type: Remote File Include Vulnerability

Date: May, 25th 2006

Vendor: Creative Digital Resources

Page: http://sock

[ more ] [ reply ]

qjForum(member.asp) SQL Injection Vulnerability 2006-05-25
ajannhwt hotmail com

Pls qjForum to Register and Log İn

# Title : qjForum(member.asp) SQL Injection Vulnerability

# Author : ajann

# Dork : "qjForum"

# Exploit;

SQL--------------------------------------------------------

### http://target/[path]/member.asp?uName='union%20select%200,0,0,us

[ more ] [ reply ]

phpjobboard Authecnical admin byPass 2006-05-25
alp_eren ayyildiz org

SOFTWARE

==========

phpjobboard

DESCRIPTION:

============

job board administration bypass, and edit or add to new job.

example

http://[target]/phpjobboard or your path/admin.php?menu=job&adminop=job-edit&id=[item id]

============================================

greets iskorpitx(best

[ more ] [ reply ]

XSS Vulnerability on www.my6d.com Connection Work System 2006-05-25
spymeta yahoo com

XSS (Cross Site Scripting) on My6D Connection Work System.

We Can Run JScript & HTML Codes & META Tags etc...

Example :

http://www.my6d.com/Plugins/SixDegreeMain/MainLogin.aspx?error=<script>a
lert('SPYMETA%20WAS%20HERE%20!')</script>

We Can Direct The Page Our Hacked Index....

Example

[ more ] [ reply ]

Toasts Forums 1.6.44 in Xss 2006-05-25
ajannhwt hotmail com

ENGLISH

# Title : Toast Forums 1.6.44 in Xss

# Author : ajann

# Exploit;

XSS Example

### Forum Post Message,Reply..

<IMG onmouseover=Javascript:alert(document.domain) src="x.gif">

Alert: xxx.com /

# ajann,Turkey

TURKISH

# Baslık : Toast Forums 1.6

[ more ] [ reply ]

Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities 2006-05-25
ajannhwt hotmail com

ENGLISH

# Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

# Dork : "Copyright 2004 easy-content forums"

# Author : ajann

# Exploit;

SQL INJECTİON--------------------------------------------------------

### http://[target]/[path]/userview.asp?startlet

[ more ] [ reply ]

XSS in Monster Top List | MTL 1.4 2006-05-25
V8f3 hotmail com

XSS in Monster Top List | MTL 1.4

---------------------------------

Software :

Monster Top List

---------------------------------

version :

Monster Top List 1.4

---------------------------------

Exploit :

www.site.com/index.phpuser_error_message=[XSS-CODE]

------------

[ more ] [ reply ]

Docebo LMS 2.05 Remote File Include 2006-05-25
beford (xbefordx gmail com)

Vulnerable Script: Docebo LMS 2.05
Discovered: beford <xbefordx gmail com>

Noobs: %22Based+on+DoceboLMS+2.0%22

Vulnerable Files

doceboLMS205/modules/credits/business.php =>
include($_GET['lang'].'/language.php');

doceboLMS205/modules/credits/credits.php =>
include($_GET['lang'].'/language.php');

[ more ] [ reply ]

XSS in Omegasoft's Insel 2006-05-26
MC Iglo (mc iglo ddclan de)

Hi together,

This also works on serveral web-pages of this product.
http://host/OmegaMw7a.ASP?WCI=Logon&WCE=0;<script>alert(unescape(documen
t.cookie));</script>
There might be some ways for SQL-Injection, too, but i am not willing
to try this at the real system :)

Vendor notified as CC

regards
MC

[ more ] [ reply ]

Re: Sun single-CPU DOS 2006-05-24
Mike O'Connor (mjo dojo mi org)

:Sun says it is jabber, which is why I put it quotes. Since they have not
:replicated in lab, they are jumping to conclusions. Yes, I agree,
:it is very specific and the backline engineer usage appears 'stretching things'
Most Sun adapters have an actual jabber counter that netstat -k will
spew out

[ more ] [ reply ]

Re: Sun single-CPU DOS 2006-05-24
Mike O'Connor (mjo dojo mi org)

:Beyond netstat -k, you can probably use lockstat or other kernel
:profiling tools as I mentioned in my earlier post to give them a
:good idea of where the bug really is. Interrupt issues aren't
:always going to be cut and dried. There could be some particular
:flavor of IOS, network adapter, me

[ more ] [ reply ]

Re: Kaspersky antivirus 6: POP3 state machine error 2006-05-26
denisov_vit mail ru

There is no vulneability.

POP3 antivirus is not developed for counteraction of trojan-downloaders. These actions are stopping by firewalls (for example, Kaspersky Internet Security 6.0: Anti-Hacker), proactive defence (Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0: Proactive Defence)

[ more ] [ reply ]

[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution 2006-05-26
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1075-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
May 26th, 2006

[ more ] [ reply ]

ASLR now built into Vista 2006-05-26
David Litchfield (davidl ngssoftware com) (1 replies)

Address Space Layout Randomization is now part of Vista as of beta 2 [1] . I
wrote about ASLR on the Windows platform back in September last year [2] and
noted that unless you rebase the image exe then little (not none!) is added.
ASLR in Vista solves this so remote exploitation of overflows has

[ more ] [ reply ]

Re: [Full-disclosure] ASLR now built into Vista 2006-05-26
c0ntex (c0ntexb gmail com)

[BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2 2006-05-25
bugtraq morph3us org

[BuHa-Security] DoS Vulnerability in MS IE 6 SP2 2006-05-25
bugtraq morph3us org (1 replies)

Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2 2006-05-26
ad (at) heapoverflow (dot) com [email concealed] (ad heapoverflow com)

V-Webmail 1.6.4 Remote File Include 2006-05-25
beford (xbefordx gmail com)

Script: V-Webmail 1.6.4
Vendor: http://www.v-webmail.org/
Description: V-webmail is a powerful PHP based webmail application with an
abundance of features, including many innovative ideas for web applications
Discovered: beford <xbefordx gmail com>
Vulnerable File

v-webmail/includes/pear/*/*.php =>

[ more ] [ reply ]

Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv 2006-05-26
Steven M. Christey (coley mitre org)

Webmaster at destiney said:

> I pasted the following example XSS code into both form fields, and saw
> no evidence of XSS vulnerabilities:
>
> <DIV STYLE="background-image: url(javascript:alert('XSS'))">

According to the XSS cheat sheet at http://ha.ckers.org/xss.html,
STYLE attributes in DIV ta

[ more ] [ reply ]

[SECURITY] [DSA 1077-1] New lynx-ssl packages fix denial of service 2006-05-26
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1077-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
May 26th, 2006

[ more ] [ reply ]

[SECURITY] [DSA 1076-1] New lynx packages fix denial of service 2006-05-26
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1076-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
May 26th, 2006

[ more ] [ reply ]

TSLSA-2006-0030 - multi 2006-05-26
Trustix Security Advisor (tsl trustix org)

RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. 2006-05-26
ennead (at) truecrypt (dot) org [email concealed] (ennead truecrypt org)

Hello,

This is an official response from the TrueCrypt development team.

First, this is not a security bug. It is a known, documented and
expected feature. It is utilized, for example, for the volume header
backup/restore operation.

Quotes from the TrueCrypt documentation:

"WARNING: Restoring

[ more ] [ reply ]