|
|
Colapse all |
Post message
Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow 2006-04-24 Kaveh Razavi (c0d3r ihsteam com) ******************************************** IHS Iran Homeland Security Public advisory by : c0d3r "Kaveh Razavi" c0d3r (at) ihsteam (dot) com [email concealed] ******************************************** Title : Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow ************************************** [ more ] [ reply ] RE: [BULK] - Websense Filter Bypass 2006-04-21 John E. Fleming (John parcassets com) We did a test as well and were still blocked. Simply add a "?" question mark correct? We put www.ibm.com in the "uncategorized" category as a test. Websense version we are using is 6.1 We block uncategorized and allow dynamic. John -----Original Message----- From: Hubbard, Dan [mailto:dhubbard@w [ more ] [ reply ] ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS 2006-04-22 ntwak0 safehack com ######################################################################## ###### ######################################################################## ###### ################# ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ################ ############################################################### [ more ] [ reply ] Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability. 2006-04-22 Mustafa Can Bjorn IPEKCI (nukedx nukedx com) --Security Report-- Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 22/04/06 13:37 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: MyGamingLadd [ more ] [ reply ] vbulletin<--3.0.x SQL Injection 2006-04-23 CrAzY CrAcKeR hotmail com >>>>>>>>>>>>>----------------------------<<<<<<<<<<<<< foud by:::.CrAzY CrAcKeR..:::..alshmokh team..::: Site: http://www.alshmokh.com nono225-mHOn-rageh-port-LoVeR HaCkEr-Breeeeh-LiNuX-r00t >>>>>>>>>>>>>-----------------------------<<<<<<<<<<<<< ----example: http://www.target.com/vb/calendar.php?a [ more ] [ reply ] VWar Path Disclosure 2006-04-23 arko dhar gmail com SUMMARY : VWar is is a clan management system. It stores all clan members details. Logs match results and keeps track of upcomming matches. Using the links under the Vwar menu, you can view all clan members, view upcomming matches, view previous results, view clan statistics and members can log int [ more ] [ reply ] Firefox Remote Code Execution and DoS 1.5.0.2 2006-04-24 chris splices org --------------------------------------------------- Software: Firefox Web Browser Tested: Linux, Windows clients' version 1.5.0.2 Result: Firefox Remote Code Execution and Denial of Service - Vendor contacted, no patch yet. Problem: A handling issue exists in how Firefox handles certain Jav [ more ] [ reply ] Apple Mac OS X Safari 2.0.3 Vulnerability 2006-04-24 security slashdot ch (1 replies) Apple Mac OS X Safari 2.0.3 Vulnerability ========================================= Release Date: April 23th, 2006 Vendor: Apple Computer Inc. Tested on: iBook G4 1.2 GHz with Mac OS X 10.4.5 (Build 8H14) + all Updates from Apple except "10.4.6 Update" iBook G4 1.33 GHz with Mac OS X 10.4.6 (Bu [ more ] [ reply ] Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. 2006-04-23 Mustafa Can Bjorn IPEKCI (nukedx nukedx com) --Security Report-- Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 23/04/06 21:07 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: Clansys (http://www.clansys.de.vu/) Ve [ more ] [ reply ] [MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability 2006-04-23 admin majorsecurity de [MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability -------------------------------------------------------- Software: TotalCalendar Version: 2.30 Type: Remote File Include Vulnerability Date: April, 23th 2006 Vendor: SweetPHP Page: http://sweetphp.com Risc: High Credits: ----- [ more ] [ reply ] BK Forum <= 4.0 Remote SQL Injection 2006-04-23 n0m3rcy bsdmail org # BK Forum <= 4.0 Remote SQL Injection # by n0m3rcy # Copyright (c) 2006 n0m3rcy <n0m3rcy (at) bsdmail (dot) org [email concealed]> # Exploit: First you must be logged in Then type this in your browser http://www.site.com/path/member.asp?id=-1%20UNION%20SELECT%201,memName,3 ,4,5,6,7,8,9,10,11,memPassword,13,14,15,16%20FROM%20m [ more ] [ reply ] [MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability 2006-04-24 admin majorsecurity de [MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability -------------------------------------------------------- Software: phpMyAgenda Version: 3.0 Final Type: Remote File Include Vulnerability Date: April, 24th 2006 Vendor: phpMyAgenda Page: http://phpmyagenda.com Risc: High Cr [ more ] [ reply ] XSS Bug in OpenGear Server Website 2006-04-24 Aditya Metaeye Org 0x0*] Advisory ============== Web Penetrated By:- Aditya (at) Metaeye (dot) Org [email concealed] ======================================= Hit :- Site Manipulation. ==== Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite ============== BrowserStatus :- Windows IE 6.0 ============== Injections :- ========== [ more ] [ reply ] FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility 2006-04-23 n0m3rcy bsdmail org # FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility # by n0m3rcy # Copyright (c) 2006 n0m3rcy <n0m3rcy (at) bsdmail (dot) org [email concealed]> # Exploit: http://site.com/showonlineusers.php?city=%3Cscript%3Ealert(1);%3C/script %3E # Shoutz: nukedx , cijfer , Devil-00 , str0ke # Have phun! [ more ] [ reply ] [eVuln] RateIt SQL Injection Vulnerability 2006-04-24 alex evuln com New eVuln Advisory: RateIt SQL Injection Vulnerability http://evuln.com/vulns/124/summary.html --------------------Summary---------------- eVuln ID: EV0124 CVE: CVE-2006-1798 Software: RateIt Sowtware's Web Site: http://www.absoft-my.com/ Versions: 2.2 Critical Level: Moderate Type: SQL Injection C [ more ] [ reply ] [USN-273-1] Ruby vulnerability 2006-04-24 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-273-1 April 24, 2006 ruby1.8 vulnerability CVE-2006-1931 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [ GLSA 200604-12 ] Mozilla Firefox: Multiple vulnerabilities 2006-04-23 Thierry Carrez (koon gentoo org) [ GLSA 200604-13 ] fbida: Insecure temporary file creation 2006-04-23 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200604-14 ] Dia: Arbitrary code execution through XFig import 2006-04-23 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Scry Gallery XSS Vulnerability 2006-04-24 arko dhar gmail com Software : Scry Gallery v1.1 WebSite :http://scry.org/ ISSUE : The software is prone to a XSS attack using the following proof of concept : http://anysiteusingscrygallery.com/[Path to scry gallery]/index.php?v=list&i=0&p=<script>var%20variable=11111111111111111 1;alert(variable);</script> One can [ more ] [ reply ] [SECURITY] [DSA 1039-1] New blender packages fix several vulnerabilities 2006-04-24 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1040-1] New gdm packages fix local root exploit 2006-04-24 joey infodrom org (Martin Schulze) NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability 2006-04-24 NSFOCUS Security Team (security nsfocus com) NSFOCUS Security Advisory (SA2006-02) IBM AIX mklvcopy Local Privilege Escalation Vulnerability Release Date: 2006-04-24 CVE ID: CVE-2006-1246 http://www.nsfocus.com/english/homepage/research/0602.htm Affected systems & software =================== IBM AIX 5.3 Unaffected systems & software == [ more ] [ reply ] |
|
Privacy Statement |
Scott MacVicar
Development Team, vBulletin
[ more ] [ reply ]