All;

We have received this report and are investigating. Our preliminary
tests show that this only works when customers block the uncategorized
URL category and allow the dynamic content category.

If you do not block uncategorized you should not be affected.

-----Original Message-----
From:

[ more ]  [ reply ]

I found a Remote SQL Injection into bloggage.

This is the original advisory:

http://colander.altervista.org/advisory/bloggage.txt

Best Regards,
Omni

[ more ]  [ reply ]

====================
Discovered by: Qex
Date: 20 April 2006
====================

Run command: [XSS]

[ more ]  [ reply ]

New eVuln Advisory:
MWNewsletter SQL Injection and XSS Vulnerabilities
http://evuln.com/vulns/123/summary.html

--------------------Summary----------------
eVuln ID: EV0123
CVE: CVE-2006-1690 CVE-2006-1691 CVE-2006-1692
Vendor: Manic Web
Software: MWNewsletter
Sowtware's Web Site: http://www.manicwe

[ more ]  [ reply ]

>>>>>>>------------------------------------<<<<<<<
foud by:::. CrAzY CrAcKeR..:::
Site: http://www.alshmokh.com
nono225-mHOn-rageh-port-Lover hacker-Breeeeh-linux r00t
>>>>>>>------------------------------------<<<<<<<

---------example:
http://www.target.com/forum/member.asp?id=[SQL Injection]

---

[ more ]  [ reply ]

ID : 2006.1
Product : ARI (Asterisk Recording Interface)
http://www.littlejohnconsulting.com/?q=node/11
Asterisk@home Distribution
http://asteriskathome.sourceforge.net/
Affected product : <= 0.7.15 (As

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

============================================
foud by:::.CrAzY CrAcKeR.:::
::::..alshmokh team..::::
Site: http://www.alshmokh.com
nono225-mHOn-rageh-port-Lover hacker-Breeeeh
============================================

----example:
1]
http://www.target.com/pages.asp?id=[SQL Injection]

===========

[ more ]  [ reply ]

#!/usr/bin/perl -w
#
# Websense Filter Bypass
#
# ====================
# Discovered by: Qex
# Date: 19 April 2006
# ====================
#
# Bypass any website that is in the "Uncategorized" Websense Category
# simply by adding a question mark (?) at the end of the URL.

print q(
Websense Filter Byp

[ more ]  [ reply ]

====================
Discovered by: Qex
Date: 14 April 2006
====================

Steps:-

1- Register with this nickname:-
'><script>alert(document.cookie)</script>

2- Go to http://www.[SITE].com/[PATH]/member.php?action=showprofile&user_id=[ID]

[ more ]  [ reply ]

Argeniss Security Advisory

Name: Oracle Database 10gR1 Buffer overflow in
VERIFY_LOG procedure (DB03)
Affected Software: Oracle Database Server version
10gR1
Severity: High
Remote exploitable: Yes (Authentication to Database
Server is needed)
Credits: Esteban Martínez Fayó
Date: 4/18/2006
Ad

[ more ]  [ reply ]

A couple folks have emailed me now and pointed out that
I made this sound too trivial, which I probably did, so
let me add something more concrete:

Here's a simpler fuzzing example:

::Assumptions::

40 threads per machine
2 machines (split keyspace /2)
DS/3 (not bandwidth limited)
80 req/sec
288,0

[ more ]  [ reply ]

The AT-9724TS switch are ethernet switch distributed by Allied Telesyn.

Under some circumstances the affected switches may cease to function properly. When a large stream of UDP data is sent to a vulnerable switch, the device becomes unstable. It has been reported that this type of attack results i

[ more ]  [ reply ]

Hello all,

We proud to announce the release of a new site devoted to security
conferences : http://www.security-briefings.com

Our goal is to highlight major information provided during the most
popular and interesting conferences such as (but not limited to) :
Blackhat, Shmoocon, Defcon, Recon,

[ more ]  [ reply ]

--------

[Abstract]
Ad-Aware is anti-spyware program from Lavasoft. Running
it gives you a false sense of safeness. There can be done numerous attacks
against this software. I'll show some of the problems and attacks in this
write-up. Here's just a summary of the most visible problems I've run i

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00642089
Version: 1

HPSBST02112 SSRT061129 rev.1 - HP StorageWorks Secure Path for
Windows Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted
upon a

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00595837
Version: 3

HPSBTU02095 SSRT051007 rev.3 - HP Tru64 UNIX Running DNS
BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access

NOTICE: The information in this Security Bulletin sh

[ more ]  [ reply ]

>Exploit:
>http://www.example.com/index.php?mod=editnews&action=editnews&id=114539
7112&source=[XSS]

This XSS is likely resultant from a more serious issue in which the
$source variable is not being validated, so it is subject to attacks
such as directory traversal. Given the program's assumption

[ more ]  [ reply ]