SecurityFocus

MAXDEV CMS Multiple vulnerabilities 2006-04-06
king_purba yahoo co uk

Full Path disclosure
---------------------
This hole is caused by direct access to file includes/legacy.php not protected

PoC :
http://site.co.id/maxdev/includes/legacy.php

Fix :
Turn off display error in php.ini can fix this security issue

Blind sql inject
-----------------
This hole is caused b

[ more ] [ reply ]

[ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure 2006-04-07
eufrato gmail com

____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | /_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/

.OR.ID
ECHO_ADV_28$2006

--------------

[ more ] [ reply ]

[SECURITY] [DSA 1028-1] New libimager-perl packages fix denial of service 2006-04-07
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1028-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 7th, 2006

[ more ] [ reply ]

[ MDKSA-2006:067 ] - Updated clamav packages fix vulnerabilities 2006-04-07
security mandriva com

PHPMyChat <= 0.14.5 remote commands execution 2006-04-05
rgod autistici org

#!/usr/bin/php -q -d short_open_tag=on
<?
echo "PHPMyChat <= 0.14.5 \"SYS enter\" remote cmmnds xctn 0day\r\n";
echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";
echo "site: http://retrogod.altervista.org\r\n\r\n";
echo "dork: intext:\"2000-2001 The phpHeaven Team\" -sourceforge\r\n\r\n";

if ($argc<4) {
echo

[ more ] [ reply ]

Re: SQL injection in Invision Power Board v2.1.5 2006-04-05
optix_prorat100 yahoo com

mySQL query error: SELECT pid,topic_id FROM ibf_posts WHERE topic_id=19482 and queued=0 ORDER BY pid asc LIMIT -1,20

SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1,20' at line 1
SQL error code:
Da

[ more ] [ reply ]

Matt Wright Guestbook Xss Script İnjection 2006-04-08
liz0 bsdmail com

Matt Wright Guestbook Xss Script İnjection

----------------------------------------------------
site:http://www.scriptarchive.com/
demo:http://www.scriptarchive.com/readme/guestbook.html
--------------------------------------------------
Post This Code:

<script>alert(/Liz0ziM/)</script>

<sc

[ more ] [ reply ]

LayerOne 2006 - Finalized Speaker Line-Up Announced 2006-04-06
Layer One (layeronecfp gmail com)

With less than two weeks to go LayerOne would like to announce that
this years Call For Papers is now closed. We would like to thank
everyone that submitted a paper. The response we recieved was so
overwhelming that we will be making changes to the show for next year
to accomodate more speakers (i.e

[ more ] [ reply ]

[ MDKSA-2006:065 ] - Updated kaffeine packages fix remote buffer overflow vulnerability 2006-04-05
security mandriva com

[eVuln] vCounter - sourceworkshop SQL Injection Vulnerability 2006-04-07
alex evuln com

New eVuln Advisory:
vCounter - sourceworkshop SQL Injection Vulnerability
http://evuln.com/vulns/108/summary.html

--------------------Summary----------------
eVuln ID: EV0108
CVE: CVE-2006-1499
Software: vCounter
Sowtware's Web Site: http://www.sourceworkshop.com/
Versions: 1.0
Critical Level: Harm

[ more ] [ reply ]

PHPMyChat 0.15.0dev "SYS enter" remote commands xctn (not properly patched from previous versions) 2006-04-06
rgod autistici org

#!/usr/bin/php -q -d short_open_tag=on
<?
echo "PHPMyChat 0.15.0dev \"SYS enter\" remote cmmnds xctn 0day (again)\r\n";
echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n";
echo "site: http://retrogod.altervista.org\r\n\r\n";
echo "-> works with magic_quotes_gpc=Off\r\n\r\n";
echo "dork: intext:\"2000-2001 The ph

[ more ] [ reply ]

[USN-268-1] Kaffeine vulnerability 2006-04-06
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-268-1 April 06, 2006
kaffeine vulnerability
CVE-2006-0051
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubu

[ more ] [ reply ]

Re: Re: Another Internet Explorer Address Bar Spoofing Vulnerability 2006-04-06
pc tech2 comcast net

Er, Firefox 1.5.0.1 doesn't seem to fail with the Secunia test for the vuln. See:
- http://secunia.com/advisories/19521/
Last Update: 2006-04-06

Test is here:
- http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_
Test/

.

[ more ] [ reply ]

[ MDKSA-2006:068 ] - Updated mplayer packages fix integer overflow vulnerabilities 2006-04-07
security mandriva com

[eVuln] VSNS Lemon Multiple Vulnerabilities 2006-04-06
alex evuln com

New eVuln Advisory:
VSNS Lemon Multiple Vulnerabilities
http://evuln.com/vulns/106/summary.html

--------------------Summary----------------
eVuln ID: EV0106
CVE: CVE-2006-1553 CVE-2006-1554 CVE-2006-1555
Vendor: Tachyon
Vendor's Web Site: http://tachyondecay.net/
Software: VSNS Lemon
Versions: 3.2.

[ more ] [ reply ]

[KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack 2006-04-07
addmimistrator gmail com

ORIGINAL ADVISORY:
http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attac
k.html
http://kapda.ir/advisory-305.html
----------
??????-Summary?????-
Software: MyBB
Sowtware?s Web Site: http://www.mybboard.com
Versions: 1.1.0
Class: Remote
Status: Unpatched
Exploit: Private
Solution: N

[ more ] [ reply ]

google xss 2006-04-04
almfnod gawab com

http://www.google.ae/search?hl=ar&q=<script>alert("1")</script>&meta=

[ more ] [ reply ]

Welcome to XCon2006 in China! 2006-04-05
xcon xfocus org

Hi, BugTraq readers:

This is a note that let you know XCon2006 registrations and Call For Papers is now open.

XFocus Information Security Conference
XCon2006 Call For Paper

XCon2006 the Fifth Information Security Conference will be held in
Beijing, China, during August 18-20, 2006. China has long

[ more ] [ reply ]

Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking 2006-04-05
Steven M. Christey (coley mitre org)

Hello botan,

I have some questions about this report.

>Web: http://www.ahbruinsma.nl

This web site requires a login. Even the front page is not
accessible.

>FleXiBle Development (FXB)

Is this a product, service, or a single web site? There is very
little information in Google.

>//Defining s

[ more ] [ reply ]

[security bulletin] HPSBUX02108 SSRT061133 rev.3 - HP-UX running Sendmail, Remote Execution of Arbitrary Code 2006-04-06
security-alert hp com

Black Hat Call for Papers and Registration now open 2006-04-06
Jeff Moss (jmoss blackhat com)

Hey BugTraq readers,

This is just a quick note to let you know that Black Hat USA 2006 registration and Call for Papers is now open.

We expect another outstanding program, and with the addition of more floor space at Caesars Palace we are able to bring you more selection in training classes as wel

[ more ] [ reply ]

[Kaffeine Security Advisory] Heap based buffer overflow in http_peek() 2006-04-05
Dirk Mueller (mueller kde org)

Kaffeine buffer overflow in http_peek()
Original Release Date: 2006-04-04
URL: http://www.kde.org/info/security/advisory-20060404-1.txt

0. References
CVE-2006-0051

1. Systems affected:

Kaffeine 0.4.2 up to including Kaffeine 0.7.1. Kaffeine
0.8.0 not affected.

2. Overv

[ more ] [ reply ]

SQL Injection in Chipmunk Guestbook 2006-04-07
dr jr7 hotmail com

SQL Injection in Chipmunk Guestbook

Vulnerable : Chipmunk Guestbook

Web Site : www.chipmunk-scripts.com

Exploit :

http://www.[site name].com/[Folder name]/admin/login.php

User : 'or 'jr7'='jr7' /*

Pass : anything

Discovered by : Dr.Jr7

GreeTz : T0 mY a11 Fr!nD in www.lezr.com

special thnx f

[ more ] [ reply ]