|
|
Colapse all |
Post message
[eVuln] DSLogin Authentication Bypass Vulnerability 2006-03-27 alex evuln com New eVuln Advisory: DSLogin Authentication Bypass Vulnerability http://evuln.com/vulns/100/summary.html --------------------Summary---------------- eVuln ID: EV0100 CVE: CVE-2006-1238 Software: DSLogin Sowtware's Web Site: http://dsportal.uw.hu/ Versions: 1.0 Critical Level: Moderate Type: SQL Inje [ more ] [ reply ] HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS 2006-03-27 h4cky0u org gmail com ------------------------------------------------------ HYSA-2006-007 h4cky0u.org Advisory 016 ------------------------------------------------------ Date - Mon March 27 2006 TITLE: ====== phpmyfamily v1.4.1 CRLF injection & XSS SEVERITY: ========= Medium SOFTWARE: ========= phpmyfamil [ more ] [ reply ] HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities 2006-03-27 h4cky0u org gmail com ------------------------------------------------------ HYSA-2006-006 h4cky0u.org Advisory 015 ------------------------------------------------------ Date - Mon March 27 2006 TITLE: ====== G-Book 1.0 XSS, Possible authentication bypass & mass message flood SEVERITY: ========= High SOFTW [ more ] [ reply ] CanfTool v1.1 Cross Site Scripting Attack 2006-03-27 botan linuxmail org Cross Site Scripting Attack CanfTool v1.1 ========================================= Description : Conftool is a Web-based online system that was developed to supports many administrative tasks of conferences, workshops and seminars. It can help to make the management of events easier and much mo [ more ] [ reply ] [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities 2006-03-27 Matteo Beccati (matteo beccati com) [ GLSA 200603-24 ] RealPlayer: Buffer overflow vulnerability 2006-03-26 Matthias Geerdsen (vorlon gentoo org) AkoComment SQL injection vulnerability 2006-03-26 Stefan Keller (skeller pobox com) AkoComment is a well known and widely used add-on for the Mambo and Joomla Content Management Systems. It allows users to post comments to articles. AkoComment 2.0 suffers from an SQL injection vulnerability (components/com_akocomment/akocomment.php): # Clear any HTML and SQL injections $t [ more ] [ reply ] HPSBUX02108 SSRT061133 rev.1 - HP-UX Sendmail, Remote Execution 2006-03-26 secure hpchs cup hp com (Security Alert) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HPSBUX02108 SSRT061133 rev.1 - HP-UX running Sendmail, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2006-03-25 Last Updated: 2006-03-25 Potential Secu [ more ] [ reply ] SQL Injection in SaphpLesson2.0 2006-03-25 xx_hack_xx_2004 hotmail com Hi Vulnerable: SaphpLesson2.0 http://www.Arabless.com Exploit : http://Example.com/lesson/print.php?lessid=[SQL] Example : For Name & Passowrd http://Example.com/lesson/print.php?lessid=-1%20union%20select%20null,nu ll,null,ModName,null,ModPassword,null,ModPassword,null,ModPassword,null, null,null,n [ more ] [ reply ] UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection 2006-03-25 dabdoub_mosikar forislam com [+]UBBThreads [-]Founded By Moroccan Security Team [+]we are [DaBDouB-MoSiKaR,simo64,ki11er,Dr.E-Vil,|ucifier] [+]special 10x: to all friends SnIpEr_SA,Crash_OvEr_rIdE king-hacker,CiM-TeaM,ameer,Dranzelz,Esp!onLeRaVaGe and www.lezr.com [+]Solution:Upgrade to a version 6.0.3 [-]exemple:http://[targe [ more ] [ reply ] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) 2006-03-24 Eric Allman eric+bugtraq (at) neophilic (dot) com [email concealed] (eric+bugtraq neophilic com) Theo, >> ISS explained it to us and >> told us that they had managed to craft an exploit in their lab, but >> frankly we don't see how it can be practical. > > I know the guy who exploited it. He's better than you think he is. I'm sorry, I was not trying to imply in any way that Mark was blowing [ more ] [ reply ] Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities) 2006-03-25 bifta04 aol com Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll) 2006-03-25 dgtlscrm gmail com [eVuln] DSDownload Multiple SQL Injection Vulnerabilities 2006-03-25 alex evuln com New eVuln Advisory: DSDownload Multiple SQL Injection Vulnerabilities http://evuln.com/vulns/99/summary.html --------------------Summary---------------- eVuln ID: EV0099 CVE: CVE-2006-1232 Software: DSDownload Sowtware's Web Site: http://dsportal.uw.hu/ Versions: 1.0 Critical Level: Moderate Type: [ more ] [ reply ] [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability 2006-03-25 alex evuln com New eVuln Advisory: DSCounter 'X-Forwarded-For' SQL Injection Vulnerability http://evuln.com/vulns/98/summary.html --------------------Summary---------------- eVuln ID: EV0098 CVE: CVE-2006-1234 Software: DSCounter Sowtware's Web Site: http://dsportal.uw.hu/ Versions: 1.2 Critical Level: Moderate T [ more ] [ reply ] Systrace 1.6: Phoenix Release 2006-03-25 Niels Provos (provos citi umich edu) It's been a while since my last post to Bugtraq and it's been over three years since I first announced Systrace. Here is: Systrace 1.6: Phoenix Release --------------------------------------- You all know that Systrace ships by default with OpenBSD and NetBSD. However, Linux adoption has been hi [ more ] [ reply ] |
|
Privacy Statement |
Maian Weblog Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/101/summary.html
--------------------Summary----------------
eVuln ID: EV0101
CVE: CVE-2006-1334
Software: Maian Weblog
Sowtware's Web Site: http://www.maianscriptworld.co.uk/
Versions: 2.0
Critical Level
[ more ] [ reply ]