------------- PHP-Stats <= 0.1.9.1 remote commands execution -------------------

software:
site: http://www.phpstats.net/
description: Open source statistical package for PHP enabled web sites
------------------------------------------------------------------------
--------
i) vulnerable code in adm

[ more ]  [ reply ]

Bug:

Certain Linksys (and possibly Netgear) routers will reset an IRC
connection when a malformed DCC request is received. In fact, it
doesn't even have to be a proper DCC request, the flaw can be
triggered simply by sending the following string such that it is
received by the user in some way.

DC

[ more ]  [ reply ]

New eVuln Advisory:
Easy Forum XSS Vulnerability
http://evuln.com/vulns/85/summary.html

--------------------Summary----------------
eVuln ID: EV0085
CVE: CVE-2006-0877
Software: Easy Forum
Sowtware's Web Site: http://hot-things.net/?q=eforum
Versions: 2.5
Critical Level: Harmless
Type: Cross-Site S

[ more ]  [ reply ]

[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability

KAPDA New advisory

Vulnerable products : CuteNews1.4.1
Vendor: www.cutephp.com
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi[at]yahoo[dot]com
www.kapda.ir
www.

[ more ]  [ reply ]

There is more here: http://www.dslreports.com/forum/remark,15601404

Basically, a first time install of AVG 7 will have default permissions. \Program Files\Grisoft\AVG Free has inherited permissions from \Program Files. This is preferred, because lower privileged accounts can't damage it.

Once any

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

It appears that various routers are prone to an IRC-only DoS attack. Particularly Netgear and Linksys routers have been shown vulnerable.

If a client behind one of the vulnerable routers connects to an IRC server on port 6667 (and only 6667, does not DoS with other ports) and a user posts the follo

[ more ]  [ reply ]

???summary
software: phpArcadeScript
vendors website: http://www.phparcadescript.com/
versions: <= 2.0
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: retard and jim
risk level: medium

??? description
due to phpArcadeScript excessive use of global

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Hi,

i've recently discovered a design problem in Kaspersky AV Scanner. Original seen on FileScanner for Unix 5.0.5 the Problematic files are also screewing up the latest 5.5.3 Version.

AS i didnt find an offical way to deploy this at Kaspersky i hope someone from them will read this
and contact m

[ more ]  [ reply ]

>
> ------------------------------------------------------------------------

>
> Subject:
> Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
> From:
> Steve Shockley <steve.shockley (at) shockley (dot) net [email concealed]>
> Date:
> Tue, 28 Feb 2006 18:57:57 -0500
> To:
> Renaud Lifchitz <r.lifchitz@s

[ more ]  [ reply ]

Thank you for testing!

Please test the newest Version:
http://www.4yu.ch/php_script/guestbox0.8/guestbox.php?Anfangsposition=0

Greetings
Michael, Guestbox Developer ;-)

[ more ]  [ reply ]

:: NiteSprite Security advisory NSSA-06-001 ::

:: by NiteSprite ::

:: XST-Strikes-Back vulnerability in Netcache ::

:: Date 2006-03-02 ::

:: Product Netapp Netcache 5.6 ::

:: Detail ::

XST-Strikes-back is in
http://www.securityfocus.com/archive/1/423028

If you try it on Netcache 5.6, you succ

[ more ]  [ reply ]

New eVuln Advisory:
Skate Board Multimple Vulnerabilities
http://evuln.com/vulns/84/summary.html

--------------------Summary----------------
eVuln ID: EV0084
CVE: CVE-2006-0809 CVE-2006-0810 CVE-2006-0811
Software: Skate Board
Sowtware's Web Site: http://bb.jiraiya.se/main.php?content=start
Version

[ more ]  [ reply ]

http://gregarius.net/
Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to access your news sources from wherever you want.

XSS in search.php:
search.php?rss_query=<script>alert(1)</script>&rss_query_match=exact

XSS in tags.php:
tags.php?tag=<

[ more ]  [ reply ]

##########################################################
# GulfTech Security Research March 02, 2006
##########################################################
# Vendor : Bharat Mediratta
# URL : http://gallery.menalto.com/
# Version : Gallery2 <= 2.0.2
# Risk : Multiple Vulnerabilit

[ more ]  [ reply ]

#!/usr/bin/perl -w

# MyBB <= 1.04 (misc.php COMMA) Remote SQL Injection Exploit 2 , Perl C0d3
#
# Milw0rm ID :-
# http://www.milw0rm.com/auth.php?id=1539
# D3vil-0x1 | Devil-00 < BlackHat > :)
#
# DONT FORGET TO DO YOUR CONFIG !!
# DONT FORGET TO DO YOUR CONFIG !!
# DONT FORGET TO DO YOUR CONFIG

[ more ]  [ reply ]

EMC Dantz Retrospect 7 Backup client DoS Vulnerability

iDefense Security Advisory 03.02.06
http://www.idefense.com/application/poi/display?type=vulnerabilities
March 02, 2006

I. BACKGROUND

EMC Dantz Retrospect is a network backup client designed for small
to mid-sized businesses. Dantz protects m

[ more ]  [ reply ]

Apple Mac OS X passwd Arbitrary Binary File Creation/Modification

iDefense Security Advisory 03.02.06
http://www.idefense.com/application/poi/display?type=vulnerabilities
March 02, 2006

I. BACKGROUND

Mac OS X is an operating system for the Apple family of microcomputers.
More information is avail

[ more ]  [ reply ]

/*==========================================*/
// AZTEK forums 4.0 multiple vulnerabilities (PoC)
// Product: AZTEK forums
// URL: http://www.forum-aztek.com/
// RISK: high
/*==========================================*/

[PoC]

1- XSS
- Post a message including the following line:
</textarea>'"><sc

[ more ]  [ reply ]

MyBB 1.0.4 New SQL Injection

D3vil-0x1

File :- search.php

580 to 592

/* _START_ */

if($mybb->input['forums'] != "all")

{

if(!is_array($mybb->input['forums'])) <<-- We Break It By forums[]=-1

{

$mybb->input['forums'] = array(intval($mybb->input['forums']));

}

foreach($my

[ more ]  [ reply ]

Or perhaps cache the images along with the message, to be deleted when
the message is. That way one can open an email many times without
accessing a web resource each time.

It would also allow someone to forward a message, and include the
content as it is currently, as opposed to how it may be in

[ more ]  [ reply ]

السلام عليكم ورحمة الله وبركاتة

Software: Dawaween

Web Site: http://www.dci-designs.com/

Versions:1.03

Type: SQL Injection

Class:

[ more ]  [ reply ]

???Summary???
Software: vBulletin
Sowtware?s Web Site: http://www.vBulletin.com
Versions: 3.0.12-3.5.3
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei addmimistrator
Risk Level: Mediume
??-Description??-
There is a security bug in most powerfull & common fo

[ more ]  [ reply ]

Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability

iDefense Security Advisory 03.02.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=399
March 02, 2006

I. BACKGROUND

Mac OS X is an operating system for the Apple family of microcomputers.
More information is ava

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:052
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

Looking at this further, it seems to be the same attack with the x60
amplification effect.

We will know more when we know more.

Gadi.

[ more ]  [ reply ]

--Security Report--
Advisory: Woltlab Burning Board 2.x (Datenbank MOD fileid) Multiple
Vulnerabilities.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 01/03/06 01:33 AM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: WbbCoderForum

[ more ]  [ reply ]

New eVuln Advisory:
E-Blah Platinum 'Referer' XSS Vulnerability
http://evuln.com/vulns/83/summary.html

--------------------Summary----------------
eVuln ID: EV0083
CVE: CVE-2006-0829
Software: E-Blah Platinum
Sowtware's Web Site: http://www.eblah.com
Versions: 9.7
Critical Level: Moderate
Type: Cro

[ more ]  [ reply ]