- Advisory: PEHEPE Membership Management System Multiple Vulnerabilities
- Author: Yunus Emre Yilmaz -- mail[at]yunusemreyilmaz(dot)com

- Application: PEHEPE MemberShip Management System (http://www.pehepe.org/UYELİK3)
- Affected Version : v3 ( maybe older versions..)
- Risk : Critical

-- Det

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:051
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

Vulnerability:
The on-access scanner of McAfee Virex 7.7 for Mac is unreliable and fails the EICAR test.

Using any webbrowser to download the EICAR testvirus from http://www.eicar.org/anti_virus_test_file.htm will not trigger the Virex on-access scanner and will not be noticed in most cases. If Vi

[ more ]  [ reply ]

Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities

//----- Advisory

Program : Mozilla Thunderbird
Homepage : http://www.mozilla.com/thunderbird/
Tested version : 1.5
Found by : crashfr at sysdream dot com
This advisory : crashfr at sysdream dot co

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00601530
Version: 1

HPSBMA02099 SSRT061118 rev.1 - HP System Management Homepage (SMH)
Running on Windows: Remote Unauthorized Access

NOTICE: The information in this Security Bulletin should be

[ more ]  [ reply ]

Vulnerable: PHP4, PHP5
with use of sendmail 8.13.4 ><

When safemode disabled and open_basedir restriction in effect, we can pass extra parameters
to sendmail command in mail function, especially the -C and -X arguments.
-C for alternate configuration file
-X to log all in a file
Can be used to view

[ more ]  [ reply ]

Vulnerability in c-client library (tested with versions 2000,2001,2004), mail_open
could be used to open stream to local files.

For php and imap module

imap_open allow to bypass safemode and open_basedir restrictions.
Use imap_body or others to view a file and imap_list to recursively list a direc

[ more ]  [ reply ]

MyBB New SQL Injection

D3vil-0x1 < Devil-00 >

Milw0rm ID :-
http://www.milw0rm.com/auth.php?id=1320

The Inf.File :-
misc.php

Linez :-

[code]
$buddies = $mybb->user['buddylist'];

$namesarray = explode(",",$buddies);

if(is_array($namesarray))

{

while(list($key, $buddyid) = each($namesa

[ more ]  [ reply ]

Software - QwikiWiki
Version - v1.4

Type - XSS Vulnerability
Powered by QwikiWiki v1.4 - www.qwikiwiki.com

Examples:
http://(host)/index.php?page="><body bgcolor="black"></body>
http://(host)/index.php?page="><alert(document.cookie);</script>

Found by Dr^Death of Suicide Scene Internet Security G

[ more ]  [ reply ]

- Advisory: EJ3 TOPo Cross Site Scripting Vulnerability
- Author: Yunus Emre Yilmaz || Yns [mail (at) yunusemreyilmaz (dot) com [email concealed]]

- Application: EJ3 TOPo ( http://ej3soft.ej3.net )
- Affected Version : v2.2.178 ( maybe older versions..)
- Risk : Critical

? Details : If an attacker access /code/inc_header.php

[ more ]  [ reply ]

#!/usr/bin/perl
# << HESSAM-X >>
# FarsiNews 2.5Pro Exploi
# Exploit by Hessam-x (www.hessamx.net)
#Iran Hackerz Security Team
#WebSite: www.hackerz.ir
#
# Summery
# Name : FarsiNews [www.farsinewsteam.com]
# version : 2.5Pro
###########################

[ more ]  [ reply ]

Abstract:
---------
The ExpressPay stored-value card system used by FedEx Kinko's is
vulnerable to attack. An attacker who gains the ability to alter the
data stored on the card can use FedEx Kinko's services fraudulently
and anonymously, and can even obtain cash from the store.

Description:
----

[ more ]  [ reply ]

index-sf.html?use_mirror=[XSS]

http://prdownloads.sourceforge.net/index-sf.html?use_mirror="><script>al
ert(document.cookie)</script>

http://prdownloads.sourceforge.net/index-sf.html?use_mirror="><script>al
ert('Liz0ziM')</script>

http://prdownloads.sourceforge.net/index-sf.html?use_mirror="><scrip

[ more ]  [ reply ]

/*
---------------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® WordPress 2.0.1 Multiple Vulnerabilities
---------------------------------------------------------------
Program : WordPress 2.0
Homepage: http://www.wordpress.org
Vulnerable Versions: WordPress 2.0.1 &

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated gnutls packages fix a security issue
Advisory ID: FLSA:181014
Issue date: 2006-02-27
Product: Fedora Core
Keywords: Bugfix
CV

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated PostgreSQL packages fix security issues
Advisory ID: FLSA:157366
Issue date: 2006-02-27
Product: Red Hat Linux, Fedora Core
Keywords:

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated auth_ldap package fixes security issue
Advisory ID: FLSA:177694
Issue date: 2006-02-27
Product: Red Hat Linux
Keywords: Bugfi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 983-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 28th, 2006

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:050
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated mod_auth_pgsql package fixes security issue
Advisory ID: FLSA:177326
Issue date: 2006-02-27
Product: Fedora Core
Keywords: Bu

[ more ]  [ reply ]

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated udev packages fix a security issue
Advisory ID: FLSA:175818
Issue date: 2006-02-27
Product: Fedora Core
Keywords: Bugfix
CVE

[ more ]  [ reply ]

Information pertaining to this vulnerability has been posted on Fortinet's security advisories web site.
http://www.fortinet.com/FortiGuardCenter/url_vuln.html

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:049
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

New eVuln Advisory:
PerlBlog Multiple Vulnerabilities
http://evuln.com/vulns/81/summary.html

--------------------Summary----------------
eVuln ID: EV0081
CVE: CVE-2006-0780 CVE-2006-0781 CVE-2006-0782
Software: PerlBlog
Sowtware's Web Site: http://www.chronicled.org/perlblog/
Versions: 1.09b 1.09 1

[ more ]  [ reply ]

Information pertaining to this vulnerability has been posted on Fortinet's security advisories web page.
http://www.fortinet.com/FortiGuardCenter/ftp_vuln.html

[ more ]  [ reply ]