-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- -------------------------------------------------------------------

Problem discovered: February 3d 2006
Vendor contact

[ more ]  [ reply ]

Matthew Murphy has just disclosed a vulnerability in Internet Explorer.

He will send his advisory later today, but as he is unable to right now,
he asked me to email this for him.
[I didn't want to email the advisory itself as ALL CREDIT BELONGS TO HIM
and I didn't want to take the credit away fr

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 969-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 13th, 2006

[ more ]  [ reply ]

URL filter bypass in Fortinet

Severity: Low
Impact: Bypass Fortinet web filter
Vulnerabilty type: Design error
Affected products: FortiGate v2.8
CVE reference: CAN-2005-3058

Vulnerability Description:
-------------------------

It is possible to bypass Fortinet URL blocke

[ more ]  [ reply ]

Bypass Fortinet anti-virus using FTP

Severity: Low
Impact: Bypass Fortinet anti-virus
Vulnerabilty type: Design error
Affected products: FortiGate v2.8
CVE reference: CAN-2005-3057

Vulnerability Description:
-------------------------

It is possible to bypass the Fortinet

[ more ]  [ reply ]

tested on Folder Guard v4.11
bypassing the Folder Guard password is done by renaming(or moving) the password file.
the file is FGuard.FGP, after we rename it the Folder Guard will run and wont ask for a password

for questions or currections please contact me at
ShadowBeast (at) underdevelop (dot) com [email concealed]
or
Shado

[ more ]  [ reply ]

http://www.frsirt.com/exploits/08.11.0x82-wu262-advanced.c.php

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 968-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 13th, 2006

[ more ]  [ reply ]

Title: Everyone's loginName variable Cross Site Scripting

Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
Published: 12 february 2006
MorX Security Research Team
http://www.morx.org
Service: Webmail
Vendor: everyone / www.everyone.net
Vulnerability: Cross Site Scripting
Exploit included:

[ more ]  [ reply ]

VULNERABLE PRODUCT
-----------------------------------
Invision Power Board Army System Mod
Version: 2.1 and priors.
Url: http://supersmashbrothers.2ya.com
Vulnerability: Remote SQL Injection
-----------------------------------------------------

BACKGROUND
----------------------------
Army Syste

[ more ]  [ reply ]

Hi,
I'm Kiki and I would signal you a XSS in the CMS Siteframe Beaumont 5.0.1a
I enclose the advisory and the origina is here:
http://kiki91.altervista.org/exploit/siteframe5.0.1a_xss.txt
Bye bye

Kiki

p.s: sorry for my bad English but I'm Italian ;)

Advisory:

Siteframe Beaumont 5.0.1a <== Cros

[ more ]  [ reply ]

The mentioned vulnerabilities may be remedied by upgrading to v1.2.7:

http://www.zen-cart.com/modules/ipb/index.php?showtopic=41626

[ more ]  [ reply ]

New eVuln Advisory:
phpstatus Authentication Bypass
http://evuln.com/vulns/61/summary.html

--------------------Summary----------------
eVuln ID: EV0061
CVE: CVE-2006-0570 CVE-2006-0571 CVE-2006-0572
Vendor: Hinton Design
Vendor's Web Site: http://www.hintondesign.org
Software: phpstatus
Sowtware's

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200602-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

New eVuln Advisory:
Clever Copy 'Referer' & 'X-Forwarded-For' XSS Vulnerabilities
http://evuln.com/vulns/64/summary.html

--------------------Summary----------------
eVuln ID: EV0064
CVE: CVE-2006-0627
Vendor: 3.0 2.0 2.0a
Software: Clever Copy V3
Sowtware's Web Site: http://clevercopy.bestdirectbuy

[ more ]  [ reply ]

New eVuln Advisory:
phphd Multiple Vulnerabilities
http://evuln.com/vulns/60/summary.html

--------------------Summary----------------
eVuln ID: EV0060
CVE: CVE-2006-0607 CVE-2006-0608 CVE-2006-0609
Vendor: Hinton Design
Vendor's Web Site: http://www.hintondesign.org
Software: phphd
Sowtware's Web S

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200602-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

##########################################################
# GulfTech Security Research February 11, 2006
##########################################################
# Vendor : Lawrence Osiris
# URL : http://www.phpclasses.org/browse/package/1624.html
# Version : DB_eSession 1.0.2
# Risk :

[ more ]  [ reply ]

--------------- DocMGR <= 0.54.2 arbitrary remote inclusion --------------------

software:
site: http://www.docmgr.org/
description: "DocMGR is a complete, web-based Document Management System (DMS).
It allows for the storage of any file type, and supports full-text indexing of
the most popular

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================
- RS-Labs Security Advisory -
===============================

Tittle: Multiple flaws in VHCS 2.x
ID: RS-2006-1
Severity: Critical
Date: 11.Feb.2006
Author: Román Me

[ more ]  [ reply ]

ImageVue is an online Flash gallery for viewing images. For more information about ImageVue visit http://www.imagevuex.com

Credits: me

Vulnerable Systems:
imageVue16.1

In ImageVue one can upload images to the Gallery. The upload-script however isn't checking credentials nor does it check file ext

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-247-1 February 10, 2006
heimdal vulnerability
CVE-2006-0582
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubunt

[ more ]  [ reply ]

New eVuln Advisory:
phpht Topsites Multiple Vulnerabilities
http://evuln.com/vulns/59/summary.html

--------------------Summary----------------
eVuln ID: EV0059
Vendor: Hinton Design
Vendor's Web Site: http://www.hintondesign.org
Software: phpht Topsites
Sowtware's Web Site: http://www.hintondesign.

[ more ]  [ reply ]

New eVuln Advisory:
phphg Guestbook Multiple Vulnerabilities
http://evuln.com/vulns/58/summary.html

--------------------Summary----------------
eVuln ID: EV0058
CVE: CVE-2006-0602 CVE-2006-0603 CVE-2006-0604
Vendor: Hinton Design
Vendor's Web Site: http://www.hintondesign.org
Software: phphg Guestb

[ more ]  [ reply ]

------------- Linpha <= 1.0 multiple arbitrary local inclusion -----------------

software:
site: http://linpha.sourceforge.net/nuke/
description: " LinPHA is an easy to use, multilingual, flexible photo / image
archive / album / gallery written in PHP. It uses a SQL database to store
info

[ more ]  [ reply ]

From Research in Motion's KB-04791 (sorry, long link):
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/
8021/8149/8052/Support_-_Corrupt_Word_file_may_cause_buffer_overflow_in_
the_BlackBerry_Attachment_Service.html?nodeid=1181753&vernum=2

Applies to:
BlackBerry Enterprise Ser

[ more ]  [ reply ]

##########################################################
# GulfTech Security Research February 10, 2006
##########################################################
# Vendor : HiveMail
# URL : http://www.hivemail.com/
# Version : HiveMail <= 1.3
# Risk : Multiple Vulnerabilities
#########

[ more ]  [ reply ]

FarsiNews 2.5 Multiple Vulnerabilities

FarsiNews is a News Publishing System That uses Flat
files to store it`s Datas... Farsinews is a persian
and improved translation of CuteNews, AjFork, CuteHack
and CuteSQL...
for more information about FarsiNews Publishing System
visit http://www.farsinewsteam

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00597967
Version: 2

HPSBMA02096 SSRT061108 rev.2 - HP Systems Insight Manager Remote
Unauthorized Access - Directory Traversal

NOTICE: The information in this Security Bulletin should be acted
u

[ more ]  [ reply ]