---------- Forwarded message ----------
From: Rick Elnor
To: moderators (at) osvdb (dot) org [email concealed]
Date: Sun, 29 Jan 2006 10:11:08 -0800
Subject: [OSVDB Mods] [Change Request] 22693: Etomite todo.inc.php cij Variable
Arbitrary Command Execution

Hello,

I am Rick Elnor, the Etomite CMS security expert and own

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

> The FAQ can be found at:
> http://isc.sans.org/blackworm
> http://blogs.securiteam.org

That's http://blogs.securiteam.com

My apologies, and thanks to all those who notified me.

Gadi.

[ more ]  [ reply ]

I spotted it on Christopher Boyd's Vital Security blog. Chris is a Microsoft security MVP and security research manager at FaceTime, an instant messaging security company. However, this worm appears to have spread much further and has slithered around the world.

The worm is actually an animated GIF

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:027
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:026
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

/******
Package: Etomite Content Management System
Auth: http://www.etomite.org/
Version(s): 0.6 / previous versions may also be backdoored
Vulnerability Type: Remote Code Execution
*****************/

Disclaimer:
---------

The information is provided "as is" without warranty of any kind.
The a

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 959-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 30th, 2006

[ more ]  [ reply ]

Users can inject XSS into the form field "Name", when adding a comment on a picture. This will lead to the execution of XSS code.

Simple scripting like <script>alert('hello')</script> , and more advanced document.location, and document.cookie works.

This has been tested on version 0.5.1. Other ver

[ more ]  [ reply ]

This FAQ was authored by members of the TISF BlackWorm task force
(specifically the MWP / DA groups and the SANS ISC handlers).

The purpose is both to provide with a resource for concerned users and
network administrators, as well as to be a level-headed myth-free source
on the subject.

There s

[ more ]  [ reply ]

#### D3vil-0x1 MyBB Bug ###
## Local File Inclusion
##
## MyBB 1.2 -> Admin Can Include Local File :)

## File :- admin/plugins.php

Line :- 51
//*

if($mybb->input['action'] == "activate")

{

$codename = $mybb->input['plugin']; << Input From POST

$file = $codename.".php"; << Se

[ more ]  [ reply ]

The guys over at LURHQ (Joe Stewart) produced some amazing statistics
from the logs provided to the TISF BlackWorm task force by the more
whitehat than whitehat RCN (.com/.net) ISP with the cooperation of the FBI.

By country, de-duping, removing DDoS and other counter-poisoning
attempts as best

[ more ]  [ reply ]

This issue has been addressed as of version 5.05 of Pocket Controller Professional released on January 9th, 2006.

Visit www.soti.net for more information.

[ more ]  [ reply ]

##Night_Warrior<Kurdish Hacker>
##night_warrior771[at]hotmail.com
##Nuked-klaN Cross-Site Scripting Vulnerability
##http://www.nuked-klan.org

http://www.example.com/index.php?file=Members&letter=[XSS]

Contact :night_warrior771[at]hotmail.com
Night_Warrior<Kurdihs Hacker>

[ more ]  [ reply ]

##Night_Warrior<Kurdish Hacker>

##night_warrior771[at]hotmail.com

##sPaiz-Nuke Cross-Site Scripting Vulnerability

##http://www.alstrasoft.com

http://www.example.com/sPaiz-Nuke/modules.php?name=Articles&file=search&
query=[XSS]&type=articles&type=comments

http://www.example.com/sPaiz-Nuke/mod

[ more ]  [ reply ]

/*
Do you want to hack? les`t go .. free your mind
Tu veux etre un hacker? allez .. if faut libere ta tete!
Quieres hackear? dale .. libera tu mente

Vulnerabilidad en modem Arescom NetDSL-1000
por un buffer overflow debido < [255] en la pila stack.

DoS atack por Fa

[ more ]  [ reply ]

On Sun, 29 Jan 2006, Amit Klein (AKsecurity) wrote:

> I tried setting a cookie for .com.pl, and I failed (that is, the browser
> did not respect it). If you set a cookie for .kom.pl, it will be OK (if
> you're in .kom.pl domain, that is).

Amit,

Mozilla/Firefox/Netscape are vulnerable to this flaw

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 951-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 30th, 2006

[ more ]  [ reply ]

## MyBB 1.02 usercp2.php XSS
##------------------------------##
## Devil-00 D3vil-0x1 - Attacking MyBB :)##
## ##
## devil-00 (at) s4a (dot) cc [email concealed] ##
## ##
##-----------------------------###
##
## File :- usercp2.php
## Var :- $url
## Line's :-
## -> 39
## -> 58
## -> 84
## -> 108
## -> 130
## -> 14

[ more ]  [ reply ]

The Norwegian web-publishing system EasyCMS (www.easycms.no) contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS.

It does not filter script tags and simple scripting like <script>alert(?XSS?

[ more ]  [ reply ]

I create exploit for a bug at Mininuke ; this bug at "membership.asp"
and you can with this exploit change members password :)
if you inject:
" /membership.asp&pass=[New password]&passa=[confirm new password]&x=[member name] "
This bug found by nukedx & exploit by Hessam-x

---------
+ APP name : M

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2006-0004

Package names: kernel, openssh
Summary: Multiple vulnerabilities
Date: 2006-01-27
Affected version

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

I.Vulnerability
UebiMiau Webmail System Cross Site Scripting Vulnerability

II.Vendor
Aldoir Ventura

III.Affected Systems
* UebiMiau 2.7.9 (latest release) and probably previous versions.

IV.About
UebiMiau is a simple, yet efficient mail reader (webmail) supporting both
IMAP and POP3 without

[ more ]  [ reply ]