Re: [Full-disclosure] simplog 0.9.3.2 SQL injection

) http://[target]/[path]/index.php?blogid=[sql] http://[target]/[path]/archive.php?blogid=[sql] http://[target]/[path]/archive.php?m=[sql] http://[target]/[path]/archive.php?y=[sql] /str0ke On 1/1/07, Javor Ninov [EMAIL PROTECTED] wrote: Afected Software: simplog up to 0.9.3.2 (latest

bigwebmaster guestbook multiply XSS

country: scriptalert('XSS in country');/script google search: intitle:Big Webmaster Guestbook Vendor Status: NOT NOTIFIED Solution: I DON'T CARE Javor Ninov aka DrFrancky http://www.securitydot.net/ signature.asc Description: OpenPGP digital signature

capi4hylafax insecure manipulation with tmp files

to overwriting of this file !!! VENDOR IS NOT NOTIFIED !!! Javor Ninov aka DrFrancky drfrancky shift+2 securax.org signature.asc Description: OpenPGP digital signature

Re: WordPress 2.0.1 Multiple Vulnerabilities

wp-content/ is also prone to directory listing Javor Ninov aka DrFrancky [EMAIL PROTECTED] wrote: /* --- [N]eo [S]ecurity [T]eam [NST]® WordPress 2.0.1 Multiple Vulnerabilities

Mozila Thunderbird 1.5 Address Book DoS

Affected: Mozila Thunderbird 1.5 /possibly other versions/ Mozila Thunderbird 1.5 address book allows fields of unlimited size in the address book which leads to a DoS if you import such ldif file POC: create a file.ldif and insert following then import it in address book: --- start