author: DaBDouB-MoSiKaR [Moroccan Security Team]
site: www.o2php.com
greetz to : [Moroccan Security Team] CiM-TeaM and All Freinds
Solution: intval()
exemple:
http://[target]/post.php?action=newthreadfid=[sql]
inbox:DaBDouB-MoSiKaR[at]moroccan-security[dot]com
advisory by undefined1_ @ bash-x.net/undef/
Mon Album 0.8.7
http://www.3dsrc.com/monalbum/
There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php (line 99)
if (isset($_GET[pc])) $pc = $_GET[pc];
... (no sanity checks)
if (isset($pc) $grech_inactive) $result =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey BugTraq readers,
This is just a quick note to let you know that Black Hat USA 2006 registration
and Call for Papers is now open.
We expect another outstanding program, and with the addition of more floor
space at Caesars Palace we are able to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00629555
Version: 2
HPSBUX02108 SSRT061133 rev.2 - HP-UX running Sendmail, Remote
Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted
upon as soon as
Just a quick followup and clarification:
-Original Message-
From: Michael Scheidell
Sent: Wednesday, March 15, 2006 8:38 AM
To: bugtraq@securityfocus.com
Subject: WebVulnCrawl searching excluded directories for
hackable web servers
What he is doing is a violation of the RFC's
--Security Report--
Advisory: EzASPSite = 2.0 RC3 Remote SQL Injection Exploit Vulnerability.
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 29/03/06 21:33 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: EzASPSite
servers and you have just created a really powerful control mechanism
for
entities to control large sections of the internet since folks from
those
sections won't be able to use anyone else's DNS servers or even run
their
own (much like port 25 blocking limits who can run a mail server
really did not knew much more than was discovered. Meanwhile I am bit
disappointed that we had nearly month such a bug in wild and software
distributors like SuSE in my case did not published patches. I think as
long enough time passed and I hope distributors maybe need to see it - I
publish
Isn't the real meat of this issue the commands an unprivileged user is
permitted to execute via sudo?
Sudo isn't a blanket 'execute anything' unless it's set up that way.
Instead, you should carefully choose the specific command(s) that the user
needs to be allowed to execute. That should
Dear Raven,
raven wrote:
Bugtraq @ SNSecurity wrote:
Quick Summary:
Product : Movilnet's Web SMS.
Version : In-production versions.
Vendor : Movilnet - http://www.movilnet.com.ve/
Class : Remote
Criticality : High
author: DaBDouB-MoSiKaR [Moroccan Security Team]
site: http://www.dbbs.sup.fr/
greetz to : [Moroccan Security Team] CiM-TeaM and All Freinds
exemple:
http://[target]/topics.php?fid=3limite=[sql]
inbox:DaBDouB-MoSiKaR[at]moroccan-security[dot]com
###
Luigi Auriemma
Application: Zdaemon
http://www.zdaemon.org
(and also X-Doom http://www.doom2.net/~xdoom/)
Versions: = 1.08.01
Platforms:Windows and Linux
Website : http://toya.net.pl/~julas/w3g/
Version : 1.8c
Description :
Warcraft III Replay Parser for PHP? What is that? Maybe you know or maybe not
that Warcraft III replay files (*.w3g) have much information inside. Almost
everything can be pulled out of them: players accounts, races,
13 matches
Mail list logo