Re: PHPMyDesk Beta Release 1.0b == RFI

hey bro this is not rfi cause the file include the pmd-config.php and lang_mod = = lang/.$pmdlang..php; so it have value in pmd-config.php so u cant include it as exploit in index.php and all the other files THIS IS AIN'T RFI byez

[SECURITY] [DSA 1302-1] New freetype packages fix integer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1302-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 10, 2007 -

Re: myBloggie 2.1.5 Remote File Include

wass up with these ppl man this is ain't rfi at all includes/db.php -- if ( !defined('IN_MYBLOGGIE') ) { die(You are not authorized to access this file); } so how rfi ? its defined so its not rfi includes/template.php ---just class i cant find any inclusion or even one include

Cisco Trust Agent Vulnerability

Vulnerability: There is a vulnerability affecting the latest version (v2.1.103.0) of the Cisco Trust Agent software for MacOS X that can allow an individual with physical access to an endpoint to bypass authentication and gain administrative access to the local machine. Description: When

SpyBye 0.3 released

SpyBye 0.3 was released today. A major new feature is that SpyBye can be used as a regular web proxy, for regular web browsing. SpyBye still analyzes all content automatically, but it happens in the background. Whenever, dangerous content is encountered, a warning notification is shown in

Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service

Dear dann frazier, Can you please provide valid CVE for this advisory, if any? CVE-2007-2524 is Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in

[SECURITY] [DSA 1303-1] New lighttpd packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1303-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 10, 2007

Maran Blog XSS vulnerability

Application: Maran Blog Web Site: http://www.maran.pamil-visions.com/maranblog.php Versions: no Version numbers could be found. Platform: linux, windows, freebsd, sun Bug: Cross site Scripting (XSS) Fix Available: Yes Advisory File:http://www.secvsn.com/content/Advisories/sr-060607-maran.html

Serious holes affecting JFFNMS

As a result of a short security audit of JFFNMS, a number of security holes were found, even from the perspective of a non authenticated user. The holes included authentication bypass via SQL injection. Javascript injection and a serious case of information disclosure. After liasing with the

WinPT User ID Spoofing Vulnerability

WinPT User ID Spoofing Vulnerability Impact: Impersonation Where: Remote Status: Unpatched Product: Windows Privacy Tray (WinPT) http://wald.intevation.org/projects/winpt Visual representation of keys in WinPT 1.2.0 is susceptible to a user ID spoofing attack using keys with large amount of

Webwiz vulnerable

Webwiz vulnerable Versiyon: all versions are vulnerable Poc: it's vulnerable because of the rich text editor it accept codes which are dangerous When you hex this code with charcode it accept it and you can deface the topic anywhere using webwiz the code is this frameset cols=100%

[TOOL] w3af - Web Application Attack and Audit Framework

List, I'm glad to present w3af ( Web Application Attack and Audit Framework ) , a fully automated auditing and exploiting framework for the web. This framework has been developed for almost a year and has the following features: Audit - SQL injection detection - XSS

Project CERA Is Up Again : Secniche Initiative

Hi all The project CERA is up again. CERA : Cutting Edge Research Arena. You can look into it. http://cera.secniche.org Regards Aditya K Sood aka Zeroknock http://www.secniche.org

MLabs is Shifted Fully : SecNiche Initiative

Hi all The Mlabs have been fully shifted to secniche domain. You can check it: http://mlabs.secniche.org Regards Aditya K Sood aka Zeroknock http://www.secniche.org

PHPMailer command execution

PHPMailer is a widely deployed utility class used in PHP application to handle emails sent through sendmail, PHP mailto() or SMTP. It is used in PHP applications such as WordPress, Mantis, WebCalendar, Group-Office and Joomla. The last official release happened on July 11, 2005. If you have

SECNICHE : Dwelling Security is On the Run

Hi all The Sec Niche : dwelling Security portal is up fully. Its a personal working arena and consultancy domain of mine.You can check it: http://www.secniche.org Number of papers have been transformed ot secniche and many more will be added as soon as they are ready. So run a bit.

[ GLSA 200706-04 ] MadWifi: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[USN-439-2] file vulnerability

=== Ubuntu Security Notice USN-439-2 June 11, 2007 file vulnerability CVE-2007-2799 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu

[USN-471-1] libexif vulnerability

=== Ubuntu Security Notice USN-471-1 June 11, 2007 libexif vulnerability CVE-2007-2645 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu