hey bro
this is not rfi
cause the file include the pmd-config.php
and lang_mod = = lang/.$pmdlang..php;
so it have value in pmd-config.php
so u cant include it as exploit in index.php and all the other files
THIS IS AIN'T RFI
byez
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1302-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
June 10, 2007
-
wass up with these ppl man
this is ain't rfi at all
includes/db.php --
if ( !defined('IN_MYBLOGGIE') )
{
die(You are not authorized to access this file);
}
so how rfi ?
its defined so its not rfi
includes/template.php ---just class i cant find any inclusion or even one
include
Vulnerability:
There is a vulnerability affecting the latest version (v2.1.103.0) of the Cisco
Trust Agent software for MacOS X that can allow an individual with physical
access to an endpoint to bypass authentication and gain administrative access
to the local machine.
Description:
When
SpyBye 0.3 was released today. A major new feature is that SpyBye can be
used as a regular web proxy, for regular web browsing. SpyBye still analyzes
all content automatically, but it happens in the background. Whenever,
dangerous content is encountered, a warning notification is shown in
Dear dann frazier,
Can you please provide valid CVE for this advisory, if any?
CVE-2007-2524 is Cross-site scripting (XSS) vulnerability in index.pl
in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to
inject arbitrary web script or HTML via the Subaction parameter in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1303-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
June 10, 2007
Application: Maran Blog
Web Site: http://www.maran.pamil-visions.com/maranblog.php
Versions: no Version numbers could be found.
Platform: linux, windows, freebsd, sun
Bug: Cross site Scripting (XSS)
Fix Available: Yes
Advisory File:http://www.secvsn.com/content/Advisories/sr-060607-maran.html
As a result of a short security audit of JFFNMS, a number of security holes
were found, even from the perspective of a non authenticated user. The holes
included authentication bypass via SQL injection. Javascript injection and a
serious case of information disclosure. After liasing with the
WinPT User ID Spoofing Vulnerability
Impact: Impersonation
Where: Remote
Status: Unpatched
Product: Windows Privacy Tray (WinPT)
http://wald.intevation.org/projects/winpt
Visual representation of keys in WinPT 1.2.0 is susceptible to a user ID
spoofing attack using keys with large amount of
Webwiz vulnerable
Versiyon: all versions are vulnerable
Poc:
it's vulnerable because of the rich text editor it accept codes which are
dangerous
When you hex this code with charcode it accept it and you can deface the topic
anywhere using webwiz
the code is this
frameset cols=100%
List,
I'm glad to present w3af ( Web Application Attack and Audit
Framework ) , a fully automated auditing and exploiting framework for
the web. This framework has been developed for almost a year and has
the following features:
Audit
- SQL injection detection
- XSS
Hi all
The project CERA is up again.
CERA : Cutting Edge Research Arena. You can
look into it.
http://cera.secniche.org
Regards
Aditya K Sood aka Zeroknock
http://www.secniche.org
Hi all
The Mlabs have been fully shifted to secniche domain.
You can check it:
http://mlabs.secniche.org
Regards
Aditya K Sood aka Zeroknock
http://www.secniche.org
PHPMailer is a widely deployed utility class used in PHP application to
handle emails sent through sendmail, PHP mailto() or SMTP. It is used in
PHP applications such as WordPress, Mantis, WebCalendar, Group-Office
and Joomla. The last official release happened on July 11, 2005.
If you have
Hi all
The Sec Niche : dwelling Security portal is up fully. Its a
personal working arena and consultancy domain of mine.You
can check it:
http://www.secniche.org
Number of papers have been transformed ot secniche and many more
will be added as soon as they are ready.
So run a bit.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200706-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
===
Ubuntu Security Notice USN-439-2 June 11, 2007
file vulnerability
CVE-2007-2799
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu
===
Ubuntu Security Notice USN-471-1 June 11, 2007
libexif vulnerability
CVE-2007-2645
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu
19 matches
Mail list logo