RS-2006-1: Multiple flaws in VHCS 2.x

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === - RS-Labs Security Advisory - === Tittle: Multiple flaws in VHCS 2.x ID: RS-2006-1 Severity: Critical Date: 11.Feb.2006 Author: Román

DocMGR = 0.54.2 arbitrary remote inclusion

--- DocMGR = 0.54.2 arbitrary remote inclusion software: site: http://www.docmgr.org/ description: DocMGR is a complete, web-based Document Management System (DMS). It allows for the storage of any file type, and supports full-text indexing of the most popular

[ GLSA 200602-04 ] Xpdf, Poppler: Heap overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200602-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

DB_eSession deleteSession() SQL injection

## # GulfTech Security ResearchFebruary 11, 2006 ## # Vendor : Lawrence Osiris # URL : http://www.phpclasses.org/browse/package/1624.html # Version : DB_eSession 1.0.2 #

[eVuln] phphd Multiple Vulnerabilities

New eVuln Advisory: phphd Multiple Vulnerabilities http://evuln.com/vulns/60/summary.html Summary eVuln ID: EV0060 CVE: CVE-2006-0607 CVE-2006-0608 CVE-2006-0609 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phphd Sowtware's Web

Re: Zen-Cart = 1.2.6d blind SQL injection / remote commands execution:

The mentioned vulnerabilities may be remedied by upgrading to v1.2.7: http://www.zen-cart.com/modules/ipb/index.php?showtopic=41626

[eVuln] phpstatus Authentication Bypass

New eVuln Advisory: phpstatus Authentication Bypass http://evuln.com/vulns/61/summary.html Summary eVuln ID: EV0061 CVE: CVE-2006-0570 CVE-2006-0571 CVE-2006-0572 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phpstatus

Invision Power Board Army System Mod = 2.1 SQL Injection Exploit

VULNERABLE PRODUCT --- Invision Power Board Army System Mod Version: 2.1 and priors. Url: http://supersmashbrothers.2ya.com Vulnerability: Remote SQL Injection - BACKGROUND Army

[ GLSA 200602-05 ] KPdf: Heap based overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200602-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[SECURITY] [DSA 968-1] New noweb packages fix insecure temporary file creation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 968-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 13th, 2006

Latest wu-ftpd exploit :-s

http://www.frsirt.com/exploits/08.11.0x82-wu262-advanced.c.php

Folder Guard password protection bypass

tested on Folder Guard v4.11 bypassing the Folder Guard password is done by renaming(or moving) the password file. the file is FGuard.FGP, after we rename it the Folder Guard will run and wont ask for a password for questions or currections please contact me at [EMAIL PROTECTED] or [EMAIL

Siteframe Beaumont 5.0.1a == Cross-Site Scripting Vulnerability

Hi, I'm Kiki and I would signal you a XSS in the CMS Siteframe Beaumont 5.0.1a I enclose the advisory and the origina is here: http://kiki91.altervista.org/exploit/siteframe5.0.1a_xss.txt Bye bye Kiki p.s: sorry for my bad English but I'm Italian ;) Advisory: Siteframe Beaumont 5.0.1a ==

Bypass Fortinet anti-virus using FTP

Bypass Fortinet anti-virus using FTP Severity: Low Impact:Bypass Fortinet anti-virus Vulnerabilty type: Design error Affected products: FortiGate v2.8 CVE reference: CAN-2005-3057 Vulnerability Description: - It is possible to bypass the

[SECURITY] [DSA 969-1] New scponly packages fix potential root vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 969-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 13th, 2006

URL filter bypass in Fortinet

URL filter bypass in Fortinet Severity: Low Impact:Bypass Fortinet web filter Vulnerabilty type: Design error Affected products: FortiGate v2.8 CVE reference: CAN-2005-3058 Vulnerability Description: - It is possible to bypass Fortinet URL

Internet Explorer dragdrop 0day

Matthew Murphy has just disclosed a vulnerability in Internet Explorer. He will send his advisory later today, but as he is unable to right now, he asked me to email this for him. [I didn't want to email the advisory itself as ALL CREDIT BELONGS TO HIM and I didn't want to take the credit away

XSS vulnerability in guestbook-php-script

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- SySS-Advisory: XSS-vulnerability in guestbook-php-script - --- Problem discovered: February3d

Re: Folder Guard password protection bypass

On 13 Feb 2006 07:28:00 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: tested on Folder Guard v4.11 bypassing the Folder Guard password is done by renaming(or moving) the password file. the file is FGuard.FGP, after we rename it the Folder Guard will run and wont ask for a password So

New winamp m3u/pls .WMA .M3U Extension overflows

This is an update on. http://idefense.com/intelligence/vulnerabilities/display.php?id=378 and also a new overflow with .m3u This overflow is still present in the latest version of winamp 5.13 with a little bit of modifcation. FIRST VULN == like so.. Example m3U file format: #EXTM3U

EGS Enterprise Groupware System 1.0 rc4 remote commands execution FlySpray 0.9.7 remote commands execution

EGS Enterprise Groupware System 1.0 rc4 (possibly prior versions)--- remote code execution software: site: http://egs.sourceforge.net/ description: EGS is an Open Source business system