-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1079-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 29th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1080-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
May 29th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1081-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 29th, 2006
===
Ubuntu Security Notice USN-287-1 May 29, 2006
nagios vulnerability
CVE-2006-2489
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary
===
Ubuntu Security Notice USN-288-1 May 29, 2006
postgresql-7.4/-8.0, postgresql, psycopg,
python-pgsql vulnerabilities
CVE-2006-2313, CVE-2006-2314
===
A security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm not sure if this one is known but I see the last buffer overflows
show Quicktime 7.x vulnerable and suggest upgrading to 7.0.4*.
* http://docs.info.apple.com/article.html?artnum=303101
I was downloading Elephant's dream from
On 27 May 2006, at 12:01 PM, John Pettitt wrote:
I think the underlying point is that many users, not understanding the
difference between the bulk key used to encrypt the data and the
passphrase used to protect that bulk key would assume, incorrectly
that
changing the passphrase would lock
multiple file include exploits in EzUpload Pro v2.10
forum type : EzUpload Pro v2.10
bug found by : black-code sweet-devil
team : site-down
type : file include
exploits :
form.php
---
[ECHO_ADV_31$2006] JAMES 2.2.0 -- Denial Of Service
---
Author : y3dips a.k.a Ahmad Muammar W.K
Date : April, 27th 2006
Location
Dökümanlar »» Döküman oku
--Security Report--
Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 03:16 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: MiniNuke
--Security Report--
Advisory: ASPBB = 0.52 (perform_search.asp) XSS vulnerability
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 04:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: ASPBB (www.aspbb.org)
Version: 0.52
--Security Report--
Advisory: tinyBB = 0.3 Multiple Remote Vulnerabilities.
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 05:37 AM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: Epicdesigns
--Security Report--
Advisory: Enigma Haber = 4.3 Multiple Remote SQL Injection Vulnerabilities
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 05:16 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: EnigmaASP
--Security Report--
Advisory: [EMAIL PROTECTED] Interactive Web = 0.8x Multiple Remote
Vulnerabilities.
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 05:57 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: Facile
--Security Report--
Advisory: Eggblog = 3.x Multiple Remote Vulnerabilities
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 06:15 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: Eggblog (http://www.eggblog.net/)
--Security Report--
Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion
Vulnerability.
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 07:37 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: Nivisec
--Security Report--
Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability.
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 07:49 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: phpBB-Amod
--Security Report--
Advisory: ASPSitem = 2.0 Multiple Vulnerabilities.
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 08:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: ASPSitem (http://www.aspsitem.com)
Version:
--Security Report--
Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities.
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 27/05/06 09:44 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
---
Vendor: Infopop
--Security Report--
Advisory: Blend Portal = 1.2.0 for phpBB 2.x
(blend_data/blend_common.php) File Inclusion Vulnerability.
---
Author: Mustafa Can Bjorn nukedx a.k.a nuker IPEKCI
---
Date: 28/05/06 07:52 PM
---
Contacts:{
ICQ: 10072
MSN/Email: [EMAIL PROTECTED]
Web: http://www.nukedx.com
}
===
Discovery By: CrAzY CrAcKeR
Site: www.alshmokh.com
nono225-mHOn-rageh-LoverHacker
Brh-LiNuX_rOOt-BoNy_m-rootshill
===
Example:-
/news.php?mode=singleview=actitem=76subcat=[SQL]
Xss exploit in Photoalbum BW v1.3
forum type : Photoalbum BW v1.3
bug found by : black-code sweet-devil
team : site-down
type : Xss
exploit :
http://www.example.com/superalbum/index.php?pic='scriptalert(10)/script
KAPDA New advisory
Vendor: http://www.geeklog.net
Bugs: Path Disclosure, XSS, SQL Injection
(Authentication bypass)
Vulnerable Version: geeklog-1.4.0sr2(prior versions
also may be affected)
Exploitation: Remote with browser
Description:
geeklog is a freely available
UBBThreads 5.x,6.x md5 hash disclosure
---
Using XSS such as the one reported earlier:
http://[site]/[ubbpath]/index.php?debug=[xss]
will allow you to inject javascript and steal MD5 Hashes from:
http://[site]/[ubbpath]/editbasic.php
The MD5 is
I have addressed this issue the one reported about the Activity Mod Plus.
Below is a link to patches for both. Thanks.
http://phpbb-tweaks.com/topics.html-p-17623#17623
Thanks For Your E-Mail
aUsTiN Staff
For an interactinve phpBB Support board
These issues have been fixed as of v3.07.
v2 is not supported and should no longer be available to download. Please
let me know if this is not the case.
Thanks,
Egg
www.eggblog.net
-Original Message-
From: Mustafa Can Bjorn IPEKCI [mailto:[EMAIL PROTECTED]
Sent: 28 May 2006 15:01
To:
[EMAIL PROTECTED] wrote:
This to answer Mr Jon Callas (PGP CTO) and to show him the last
proof-of-concept. If he did not get it we consider we have done our
part to report a BIG problem in PGP unless this is some kinda of
HIDDEN features.
We do not know why they just see one side of the
vendor : phpbbhacks.com
Exploit BY :s3rv3r_hack3r
WWW : http://www.hackerz.ir
Exploit
/* Foing Remote File Include exploit By s3rv3r_hack3r */
#include stdio.h
#include stdlib.h
#include string.h
#include unistd.h
#include sys/types.h
#include sys/socket.h
#include netinet/in.h
Hi!
As we promised in the too short 5 minutes talk at CanSecWest last month,
here we are publishing a new version of Impacket including all the new features
we added for SMB and DCERPC. At the same time we are releasing a document
describing what this new and weird features are, full of
Hi,
I've found a vulnerability more than 2 months ago, and notified the developers,
but still no answer, so I'm posting here.
http://zone14.free.fr/advisories/3/
Vendor: WikiNi
Vulnerable: WikiNi 0.4.2 and below
Persistent Cross Site Scripting
A persistent XSS vulnerability is the most
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1082-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze, Dann Frazier
May 29th, 2006
Subject: Multiple Xss exploits in Chipmunk Board
Date: 27 May 2006 10:51:30 -
Multiple Xss exploits in Chipmunk Board
forum type : Chipmunk Board
bug found by : black-codesweet-devil
team : site-down
type : Xss
black-code:
codes :
Subject: Multiple Xss exploits in coolphp magazine
Date: 27 May 2006 14:25:31 -
Multiple Xss exploits in coolphp magazine
script type : coolphp magazine
bug found by : black-code sweet-devil
team : site-down
type : Xss
Codes :
***
Subject: multiple Xss exploits in : vCard 2.9
Date: 27 May 2006 11:12:55 -
multiple Xss exploits in : vCard 2.9
forum type : vCard 2.9
bug found by : black-codesweet-devil
team : site-down
type : Xss
sweet-devil:
http://www.example.com/cards/create.php?card_id='scriptalert(10)/script
[KAPDA::#46] - Nukedit Unauthorized Admin Add
KAPDA New advisory
Vulnerable product : Nukedit = 4.9.6
Vendor: http://www.nukedit.com
Vulnerability: Unauthorized Admin Add
Date :
Found : 2006/05/10
Vendor Contacted : N/A
Release Date : 2006/05/29
About Nukedit :
On Sat, 27 May 2006, Ansgar -59cobalt- Wiechers wrote:
On 2006-05-25 [EMAIL PROTECTED] wrote:
Although it is a well known fact that Windows desktops and servers
still use LM Hashes and cache the last ten userids and passwords
locally, just in-case an Active Directory, Domain, or NDS tree
36 matches
Mail list logo