On Tue, 13 Jun 2006, [EMAIL PROTECTED] wrote:
:
http://[SITE]/default.asp?mod=searchtype=simpleq=%27+union+select+1%2Cadmin_password%2C3%2C4+from+admin_users+%27+cmdSearch=Search
:
: credits: EntriKa The_BeKiR erne
Which Ashop is this?
AShop Software
www.ashopsoftware.com/
Ashop Shopping
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:131
http://www.mandriva.com/security/
###Dicomdk
Full Path Disclosure xGuestBook v1.02#
#
http://xatrix.xa.funpic.de/xguestbook2/ #
#
By : X-boy #
Hi all.
After early getting the details of MS06-034 I thought
it will be cool to build the exploits since there has
been long time without any IIS exploit and our
customers (see *1) will like it, so I asked the guys
to build the exploits and that I will take care of the
part of elevating
==
Secunia Research 26/07/2006
- AutoVue SolidModel Professional Buffer Overflow Vulnerability -
==
Table of Contents
Affected
===
Ubuntu Security Notice USN-297-3 July 26, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779,
CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2784,
CVE-2006-2787
===
Ubuntu Security Notice USN-320-2 July 26, 2006
php4 regression
https://launchpad.net/bugs/53581
===
A security issue affects the following Ubuntu releases:
Ubuntu
I don't know anyone report this but I have detected this when test EzUpload Pro
2.2.0
Attacker can re-config EzUpload system without login.
File: filter.php -- change Extensions Mode file type.
File: access.php -- change Protection Method accept anyone upload file
File: edituser.php -- Add
Multiple access control and input validation vulnerabilities in
~~~
OpenCMS (Open Source Website Content Management System)
~~~
0. ORIGINAL ADVISORY
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA -2[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier
July 26th, 2006
Hi
A reader going by the nickname xeek pointed out to me that
the examples in the paper making use of the HTTP GET request
do not work as-is (thanks xeek!). After looking at the matter,
I realized that I made a silly mistake. In my research, I
toyed with the LoadVars.send() method with 2
#--
#Aria-Security.net Advisory
#Discovered by: l2odon
# www.Aria-security.net
#Gr33t to: A.u.r.a O.U.T.L.A.W [EMAIL PROTECTED] @ DrtRp Cl0wn
#---
Zyxel Prestige 660H-61 Cross-Site Scripting
Tested on Zyxel Prestige 660H-61
ZyNOS F/W Version: V3.40(PT.0)b32 | 1/28/2005
Standard:NORMAL
Discovered by: José Ramón Palanco: jose.palanco(at)eazel(dot).es
http://www.eazel.es
Description:
Zyxel Prestige 660H-61 ADSL Router is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: Professional Home Page Tools Login Script Cross Site Scripting
Vulnerabilities
Release Date: 2006/07/25
Last Modified: 2006/07/25
Author: Tamriel [tamriel at gmx dot net]
Application: Professional Home Page Tools
#--
#Aria-Security.net Advisory
#Discovered by: l2odon
# www.Aria-security.net
#Gr33t to: A.u.r.a O.U.T.L.A.W [EMAIL PROTECTED] @ DrtRp Cl0wn
#---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: TP-Book = 1.00 Cross Site Scripting Vulnerabilities
Release Date: 2006/07/25
Last Modified: 2006/07/25
Author: Tamriel [tamriel at gmx dot net]
Application: TP-Book = 1.00
Risk: Low
Vendor Status: not
ZDI-06-023: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-023.html
July 25, 2006
-- CVE ID:
CVE-2006-3838
-- Affected Vendor:
eIQnetworks
-- Affected Products:
eIQnetworks Enterprise Security Analyzer
TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server
Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/TSRT-06-04.html
July 25, 2006
-- CVE ID:
CVE-2006-3838
-- Affected Vendor:
eIQnetworks
-- Affected Products:
eIQnetworks Enterprise
TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server
Buffer Overflow Vulnerabilities
http://www.zerodayinitiative.com/advisories/TSRT-06-03.html
July 25, 2006
-- CVE ID:
CVE-2006-3838
-- Affected Vendor:
eIQnetworks
-- Affected Products:
eIQnetworks Enterprise
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1125-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
July 26th, 2006
Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
1. Overview
NTA Monitor discovered a denial of service vulnerability in the Cisco
VPN 3000 series concentrator products while performing a VPN security
test for a customer in July 2005.
The vulnerability affects Phase-1 of the IKE
#!/usr/bin/php -q -d short_open_tag=on
?
echo Etomite CMS = 0.6.1 'rfiles.php' remote command execution\r\n;
echo by rgod [EMAIL PROTECTED];
echo site: http://retrogod.altervista.org\r\n;;
echo google dork: \Content managed by the Etomite Content Management
System\\r\n\r\n;
/*
works
ECHO_ADV_41$2006
---
[ECHO_ADV_41$2006] BufferOverflow in Midirecord2
---
Author : Dedi Dwianto
Date : July, 25th 2006
Location
===
Ubuntu Security Notice USN-323-1 July 25, 2006
mozilla vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778,
CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782,
CVE-2006-2783, CVE-2006-2784,
[vuln.sg] Vulnerability Research Advisory
PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability
by Tan Chew Keong
Release Date: 2006-07-25
Summary
---
A vulnerability has been found in PowerArchiver. When exploited, the
vulnerability allows execution of arbitrary code when the user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security/ http://www.openpkg.org
[EMAIL PROTECTED]
==
Secunia Research 25/07/2006
- FileCOPA Directory Argument Handling Buffer Overflow -
==
Table of Contents
Affected
Phpprobid 5.24
http://www.phpprobid.com
--
Cross Site Scripting (XSS)
--
http://target.xx/auctionsearch.php?advsrc=;scriptalert(/EllipsisSecurityTest/)/script
This is old safe_mode bypass. But you can only bypass safe mode in php 4.4.2
and 5.1.2 and prior. Your exploit code is just copy with little changes of
http://securityreason.com/achievement_exploitalert/8 based on SecurityReason
Advisory http://securityreason.com/achievement_securityalert/37
29 matches
Mail list logo