BizDirectory All version == RFI
vendor : idevspot.com
By : s3rv3r_hack3r
www: hackerz.ir h4ckerz.com
www.domain.com/BizDirectory/Feed.php?stylesheet=[xss]
www.domain.com/BizDirectory/status.php?message=[xss]
##
#
# PhotoPost PHP 4.6 - 4.5 [PP_PATH] Remote File Include
Vulnerability
#
##
# Found by ..: AG-Spider
#
Hello
Title : MyBB 1.2 Full path and Cross site scripting vulnerabilities
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : [EMAIL PROTECTED]
Full path
inc/generic_error.php?message=1
inc/datahandlers/event.php
inc/datahandlers/pm.php
===
Ubuntu Security Notice USN-348-1 September 18, 2006
gnutls11, gnutls12 vulnerability
CVE-2006-4790
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Hi,
There is a sql injection in Moodle 1.6.1+ (and maybe
before versions) :
The $blogEntry parameter passed to insert_record()
function in /blog/edit.php, is not checked properly .
Version 1.6.2 has been released (moodle.org).
- Omid
a file traversal attack is possible in busybox's http daemon when you send a
url encoded slash like this
http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have
tested with busy box 1.01 and I dont know if other versions are vulenrable
Vulnerability Report
***
# Title : EShoppingPro v1.0(search_run.asp) Remote SQL Injection Vulnerability
# Author : ajann
# Script Page : http://www.keyvan1.com
# Exploit;
Vulnerability Report
***
# Title : Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability
# Author : ajann
# Script Page : http://quadcomm.com
# Exploit;
Hi,
[EMAIL PROTECTED] schrieb am Thu, 14 Sep 2006 23:01:18 +:
# mcLinksCounter v1.1 - Remote File Include Vulnerabilities
# site: http://www.comscripts.com/jump.php?action=scriptid=847
Homepage: http://www.phpforums.net/index.php?dir=dld
# Vulnerable :
In the public hacking world, so far we have mostly seen USB technology
from security vendors... not the attackers side.
A few years ago we had discussions on pen-test
(http://archives.neohapsis.com/archives/sf/pentest/2004-06/thread.html#2),
and later bugtraq and FD on these risks, following an
Hayes, Bill wrote:
It looks like the flaw is a buffer overflow and not a memory corruption
error.
Actually, the vulnerability is an integer overflow which leads to a buffer
overflow which leads to memory corruption.
KeyFrame(npoints, ...)
{
buf = malloc(npoints*16)
Vulnerability Report
***
# Title : Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL
Injection Vulnerability
# Author : ajann
# Dork : faqview.asp?key
# Script Page : http://www.t-dreams.com
#
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Symantec AntiVirus and Symantec Client Security Elevation of Privilege
September 13, 2006
Overview
An elevation of privilege vulnerability in Symantec Client Security and
Symantec AntiVirus Corporate Edition could potentially allow a local
Vendor: http://www.pnphpbb.com/
Vulnerable File: includes/functions_admin.php
Vulnerable Code:
//The phpbb_root_path isn't initialize
include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );
Method To Use:
Vulnerability Report
***
# Title : Techno Dreams ArticlesPapers Package =v2.0(ArticlesTableview.asp)
Remote SQL Injection Vulnerability
# Author : ajann
# Script Page : http://www.t-dreams.com
# Exploit;
# ERNE ERNEALiZM BU ASK BiTMEZ
# HitWeb v3.0 - Remote File Include Vulnerabilities
# site: http://www.comscripts.com/jump.php?action=scriptid=12
# Script : HitWeb v3.0
# Credits : ERNE
# Contact : [EMAIL PROTECTED] and irc.gigachat.net #kurdhack
#
NixieAffiliate all version
vendor : idevspot.com
By : s3rv3r_hack3r
www: hackerz.ir h4ckerz.com
Bypass for delete any aff ID :
www.domain.com/NixieAffiliate/delete.php?id=1
Xss :
www.domain.com/NixieAffiliate/forms/lostpassword.php?error=[xss]
##
#
# Title: PHPQuiz = v.1.2 Remote SQL injection/Code Execution Exploit
# Vendor : PHPQuiz
# webiste : http://www.phpquiz.com
# Version : = v.1.2
# Severity: Critical
# Author: Simo64 / simo64_at_morx_org
# MorX Security Reseach Team
Hello,,
PHP-Post Multiple Input Validation Vulnerabilities
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
variables over write,,
this php script is injected with variables over write bug
try to make a new variable
Vendor: Plume CMS 1.1.10
Found By : D3nGeR
Scripit Site : http://plume-cms.net
in file [prepend.php]
;
include_once $_PX_config['manager_path'].'/inc/class.config.php'
code
http://site.com/[path]manager/frontinc/prepend.php?_PX_config[manager_path]=[shell
code ]
TITLE:
HP-UX X.25 Denial of Service Vulnerability
CRITICAL:
Not critical
IMPACT:
DoS
WHERE:
Local system
DESCRIPTION:
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to
Vulnerability Report
***
# Title : ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability
# Author : ajann
# Script Page : http://www.keyvan1.com
# Exploit;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1178-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
September 16th, 2006
-
* Kurdish Security Advisory
* Author : Botan
* Script : Artmedic Links
* Site : http://www.artmedic.de
* Version : 5.0
* Risk : High
* Class : Remote
* Contact : [EMAIL PROTECTED] and irc.gigachat.net
24 matches
Mail list logo