# BiyoSecurity.Org
# script name : HazirSite v2.0
# Script Download : http://www.aspindir.com/indir.asp?id=2728
# Risk : High
# Regards : Dj ReMix
# Thanks : Korsan , Liz0zim , Tr_IP
# Vulnerable file : giris_yap.asp
Manual connect :
Go to Admin Panel Login - http://victim.com/[path
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Summary Report
Announcement ID:SUSE-SR:2006:024
Date: Fri, 06 Oct 2006 14:00:00 +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1192-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 6th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0055
Package names: openldap, php, php4
Summary: Multiple vulnerabilities
Date: 2006-10-06
Affected
http://www.stevenroddis.com.au/2006/10/06/torrentflux-user-agent-xss-vulnerability/
Name: TorrentFlux User-Agent XSS Vulnerability
Published: 2006-10-06
Critical Level: Moderate
Type: Cross-Site Scripting
Where: Remote
Status: 0-Day
Software: Torrentflux 2.1
Discoverer: Steven Roddis
On 5 Oct 2006 05:45:23 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
http://lcamtuf.coredump.cx/ffoxdie.html
this exploit still works with the latest Firefox 1.5.0.7 and Firefox 2.0 RC1
FWIW, I confirm it also works on Seamonkey 1.0.5 on WinXP.
Nick Boyce
--
Will no one rid me of this
http://lcamtuf.coredump.cx/ffoxdie.html
this exploit still works with the latest Firefox 1.5.0.7 and Firefox 2.0 RC1
Run your browser in a debugger and look at how it's crashing. That file can
also trigger a stack recursion crash.
--
JB
Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability
iDefense Security Advisory 10.05.06
http://www.idefense.com/intelligence/vulnerabilities/
Oct 05, 2006
I. BACKGROUND
Symantec has a wide range of Anti-Virus and Internet Security products
that are designed to protect users from
This PowerPoint vulnerability is described at Microsoft Security Advisory
#925984
http://www.microsoft.com/technet/security/advisory/925984.mspx
It appears that the vulnerability is due to errors when executing VB script
SlideShowWindows.View.GotoNamedShow () automatically inside a PowerPoint
===
Ubuntu Security Notice USN-359-1 October 06, 2006
python2.3, python2.4 vulnerability
CVE-2006-4980
===
A security issue affects the following Ubuntu releases:
Ubuntu
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
phpMyTeam v2.0 = (smileys_dir) Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by XORON(turkish hacker)
ackerTodo 4.2 SQL Injection
vendor: http://ackertodo.sourceforge.net/site2/index.html
File: gadget/login.php
Exploiting this issue could allow an attacker to access sensible data.
Vuln code:
$user_login = trim($_REQUEST['up_login']);
$user_pass = trim($_REQUEST['up_pass']);
$num_tasks =
ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-030.html
October 5, 2006
-- CVE ID:
CVE-2006-5143
-- Affected Vendor:
Computer Associates
-- Affected Products:
BrightStor ARCserve Backup R11.5
ZDI-06-031: CA Multiple Product Message Engine RPC Server Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
October 5, 2006
-- CVE ID:
CVE-2006-5143
-- Affected Vendor:
Computer Associates
-- Affected Products:
BrightStor ARCserve Backup
Symantec Antivirus Engine is prone to a local privilege escalation
vulnerability.
Two Device Drivers are affected: NAVEX15.sys, NAVENG.sys.
NAVEX15.sys
#LOW CONSTANT VALUE
PAGE:0004B611 sub edx, 222AD3h
PAGE:0004B617 pushesi
PAGE:0004B618
Title: CAID 34693, 34694: CA BrightStor ARCserve Backup Multiple
Buffer Overflow Vulnerabilities
CA Vulnerability ID (CAID): 34693, 34694
CA Advisory Date: 2006-10-05
Discovered By: TippingPoint, www.zerodayinitiative.com
Impact: Remote attacker can execute arbitrary code.
Summary: CA
TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow
Vulnerability
http://www.tippingpoint.com/security/advisories/TSRT-06-12.html
October 5, 2006
-- CVE ID:
CVE-2006-5142
-- Affected Vendor:
Computer Associates
-- Affected Products:
BrightStor ARCserver Backup
rPath Security Advisory: 2006-0183-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Deterministic Unauthorized Access
Updated Versions:
nss_ldap=/[EMAIL PROTECTED]:devel//1/239-9.1-1
References:
rPath Security Advisory: 2006-0185-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
gnome-ssh-askpass=/[EMAIL PROTECTED]:devel//1/4.4p1-0.1-1
openssh=/[EMAIL
TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer
Overflow Vulnerabilities
http://www.tippingpoint.com/security/advisories/TSRT-06-11.html
October 5, 2006
-- CVE ID:
CVE-2006-5143
-- Affected Vendor:
Computer Associates
-- Affected Products:
BrightStor ARCserve
rPath Security Advisory: 2006-0182-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote System User Deterministic Unauthorized Access
Updated Versions:
php=/[EMAIL PROTECTED]:devel//1/4.3.11-15.7-1
php-mysql=/[EMAIL
Hello,,
Free WPS File upload Command execution Vulnerability
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [EMAIL PROTECTED]
exploit :
#!/usr/bin/php -q -d short_open_tag=on
?
/*
/* Free WPS Command execution
/* This exploit should
OVERVIEW
Lotus Notes is a groupware/e-mail system developed by Lotus Software.
Due to its security and collaboration features it's used particularly
by large organizations, government agencies, etc. IBM estimates it is
used by 60 million people.
Out of academic interest, I'm posting
There are some important errors in this post that appear to stem from
incomplete editing of a previous advisory for an unrelated product,
webnews (CVE-2006-5100).
The subject line says 1.4, but the version referenced at the end of
the post is 1.2.3, which is dated October 2, 2006; so there
# BiyoSecurity.Org
# script name : Emek Portal v2.1 (tr)
# Script Download : http://www.aspindir.com/indir.asp?id=2728
# Risk : High
# Regards : Dj ReMix
# Thanks : Korsan , Liz0zim , Tr_IP
# Vulnerable file : giris_yap.asp
Manual connect :
Go to Admin Panel Login -
#===
===
#phponline = (LangFile) Remote File Inclusion Exploit
#===
#Bug in :index.php
#
#Vlu Code :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200610-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
The code which was quoted is taken from net2ftp version 0.60 to 0.62; these
versions were released more than 3 years ago in May-July 2003!
Newer versions of net2ftp do not use this code any longer. Read more about this
at
http://www.net2ftp.org/forums/viewtopic.php?pid=6676
28 matches
Mail list logo