boerde.lists.bugtraq
  Home FAQ Contact Sign in
boerde.lists.bugtraq only
 
Advanced search
March 2008
motuwethfrsasuw
     12 9
3456789 10
10111213141516 11
17181920212223 12
24252627282930 13
31       14
2008
 Jan   Feb   Mar   Apr 
 May   Jun   Jul   Aug 
 Sep   Oct   Nov   Dec 
2008 2007 2006  
total
boerde.lists.bugtraq Profileā€¦
RELATED GROUPS

POPULAR GROUPS

more...

 Up
  me and my uncle fucking each other         


Author: yenc
Date: Mar 1, 2008 10:45

PORNOLATION RELEASE
no comments
  mirc KEYGEN 8301 [1/2]         


Author: qrhiwt
Date: Oct 19, 2007 15:52

fxofofvhbzgylnqcmnizzibwpycckvwqflpisgethgksoeovskxnqdvzofxvbelmsodeygybgoosdvopcdgdeippjhmuk
no comments
  RE: Do you watn a {}prosperous future?         


Author: (270) 818-7244 Donald
Date: Feb 24, 2007 03:46

Hello Debian-security-announce!!!
A Genuine Univers1ty Degree 1n notime!

Have you ever thought that the only thing stopping you from a great job and better pay was a few lettesr behind you name?
Well now you can get them!

BA BSc MA MSc MBA PhD

Within notime!
No Stuyd Required!
100%% Verifiable!

These are real, genuine degrees that include Bachelors, Masters, MBA and Doctorate Degrees. They are fully verifiable and certified transcripts are also available.

Just clal the number below.
You?ll thank me later?

Begin Today +1 (270) 818-7244
Operators Live 24 hours
========================

horse's trappings. Then, too, his eyes, the pits darkened against theLucilius's voice softened to a whisper and a too-hectic laugh. Many ofRome. Such protection as it was. Persians, this knot of them. Horsemencenturion" Quintus had had it drummed into him in training. "When you

--
To UNSUBSCRIBE, email to [email protected]lists.debian.org
with a subject of "unsubscribe". Trouble? Contact [email protected]lists.debian.org
no comments
  Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final         


Author: krasza
Date: Feb 24, 2007 03:08

Problem:Blind sql injection attack in INSERT syntax
Product:PHP-nuke <=8.0
Web page:http://phpnuke.org/

Credit:Maciej `krasza` Kukla
@mail:[email protected]gmail.com
homepage:www.krasza.int.pl

1.Description

(...)PHP-Nuke 8.0 Final version. This version includes a new anti-flood system, several cosmetic changes, a new web based installer, improvements on advertising system, downloads and web links modules, Forums and all BBtoNuke modules are now separated from the core system, improved the News module and many bugs fixes. Additionaly PHP-Nuke version 7.9 has been released for free to the public on the downloads section.(...)

Purchase PHP-Nuke 8.0 cast $12.

2.Blind sql injection attack in INSERT syntax

Lately I detected many sql injection attack in INSERT SYNTAX,where query looks like "INSERT into `nuke_referer` values(1,'$var')", $var is not filtered.It is possible to add new administrator(it is abuse...
Show full article (14.15Kb)
no comments
  Photostand_1.2.0 Multiple Cross Site Scripting         


Author: simon.itsecurity
Date: Feb 24, 2007 02:11

Photostand_1.2.0 Multiple Cross Site Scripting
Vendor site : http://www.photostand.org/
Global risk : medium

XSS
-----

+ Permanents

Message & name fields are vulnerable to xss attacks. This kind of xss
are pretty dangerous,because anyone who see the page gone get his cookie
stolen and sended to the attackers

+ Non Permanant

index.php?page=search&q;=

Full Path Disclorure -
-----------------------

"PHPSESSID='" will returns the full path of the file.

GET /photostand_1.2.0/ HTTP/1.0
[...]
Cookie: PS_STATS_VT=true;PS_STATS_VR=true;PHPSESSID=';style=[blahblah]path=/
[...]

/photostand_1.2.0/index.php?page=article&id;=' too.
Show full article (0.81Kb)
no comments
  ActiveCalendar 1.2.0, Multiple vulnerabilities         


Author: simon.itsecurity
Date: Feb 23, 2007 18:34

ActiveCalendar 1.2.0, Multiple vulnerabilities
Vendor site : http://www.micronetwork.de/activecalendar/
Global risk : Critical

Multiples XSS :
---------------

/activecalendar/data/[page].php?css=">

In :

/data/
flatevents.php
js.php
mysqlevents.php
m_2.php
m_3.php
m_4.php
xmlevents.php
y_2.php
y_3.php

Local File Include :
---------------------
Show full article (0.59Kb)
no comments
  xtcommerce local file include         


Author: none
Date: Feb 23, 2007 14:14

xtcommerce local file include

local file include:
/index.php?currency=EUR&manufacturers;_id=1&template;=../../../../../../../../etc/passwd%%00

regards laurent gaffi
no comments
  Re: iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability         


Author: Steven M. Christey
Date: Feb 23, 2007 13:06

A few notes on this advisory and IBM's IY94817.

1) The real IY94817 document (not the stub) requires registration to
even access in the first place, which is an unfortunate practice
that too many vendors undertake. The URL was also broken for some
time. Now that I've registered, I *STILL* can't get access to this
file:

"IY94817: SECURITY: DB2DIAG.LOG SYMBOLIC LINK OVERWRITE
VULNERABILITY"

http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817

Why is it so difficult just to get some basic security information?
Security advisories should be easy for the public to access. A
sysadmin shouldn't have to register with hundreds of web sites just
to get good security information.

This kind of thing happens all the time, unfortunately.

2) Anyway, this document:

http://www-1.ibm.com/support/docview.wss?uid=swg21255745

says "The vulnerability allows a local user to write to any file on
the system through the use of symbolic links (also known as
symlinks or soft links)."
Show full article (1.99Kb)
no comments
  Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support         


Author: secure
Date: Feb 23, 2007 13:01

Symantec Security Advisory

SYM07-002
http://www.symantec.com/avcenter/security/Content/2007.02.22.html

BID 22564

22 Feb, 2007

Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support
Assistant

Revision History
None

Severity
High (dependent on configuration and user interaction)

BID22564
http://www.symantec.com/avcenter/security/Content/2007.02.22.html
Show full article (0.79Kb)
1 Comment
  Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability         


Author: Stefan Esser
Date: Feb 23, 2007 12:38

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hardened-PHP Project
www.hardened-php.net

-= Security Advisory =-

Advisory: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
Release Date: 2007/02/23
Last Modified: 2007/02/23
Author: Stefan Esser [[email protected]hardened-php.net]

Application: Firefox <= 2.0.0.1, Internet Explorer 7, Opera 9
Not affected: Internet Explorer 6, Opera 8
Severity: Web-pages without a defined charset will be rendered
with the charset of the parent page when put into an
(i)frame. This might allow bypassing XSS filters
with for example UTF-7 payload
Risk: Low
Vendor Status: Only Mozilla reacted and released Firefox 2.0.0.2 which fixes this issue
References: http://www.hardened-php.net/advisory_032007.142.html

Overview:
Show full article (3.26Kb)
no comments
1 2 3 4 5 6 7 8 9