[SECURITY] Fedora 10 Update: roundcubemail-0.2.2-4.fc10

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting (CVE-2008-5278)

WordPress is an opensource php-based blog publishing platform. It offers several features such as multi-author editing capability, automatic formatting of text and an architecture which supports plugins to further extend its functionality. There exists a cross-site script insertion vulnerability ...

E CMS 1.0 SQL Injection

============================================================================== Hackteach.OrG zZzZzZz zZzZzZz Zz ooooo Zz Zz o o Zz Zz o o Zz Zz o o Zz Zz ooooo Zz zZzZzZz zZzZzZz ============================================================================== » Note : Hacker R0x Lamerz Sux !...

[Full-disclosure] [DSF-02-2009] - Zoki Catalog SQL Injection

Ref. DSF-02-2009 - Zoki Catalog SQL Injection Vendor: Zoki Soft www.zokisoft.com Status: Patched by vendor Original advisory: http://www.davidsopas.com/2009/06/15/zoki-catalog-sql-injection/ Zoki Catalog Smart Catalog is unique and convenient software. It is designed for many purposes whether you...

Mandriva Linux Security Advisory : joomla (MDVSA-2008:060)

Several severe security issues were discovered in the Joomla! PHP-based content management system. These issues have been fixed in version 1.0.15 which is provided with this update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

ConPresso CMS 4.07 Session Fixation / XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation

HACKATTACK Advisory 20081203Pro Clan Manager 0.4.2 - Session Fixation Details Product: Pro Clan Manager CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.proclanmanager.com/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

[HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation

HACKATTACK Advisory 3Social Impress CMS 1.1 - Session Fixation Details Product: Impress CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.impresscms.info Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

Social Engine 2.7 CRLF Injection + SQL injection

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...

social-sql.txt

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...

Exhibit Engine toroot Parameter Remote File Include Vulnerability

The remote web server running Exhibit Engine, a PHP based photo gallery management system which is affected by a remote file include issue. SPDX-FileCopyrightText: 2008 Justin Seitz Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Mic_blog 0.0.3 (SQL Injection/Privilege Escalation) Remote Exploit

No description provided by source. !/usr/bin/php -q ?php errorreporting0; iniset"defaultsockettimeout",5; / Micblog v0.0.3 Multiple Remote Exploit ------------------------------------------------------------- Discovered By StAkeR aka athos - StAkeRathotmaildotit Discovered On 16/10/2008...

Vikingboard <= 0.2 Beta (task) Local File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl Vikingboard = 0.2 Beta Local File Inclusion Vulnerability Script: "Vikingboard is a PHP-based...

Vikingboard <= 0.2 Beta (task) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================= Vikingboard = 0.2 Beta task Local File Inclusion Vulnerability ================================================================= :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;...

vikingboard-lfi.txt

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl Vikingboard = 0.2 Beta Local File Inclusion Vulnerability Script: "Vikingboard is a PHP-based discussion forum..." Script site:...

PunBB多个远程跨站脚本漏洞

BUGTRAQ ID: 30396 CVECAN ID: CVE-2008-3336 PunBB是一款基于PHP的论坛程序。 PunBB的include/parser.php和moderate.php文件没有正确地验证某些参数便返回给了用户，远程攻击者可以通过向论坛提交恶意请求执行脚本注入或跨站脚本攻击。 PunBB 1.x PunBB ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://punbb.informer.com/download/punbb-1.2.19.tar.gz...

fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion

The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...

HiveMaker Professional 1.0.2 - cid SQL Injection

HiveMaker Professional 1.0.2 - cid SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV96$2008 ----------------------------------------------------------------------------------------- ECHOADV96$2008 HiveMaker Professional = 1.0.2 cid Sql...

auracms22-sql.txt

!/usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.auracms.org ! Detected...: 19.01.2008 ! Reported...: 25.01.2008 ! Response...: 30.01.2008 ! Background.: AuraCMS is a CMS based on PHP and SQL ! Bug........: $GET'albums' in...