[Full-disclosure] H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF

I luv u Ms. Phisher u d4 d1am0nds 1n My Ski h4xorCrew Advirosy 5: Easynews PRO 4.0 XSS and CRSF =================================================== "the game of secuirity is like a sord fight you must think furst b4 you m0ve" H-4 h3r3 2 stay cuz we in da h0uz h4xorcewz n da house and r4w we g0nna...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

PT-2007-4043 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.7 PHP versions 5.0.x and earlier PHP versions prior to 5.2.1 Description: The issue affects the encryption process, making it easier for attackers to decrypt certain data due to guessable encryption keys. This is...

Code injection

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...

CVE-2007-2548

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...

CVE-2007-2548

Summary: CVE-2007-2548 concerns TurnkeyWebTools SunShop Shopping Cart 4.0 with an issue in index.php described as a vulnerability tied to cookie manipulation and a remote attack vector . The exact impact is listed as unknown in the description. The available data indicate a remote, low-complexity...

Atomix MP3 - .MP3 File Buffer Overflow

Atomix MP3 - .MP3 File Buffer Overflow // source: https://www.securityfocus.com/bid/23756/info Atomix MP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit...

CVE-2007-2320

SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insertlink.php in download engine Download-Engine 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spawroot parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in...

MoinMoin 1.5.x - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23676/info MoinMoin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...

CVE-2007-2110

CVE-2007-2110 affects Oracle Database on Windows, targeting the Core RDBMS. The vulnerability (DB03) arises from the RDBMS using a NULL DACL for the Oracle process and certain shared memory sections, enabling local users to inject threads and execute arbitrary code via OpenProcess, OpenThread, an...

CVE-2007-2102

Cross-site scripting XSS vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087...

VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit

Exploit for unknown platform in category local exploits ================================================================ VCDGear include // Exec Calc.exe Scode unsigned char scode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"...

CVE-2007-1692

The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol WPAD without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet...

Inkscape恶意URI格式串漏洞

Inkscape是一个开放原始码的向量绘图软件。 Inkscape处理恶意URI存在格式串问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linu...

CVE-2006-7130

PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter, a different vector than CVE-2006-6770...

CVE-2007-1179

WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to 1 the Recommend feature, Email Article 2 senders and 3 recipients, 4 New User Approval, 5 Edit Profiles, 6 the Newsletter Subscription form, 7 the Recommend form, and 8 sending of articles, which has...