Advertisement
Home arrow ITsec Advisories
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
ITsec Advisories


Dagger default.php File Inclusion Vulnerabilities PDF Print E-mail
User Rating: / 0
Written by Staff   
Tuesday, 24 June 2008
CraCkEr has discovered two vulnerabilities in Dagger, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "dir_inc" and "dir_edge_skins" parameters in skins/default.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources... Write Comment (0 Comments)
Read more...
 
phpMyAdmin Cross-Site Scripting Vulnerabilities PDF Print E-mail
User Rating: / 0
Written by Staff   
Tuesday, 24 June 2008
Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site... Write Comment (1 Comments)
Read more...
 
Academic Web Tools SQL Injection and Cross-Site Scripting PDF Print E-mail
User Rating: / 0
Written by Staff   
Tuesday, 24 June 2008

AmnPardaz Security Research Team have reported some vulnerabilities in Academic Web Tools (AWT YEKTA), which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the "book_id" parameter in rating.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code...

Write Comment (0 Comments)
Read more...
 
le.cms "cms/admin/upload.php" Security Bypass PDF Print E-mail
User Rating: / 0
Written by Staff   
Tuesday, 24 June 2008
t0pP8uZz has reported a vulnerability in le.cms, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

The vulnerability is caused due to improper authentication in cms/admin/upload.php and can be exploited to e.g. upload a PHP file via a specially crafted POST request.

The vulnerability is reported in version 1.4. Other versions may also be affected...
Write Comment (1 Comments)
Read more...
 
Jamroom "jamroom[jm_dir]" File Inclusion Vulnerability PDF Print E-mail
User Rating: / 2
Written by Staff   
Tuesday, 24 June 2008

Some vulnerabilities have been reported in Jamroom, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "jamroom[jm_dir]" parameter in include/plugins/jrBrowser/purchase.php and include/plugins/jrBrowser/payment.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled...

Write Comment (0 Comments)
Read more...
 
More...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Results 16 - 30 of 9522
[ Back ]
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!