PCPIN Chat 6: potential XSS vulnerability in URL redirection script

 ( 140 days 12 hours ago)

All PCPIN Chat 6 versions prior to 6.11 are affected by the potential XSS vulnerability in URL redirection script. The vulnerability is caused by insufficient protocol scheme validation in file /inc/urlredirection.inc.php More info and patch here:

vuln in WordPress plugin Upload File(UP)

 ( 140 days 12 hours ago)

New Advisory: Wordpress Plugin Upload File(UP) Remote SQL Injection Summary Software: Upload File (WordPress Plugin) Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: eserg.ru Description 1. SQL Injection. [path]/wp-uploadfile.php?fid=[SQL] SQL query: null/**/union/**/all/**/select/**/concat(userlogin,0x3a,userpass)/**/from/**/wpusers/* PoC/Exploit ...

Re: BosNews v4.0 Remote add user admin

 ( 140 days 12 hours ago)

That adds a user, but not an admin user. The only way to assign an admin user is through the interface. "Guest" users are part of the script's function.

dzoic handshakes sql injection >> index.php on $fname

 ( 140 days 12 hours ago)

By :s3rv3rhack3r(Ali Jasbi) From hackerz.ir vendro : dzoic.com version : all risk : high bug : =[Sql Injection]&lname=jakson&email=1@2.com&handshakes=0&distance=0&country=0&state=0&city=0&postalcode=12345&online=on&withphoto=on&submit=Search

[ MDVSA-2008:106 ] - Updated gnutls packages fix denial of service vulnerabilities

 ( 140 days 12 hours ago)

Mandriva Linux Security Advisory MDVSA-2008:106 Package : gnutls Date : May 23, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0 Problem Description: Flaws discovered in versions prior to 2.2.4 (stable) and 2.3.10 (development) of GnuTLS allow an attacker to cause denial of service ...