“myBloggie is considered one of the most simple, user-friendliest yet packed
with features
Weblog system available to date. Built using PHP & mySQL, web most popular
scripting
language & database system enable myBloggie to be installed in any
webservers.”
–) Full Path Disclosure
Thanks to an improper sanitization of the post_id parameter, it’s possible
to show the
full path by sending a simple request:
http://www.example.com/mybloggie/index.php?mode=viewid&post_id=’
Full [...]

Posted in General No Comments »

0×01 – Affected software description:
————————————-
MidiCart is a Try-Before-You-Buy Shopping Cart Software, that provides all you need to
create, operate, and maintain a professional Internet shop. MidiCart ASP and PHP Shopping
Cart is extremely easy to use, flexible, powerful and affordable e-commerce solution for
your web site.
0×02 – Vulnerability Discription:
———————————
There are several vulnarabilities in midicart. First there are some [...]

Posted in Exploits and Bugs No Comments »

A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
apache2-utils
The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.2 (for Ubuntu 4.10) and 2.0.53-5ubuntu5.1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Luca Ercoli discovered that the “htdigest” program [...]

Posted in Exploits and Bugs No Comments »

Description:
An attacker does not have to be logged in, or even have access
or permission to view the forums in order to exploit this
vulnerability. Users should upgrade immediately.
SQL Injection:
I have discovered a serious SQL Injection issue in Invision
Power Board that affects most all versions of Invision Power
Board regardless of most server configurations. Also, because
of the fact [...]

Posted in General No Comments »

A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4-cgi
The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.8. After performing a standard system upgrade
you need to reload the PHP module in the webserver by executing
sudo /etc/init.d/apache2 reload
to effect the necessary changes.
Details follow:
An integer overflow was discovered in [...]

Posted in Exploits and Bugs No Comments »

Exploitx Forum

Posted in General No Comments »