USN-1157-1: Firefox vulnerabilities

Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the...

PHP-Fusion Teams Structure Infusion Addon - SQL Injection

PHP-Fusion Teams Structure Infusion Addon - SQL Injection Exploit Title: PHP-fusion Team Structure Infusion All versions SQL injection Date: 16-1-2010 Author: Saif El-Sherei Software Link: http://www.php-fusion.co.uk/infusions/addondb/view.php?addonid=120 Version: PHP-fusion 7.01..03, TeamStructu...

Family Connections Who is Chatting AddOn - Remote File Inclusion

Family Connections Who is Chatting AddOn - Remote File Inclusion ======================================================= Who is Chatting 2.2.3 Remote File Include Vulnerability ======================================================= Author : lumut-- Script Details :...

Family Connections Who is Chatting AddOn - Remote File Inclusion

======================================================= Who is Chatting 2.2.3 Remote File Include Vulnerability ======================================================= Author : lumut-- Script Details : http://www.familycms.com/downloads/details.php?file=50 Bugs : Expl:...

Fedora 12 : kvirc-4.0.0-1.fc12 (2010-10529)

KVIrc 4.0.0 Notable new features of this release include: - Definitive and stable port to the Qt4 libraries - Better support for server tecnologies: CAPS, STARTTLS, SASL, irc services... - A new UPnP module to control and remotely map your router ports for DCC - A totally rewritten MDI subsystem,...

ImageHost 1.32 Shell Upload Vulnerability

Exploit for php platform in category web applications ========================================= ImageHost 1.32 Shell Upload Vulnerability ========================================= Exploit Title: ImageHost 1.32 Shell Upload Category: php script upload Date: 2010-05-20 Author: R i sk Y Contact:...

Joomla Component com_caddy - Vulnerability

Vulnerability in Joomla Component comcaddy. Webapps exploit for php platform Exploit Title: Vulnerability in Joomla Component comcaddy Date: 2010-04-22 Author: SuBz3r0 Software Link: Joomla Component: comcaddy Tested on: CVE : if exists Code : Just use for example the firefox addon tamper data...

Redaxo 4.2.1 - Remote File Inclusion

Redaxo 4.2.1 - Remote File Inclusion ======================================================================== Redaxo CMS 4.2.1 Remote File Inclusion Vulnerability ========================================================================...

Firefox Arbitrary code execution with Firebug XMLHttpRequestSpy

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

Woltlab Burning Board Lite Addon SQL Injection

.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-. Woltlab Burning Board Lite Addon lexikon.php SQL Injection Vulnerability .-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-. + Autor: n3w7u + Vulnerabilities SQL Injection + Page:...

Phpkit addon (b-day.php) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================== Phpkit addon b-day.php SQL Injection Vulnerability ==================================================== + Autor: n3w7u + Vulnerabilities SQL Injection + Language: PHP + Date: 22.03.2010...

PHPKIT 1.6.x - 'b-day.php' Addon SQL Injection

source: https://www.securityfocus.com/bid/38891/info PHPKIT 'b-day.php' addon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...

3Com OfficeConnect Routers DoS (Content-Type)

Exploit for unknown platform in category dos / poc ============================================= 3Com OfficeConnect Routers DoS Content-Type ============================================= Title: 3Com OfficeConnect Routers DoS Content-Type CVE-ID: OSVDB-ID: Author: Alberto Ortega Published:...

phpBB3 addon prime_quick_style GetAdmin Vulnerability

Exploit for unknown platform in category web applications ===================================================== phpBB3 addon primequickstyle GetAdmin Vulnerability ===================================================== phpBB3 addon primequickstyle GetAdmin Exploit Vulnerability found and exploited...

phpBB3 - addon prime_quick_style GetAdmin

phpBB3 - addon primequickstyle GetAdmin phpBB3 addon primequickstyle GetAdmin Exploit Vulnerability found and exploited by -SmoG- target file: primequickstyle.php vuln: POST parameter "primequickstyle" is injectable. source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625 HowTo: after...

phpBB3 - addon prime_quick_style GetAdmin

phpBB3 addon primequickstyle GetAdmin Exploit Vulnerability found and exploited by -SmoG- target file: primequickstyle.php vuln: POST parameter "primequickstyle" is injectable. source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625 HowTo: after login, go to "./ucp.php" and manipulate...

Sql injection

SQL injection vulnerability in rewardpoints.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sortorder parameter in a rewardpoints.userlog action to index.php, a different vulnerability than CVE-2005-4429.2...

CVE-2009-2172

Cross-site scripting XSS vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter...

vbulletin-xssxsrf.txt

/ ----------------------------- Author = Mx Title = vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm Software = vBulletin Addon = Visitor Messages Version = 3.7.3 Attack = XSS/XSRF - Description = A critical vulnerability exists in the new vBulletin 3.7.3 software which comes included + with the...

Authorization

The Nagios process in 1 Nagios before 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an a custom form or a b browser addon...