CommPort <= 1.01 - Multiple Vulnerabilities

No description provided by source. -------------------------------------------- CommPort 1.01 = SQL Injection Vulnerability -------------------------------------------- Discovered by: Jean Pascal Pereira [email protected] Vendor information: A 'Community Portal' generator that can be tailored for...

jetVideo 8.1.1 - Basic (.wav) Local Crash PoC

No description provided by source. !/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: jetVideo 8.1.1 Basic .wav Local Crash PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor: http://www.jetaudio.com/download/jetvideo.html + Friendly Sites:...

cyan soft Multiple Applications Format String Vulnerability and Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27728/info Multiple cyan soft products are affected by a format-string vulnerability because they fail to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function...

Mevin Basic PHP Events Lister 2.03 - CSRF Vulnerabilities

No description provided by source. Author: CrazyHacker Script: Mevin Basic PHP Events Lister v2.03 Exploit type: CSRF Vulnerability Add & Delete Admin Download: http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip Risk: High Contact: [email protected] form name=setup...

Calendar MX BASIC <= 1.0.2 (ID) Remote SQL Injection Vulnerability

No description provided by source. Title : Calendar MX BASIC = 1.0.2 ID Remote SQL Injection Vulnerability Author : ajann Contact : : $$ : Free SQL--------------------------------------------------------- http://target/path//calendardetail.asp?ID=SQL Example:...

Basic Forum by JM LLC - Multiple Vulnerabilities

No description provided by source. Dear Offensive Security, I have discovered some vulnerabilities in Basic Forum, developed by JM LLC. Best regards, Sp3ctrecore ADVISORY ================================================ Basic Forum by JM LLC - Multiple Vulnerabilities...

AoA Audio Extractor Basic 2.3.7 - ActiveX Exploit

No description provided by source. !-- Exploit Title: AoA Audio Extractor Basic ActiveX Date: 19.05.2014 Author: metacom Website: www.rstforums.com Software Link: www.aoamedia.com/audioextractor.exe Version: 2.3.7 Tested on: Windows xp sp3EN IE 6.0 -- html object...

Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability

No description provided by source. CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be...

Novell NetWare Web Server 2.x convert.bas Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2025/info Novell NetWare Web Server 2.x versions came with a CGI written in BASIC called convert.bas. This script allows retrieval of files outside of the normal web server context. This can be accomplished simply by...

IBM Informix Web Datablade 4.1x Page Request SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablade is available for Apache,...

Blackboard Learning System 6.0 Dropbox File Download Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. The application does not verify that th...

Basic CMS 'q' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32531/info Basic CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Basic-CMS 'nav_id' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38235/info Basic-CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Microsoft IE4 Clipboard Paste Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/215/info The Windows clipboard contains data that has been cut or copied from various windows applications. This data can be accessed and posted to malicious web forms at web sites without the knowledge of the visiting...

Basic Forum <= 1.1 (edit.asp) Remote SQL Injection Vulnerability

No description provided by source. Title : basicforum v 1.1 edit.asp Remote SQL Injection Vulnerability Author : bolivar Dork : This script created by www.script.canavari.com ---------------------------------------------------------------------------...

Pulse CMS Basic - Local File Inclusion Vulnerability

No description provided by source. 'Pulse CMS Basic' Local File Inclusion Vulnerability CVE-2010-4330 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'includes/controller.php' script that allows for arbitrary local fil...

ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An...

DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS

No description provided by source. / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability:...

Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate...

smack: incorrect X.509 certificate validation

It was found that the ServerTrustManager in the Smack XMPP API did not verify basicConstraints and nameConstraints in X.509 certificate chains. A man-in-the-middle attacker could use this flaw to spoof servers and obtain sensitive information...