WordPress Plugin SendIt 1.5.9 - Blind SQL Injection

Exploit Title: WordPress SendIt plugin getvar"SELECT COUNT FROM $tableemail where email ='$POSTemailadd' and idlista = '$POSTlista';"; As you can see, $POSTlista parameter is nor validated neither escaped, so you can blind sql inject it using $usercount for the boolean condition checking :...

Microsoft Windows Vista2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free

Microsoft Windows Vista2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability Intro: Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the...

Bugzilla 'time-tracking' fields Information Disclosure

The version of Bugzilla hosted on the remote web server allows an unauthenticated, remote attacker to execute a boolean chart search using time tracking fields such as 'estimatedtime', 'remainingtime' 'worktime' 'actualtime', 'percentagecomplete' or 'deadline' even though the attacker is not part...

CVE-2010-1204

Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."...

pidgin security and bug fix update

2.5.2-6 - Automatically detect booleans to enable build features from dist tag - Unify RHEL4 and RHEL5 spec with Fedora to make both easier to maintain 2.5.2-2 - Upstream backports: 100: sametime-redirect-null crash 101: NetworkManager-improvement 102: no-password-in-dialog-if-not-remembering 103...

webstudioehotelpi-sql.txt

WebStudio eHotel pageid Blind SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.bdigital.biz/index.php?pageid=216 DorK : "Powered by WebStudio eHotel" Demo : http://www.webstudioehotel.com/index.php?pageid=50+and+substring@@version,1,1=3 TRUE...

Boolean operators on user and group management

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-13634. panel Please consider this as a feature request for a future release of Confluence. Boolean operands on Space permission...

Issues not shown in issue navigator that a user has permission for according to the issue security level

Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...

FreeBSD : mozilla -- arbitrary code execution vulnerability (cbfde1cd-87eb-11d9-aa18-0001020eed82)

A Mozilla Foundation Security Advisory reports : Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's 'Fireflashing' example demonstrates that an attacker can op...

security flaw

Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."...

CVE-2005-0232

CVE-2005-0232 affects Firefox 1.0 via a plugin-based approach (e.g., Flash) to manipulate about:config booleans, enabling a user interface fault (Fireflashing) that can be triggered by a user’s screen interaction. The vulnerability enables modification of configuration parameters with no user aut...