March Networks DVR 3204 - Logfile Information Disclosure

!/usr/bin/perl March Networks DVR 3204 Logfile Information Disclosure Exploit Since configuration of the IP address, user console and root is carried out over the "administrator console", the vulnerability lies within Watchdog's HTTP server application. Any user can obtain the log files without...

HP Software Update client 3.0.8.4 Multiple Remote Vulnerabilities

Exploit for unknown platform in category dos / poc ================================================================= HP Software Update client 3.0.8.4 Multiple Remote Vulnerabilities ================================================================= Advisory: ///////// There is another remotely...

HP notebooks remote code execution vulnerability (multiple series)

Advisory: ///////// Multiple Hewlett-Packard notebook series are prone to a remote code execution attack. The manufacturer's preinstalled software contains a critical flaw within the software built to support one-touch button quick feature access. Overview: ///////// Software called "HP Info...

CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...

CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...

joomlawmtport-rfi.txt

wmtportfolio joomla component 1.0 Remote File Include Vulnerability Component : comwmtportfolio version 1.0 Download script : http://www.webmaster-tips.net/ Dicovered by : NoGe Contact : [email protected]...

Joomla! Component Flash Image Gallery - Remote File Inclusion

Joomla! Component Flash Image Gallery - Remote File Inclusion ============================================ = = = XORON c 2007 = = = ============================================ = = =Joomla comwmtgallery Remote File Include = = ============================================ = = Download: = =...

jspwiki-xss.txt

Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...

Joomla! Component Restaurante - Arbitrary File Upload

Joomla Component Restaurante = Remote File Upload Vulnerability found by : Cold z3ro Homepage : www.hackteach.org , www.xp10.com ================================================================ @@ joomla/index.php?option=comrestaurante&task=upload...

Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection

!/usr/bin/php -q -d shortopentag=on getPageParameters; switch $params-get'filtertype', 'title' case 'title' : $where .= ' AND LOWER a.title LIKE '%'.$filter.'%''; break; case 'author' : $where .= ' AND LOWER u.name LIKE '%'.$filter.'%' OR LOWER a.createdbyalias LIKE '%'.$filter.'%' '; break;...

It is possible to see components without logging in

It is possible to see project's components without logging in by just guessing urls, e.g. jira-installation/browse/KEY/component/10881. This will show all the information written on component issues are not shown. This should be restricted so that it is impossible to see any project information...

It is possible to see components without logging in

It is possible to see project's components without logging in by just guessing urls, e.g. jira-installation/browse/KEY/component/10881. This will show all the information written on component issues are not shown. This should be restricted so that it is impossible to see any project information...

It is possible to see components without logging in

It is possible to see project's components without logging in by just guessing urls, e.g. jira-installation/browse/KEY/component/10881. This will show all the information written on component issues are not shown. This should be restricted so that it is impossible to see any project information...

CVE-2007-4163

Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the 1 catid, 2 startid, 3 rowparentid, and 4 rowcatid parameters to unspecified components, related to use of these parameters within include/utils.php...

CVE-2007-3496

SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15–SP19 and Nw04s SP7–SP11 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via the User-Agent HTTP header. Affected components include SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Co...

Sql injection

SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components...

USN-478-1: libexif vulnerability

Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges...

CVE-2006-4168

Integer overflow in the exifdataloaddataentry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service application crash or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow...

CVE-2006-4168

Integer overflow in the exifdataloaddataentry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service application crash or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow...

DEBIAN-CVE-2006-4168

Integer overflow in the exifdataloaddataentry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service application crash or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow...