http-open-redirect NSE Script

Spiders a website and attempts to identify open redirects. Open redirects are handlers which commonly take a URL as a parameter and responds with a HTTP redirect 3XX to the target. Risks of open redirects are described at . Only open redirects that are directly linked on the target website can be...

http-backup-finder NSE Script

Spiders a website and attempts to identify backup copies of discovered files. It does so by requesting a number of different combinations of the filename eg. index.bak, index.html, copy of index.html. Script Arguments http-backup-finder.maxpagecount the maximum amount of pages to visit. A negativ...

RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

CVE-2011-1184

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

WordPress Count per Day Plugin 'month' Parameter SQL Injection Vulnerability

The SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; if description scriptoid"1.3.6.1.4.1.25623.1.0.103259";...

WordPress Count Per Day 2.17 SQL Injection

Exploit Title: WordPress Count per Day plugin getresults'SELECT FROM '.$tableprefix.'cpdnotes WHERE 1 '.$where.' ORDER BY date DESC', ARRAYA;...

WordPress Count per Day plugin <= 2.17 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Count per Day plugin = 2.17 SQL Injection Vulnerability Date: 2011-09-05 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/count-per-day.2.17.zip Version: 2.17 tested Note...

WordPress Plugin Count per Day 2.17 - SQL Injection

WordPress Plugin Count per Day 2.17 - SQL Injection Exploit Title: WordPress Count per Day plugin getresults'SELECT FROM '.$tableprefix.'cpdnotes WHERE 1 '.$where.' ORDER BY date DESC', ARRAYA;...

WordPress Plugin Count per Day 2.17 - SQL Injection

Exploit Title: WordPress Count per Day plugin getresults'SELECT FROM '.$tableprefix.'cpdnotes WHERE 1 '.$where.' ORDER BY date DESC', ARRAYA;...

WordPress Count per Day plugin <= 2.17 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Count per Day plugin getresults'SELECT FROM '.$tableprefix.'cpdnotes WHERE 1 '.$where.' ORDER BY date DESC', ARRAYA; 0day.today 2018-02-16...

sysstat security, bug fix, and enhancement update

7.0.2-11 - Related: 716959 fix cve-2007-3852 - sysstat insecure temporary file usage 7.0.2-10 - Resolves: 716959 fix cve-2007-3852 - sysstat insecure temporary file usage 7.0.2-9 - Related: 622557 sar interrupt count goes backward 7.0.2-8 - Resolves: 694767 iostat doesn't report statistics for...

rgmanager security, bug fix, and enhancement update

2.0.52-21 - rgmanager: Fix bad passing of SFLFAILURE up fixbadpassingofsflfailureup.patch Resolves: rhbz711521 2.0.52-20 - resource-agents: Improve LDLIBRARYPATH handling by SAP resourceagentsimproveldlibrarypathhandlingbysap.patch Resolves: rhbz710637 2.0.52-19 - Fix changelog format - rgmanager...

Password History Count does not work for ATLASSIAN-SECURITY directories

Testing this locally on Crowd 227, I set the password history count to 1, then tried resetting my password through the interface and through 'Forgot Password' e-mail link, but was able to consistent use old passwords. I also expired the password, forcing a password change, but that also let me...

Password History Count does not work for ATLASSIAN-SECURITY directories

Testing this locally on Crowd 227, I set the password history count to 1, then tried resetting my password through the interface and through 'Forgot Password' e-mail link, but was able to consistent use old passwords. I also expired the password, forcing a password change, but that also let me...

kernel: agp: insufficient page_count parameter checking in agp_allocate_memory()

Multiple integer overflows in the 1 agpallocatememory and 2 agpcreateusermemory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service system crash or possibly have unspecified other...

SA-CONTRIB-2011-025 - Juitter & Download Count - Cross Site Scripting (XSS)

Two modules are being unsupported due to cross site scripting issues. The Juitter module enables you to use Juitter, a jQuery plugin, to put live Twitter search results on your site. The Juitter module contains a cross site scripting XSS vulnerability that can be exploited when setting up the...

kernel: fs/partitions: Validate map_count in Mac partition tables

Buffer overflow in the macpartition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service panic or possibly have unspecified other impact via a malformed Mac OS partition table...

kernel: fs/partitions: Corrupted OSF partition table infoleak

The osfpartition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing...

Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color...