161 matches found
CVE-2013-3831
CVE-2013-3831 affects Oracle Portal (Demo Organization Chart) in Oracle Fusion Middleware 11.1.1.6.0. The vulnerability is an SQL injection in the Oracle Portal Demo Organization Chart app caused by inadequate sanitization of the p_args_values parameter, potentially enabling a remote authenticate...
Microsoft EPD - CS Flash Cross Site Web Vulnerability
Document Title: =============== Microsoft EPD - CS Flash Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1013 Microsoft Security Response Center MSRC ID: 15156 Release Date: ============= 2013-07-28 Vulnerability Laboratory I...
Oracle Linux 5 : freetype (ELSA-2010-0607)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2010-0607 advisory. - Add freetype-2.2.1-CVE-2010-1797.patch Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...
activemq: Multiple XSS flaws in web demos
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
Want to be the Part of History? Just be a part of E-HACK
E-HACK is an Information Security Workshop, organized by infySEC. The workshop aims at creating awareness about INFORMATION SECURITY by showing in what all ways information or data can be stolen. Meddle in cyber-warfare, battle with our machine master mind who will throw challenges on web...
Apache ActiveMQ web demos多个跨站脚本漏洞(CVE-2012-6092)
CVE ID:CVE-2012-6092 Apache ActiveMQ是一款开源消息总线,支持JMS1.1和J2EE 1.4规范的JMS Provider实现。 Apache ActiveMQ web demos存在多个跨站脚本漏洞,允许远程攻击者通过PortfolioPublishServlet.java的refresh参数也即/demo/portfolioPublish或Market Data...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
CVE-2012-6092
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
CVE-2012-6092
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
CVE-2012-6092
Summary of CVE-2012-6092: Cross-site scripting in Apache ActiveMQ web demos Affected software: Apache ActiveMQ web demos (demo/portfolioPublish and related webapp/websocket/chat.js) prior to 5.8.0. What is vulnerable: Multiple XSS vulnerabilities via (1) refresh parameter to PortfolioPublishServl...
phonon, qt security update
CentOS Errata and Security Advisory CESA-2013:0669 Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
Classified Ultra ScriptsGenie Cross Site Scripting / SQL Injection
Exploit Title; Classified Ultra ScriptsGenie Multiple Vulnerabilities Date; 20/1/13 Author; 3spi0n Script Vendor or Software Link; http://www.hotscripts.com/listing/classified-ultra-scriptsgenie/ Category; Webapps Type; SQL Injection MySQLi Tested on; Ubuntu 12.10 / Win7 / Backtrack 5 Demo...
Wordpress wp-codebox Plugin Full Path Disclosure vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------------------------------------------------ Exploit Title: Wordpress wp-codebox plugin Full Path Disclosure vulnerability Date: 14/01/2012 Author: terrorist Tested on:...
Simple Machines Forum 2.0.3 Path Disclosure
Summary: -------------- A security flaw allows an attacker to know the full path of the web system. Details: ----------- SSI.php Line 294: // Fetch a post with a particular ID. By default will only show if you have permission to the see the board in question - this can be overriden. function...
Wordpress Themes moneymasters Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Author = Fayzoun Facebook = http://fb.me/fayzoun.no.love Facebook page = http://fb.me/fayzoun.AO Google Dork = inurl:/wp-content/themes/moneymasters Mail : email protected / email protected Exploit: "@$uploadfile",...
Digitale Age File Upload / Sql injection vulnerabilites
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Bullseye Creative => SQL injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Bullseye Creative = SQL injection Vulnerability Author: RaMeZ Libyan Darkness Storm - LDS Google dork : intext:powered by: Bullseye Creative "inurl:.php?id=" Date : 16-9-2012 Greets : LDS members poc: www.site.com/sick...
FBDj Stats SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
NovinMarketing SQL Injection
| @@@@@@@@ @@@@@@@@@ @@ @@ @@@@@ @@ @@ @@@@@@@@ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ | | @@@@@@@@ @@@ @@@ @ @ @ @ @ @ @ @ @ @@@@@@@@ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ | | @@@@@@@@ ...
Ultrastats 0.3.16 SQL Injection Vulnerability
Exploit for php platform in category web applications + Author: TUNISIAN CYBER + Exploit Title: Ultrastats 0.3.16 SQL Injection Vulnerability + Home: 1337day.com Inj3ct0r Exploit DataBase + Date: 09-09-2012 + Category: WebApp + Google Dork: intext:Created 2005-2008 - By deltaray Support Forums |...