283 matches found
Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer
Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer r00tw0rm hacker "th3breacher!" release Rootdabitch v0.1 ,which is a Multithreaded Linux/UNIX tool to brute-force cracking local root through su using sucrack. sucrack is a multithreaded Linux/UNIX tool for brute-force crackin...
A.M.Y. Cross Site Request Forgery
Exploit Title: A.M.Y CSRF change admin password Author: Jonturk75 Category:: webapps Demo site: http://calendarscripts.info/demos/amy/admin.php Email me when a new advertiser signs up...
Unfixed Redirect vulnerability at www.idverre.net
Security researcher p0pc0rn, has submitted on 22/12/2011 a Redirect vulnerability affecting www.idverre.net, which at the time of submission ranked 1508056 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 22/12/2011. It is currently unfixed. If...
Unfixed XSS vulnerability at www.topboutique.com
Security researcher Atmon3r, has submitted on 21/12/2011 a cross-site-scripting XSS vulnerability affecting www.topboutique.com, which at the time of submission ranked 826564 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 22/12/2011. It is...
Unfixed XSS vulnerability at www.hit-reset.co.uk
Security researcher Genocide, has submitted on 12/12/2011 a cross-site-scripting XSS vulnerability affecting www.hit-reset.co.uk, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is current...
InverseFlow 2.4 - Cross-Site Request Forgery (Add Admin)
Exploit Title: InverseFlow v2.4 CSRF Vulnerabilities Add Admin User + Version : 2.4 + Author : EjRaM HaCkEr + Contact : m2z9.cn + Dork : inurl:"ticket.php?cmd=lost" + Software Link : http://asria.info/download/script/inverseflow.zip...
Design/Logic Flaw
Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address aka oldemail field for e-mail change notifications, which makes it easier for remote...
Unfixed XSS vulnerability at meinekampagne.gruene.de
Security researcher zombielove, has submitted on 29/03/2011 a cross-site-scripting XSS vulnerability affecting meinekampagne.gruene.de, which at the time of submission ranked 209405 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/12/2011. It...
Unfixed XSS vulnerability at www.flashstreamworks.com
Security researcher nullbyt3, has submitted on 23/03/2011 a cross-site-scripting XSS vulnerability affecting www.flashstreamworks.com, which at the time of submission ranked 1009072 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It...
CVE-2010-4760
Open Ticket Request System OTRS before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket...
CVE-2010-4760
Open Ticket Request System OTRS before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket...
CVE-2010-4760
Open Ticket Request System OTRS before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket...
Open redirect
Open Ticket Request System OTRS before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket...
CVE-2010-4760
Open Ticket Request System OTRS before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket...
CVE-2010-4760
Open Ticket Request System OTRS before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket...
netbus-info NSE Script
Opens a connection to a NetBus server and extracts information about the host and the NetBus service itself. The extracted host information includes a list of running applications, and the hosts sound volume settings. The extracted service information includes its access control list acl, server...
Hackers Steal Customer Data from McDonald's Partner Database
McDonald's is collaborating with law enforcement after malicious hackers infiltrated another company's database and stole information about an unknown number of the fast-food chain's customers. McDonald's has alerted potentially affected customers via email and through a message on its website. "...
Unfixed XSS vulnerability at www.zebulon.fr
Security researcher warvector, has submitted on 15/06/2010 a cross-site-scripting XSS vulnerability affecting www.zebulon.fr, which at the time of submission ranked 30064 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/06/2010. It is current...
SA-CONTRIB-2010-038 - Privatemsg - Access bypass
The Privatemsg module allows to send private messages between users. Additionally, the sub module Privatemsg Email Notification sends e-mail notification when such a message is sent. The page to configure the template for these e-mails does not use the correct access permission which allows all...
Randomised password not sent in email
When creating a user with password normally, the notification email to that new user will contain the password. However creating a new user and leave the password blank, JIRA randomly generates a password for that user, but the randomised password "is not sent" in the notification email to that...