OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption

OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...

Joomla Jobs Pro Blind SQL Injection

Name : Joomla Jobs Pro BSqli Vulnerability Date : july 6,2010 Critical Level : HIGH vendor URL :http://www.instantphp.com/ Price:$105.00 Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger greetz to :www.topsecure.net ,All ICW...

Softbiz Jobs and Recruitment Script - 'search_result.php' SQL Injection

----------------------------Information------------------------------------------------ +Name : Softbiz Jobs & Recruitment Script SQL INJECTION searchresult.php +Autor : Easy Laster +Date : 10.03.2010 +Script : Softbiz Jobs & Recruitment Script +Price : 129$ +Language :PHP +Discovered by Easy...

httpdx 'h_readrequest()' Host Header Format String Vulnerability

The host is running httpdx Web Server and is prone to Format String vulnerability. OpenVAS Vulnerability Test $Id: gbhttpdxwebserverformatstringvuln.nasl 5838 2017-04-03 10:26:36Z cfi $ httpdx 'hreadrequest' Host Header Format String Vulnerability Authors: Nikita MR Copyright: Copyright c 2009...

Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows

====================================================================== Secunia Research 12/05/2009 - Microsoft PowerPoint Atom Parsing Buffer Overflows - ====================================================================== Table of Contents Affected...

ssfree-rfi.txt

By Hasadya Raed Contact : [email protected] Israel ----------------------------------------- Script : Shop-SCRIPT FREE Dork : "Copyright c 2004 Articus consulting group. All rights reserved" ----------------------------------------- B.Files : smartyclass.php ---------------------------------------...

Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01

Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01 While developing one of our advanced security training modules, we identified a remotely exploitable buffer overflow vulnerability in the latest release of InterVetions' HTTP server NaviCopa 2.01. Successful exploitation of this...

[Full-Disclosure] [HV-HIGH] MS Word multiple exceptions, at least one exploitable

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MS Word multiple exceptions, at least one exploitable. Classification: =============== Level: low-MED-high-crit ID: HEXVIEW200410061 Overview: ========= MS Word is a highly overrated and widely used text processor, a part of monstrous collection of...

[Full-Disclosure] Eudora file URL buffer overflow

There is a buffer overflow in Eudora for Windows, verified on versions 6.1, 6.0.3 and 5.2.1. This is easily exploitable to run arbitrary code. I do not know if this issue affects Eudora for Macs. Demo: !/usr/bin/perl -- print "From: men"; print "To: youn"; print "Subject: Eudora file URL buffer...

DiGi WWW Server 1 - Remote Denial of Service

source: https://www.securityfocus.com/bid/10228/info The DiGi WWW Server has been reported to contain a remote denial of service vulnerability. It has been reported that when the server receives a malformed HTTP GET request, the web server process will consume large amounts of CPU resources. Sinc...

[NT] Additional Technical Information Released on VBE Document Property Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Linux nfs-utils xlog() off-by-one bug

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Linux nfs-utils xlog off-by-one bug Product: nfs-utils Version: = 1.0.3 Vendor: http://sourceforge.net/projects/nfs/ URL: http://isec.pl/vulnerabilities/ CVE: CAN-2003-0252 Author: Janusz Niewiadomski [email protected] Date: July 14, 2003 Issu...

Axis Network Camera HTTP Authentication Bypass

Advisory ID Internal CORE-2003-0403 Core Security Technologies Advisory http://www.coresecurity.com Date Published: 2003-05-27 Last Update: 2003-05-23 Advisory ID: CORE-2003-0403 Bugtraq ID: 7652 CVE Name: CAN-2003-0240 Title: Axis Network Camera HTTP Authentication Bypass Class: Access Validatio...

cdrtools2.0 Format String Vulnerability

---------------------------------------------------------------------------- PACKAGE : cdrtools VERSION : 2.0 SUMMARY : Format String SEVERITY : local root exploit if suid on several distros DATE: : 2003-05-05 ---------------------------------------------------------------------------- Hi, i woul...

Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String

// source: https://www.securityfocus.com/bid/5384/info Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2, which is shipped as part of the Solaris operating environment. The dwhttpd webserver is prone to a remotely exploitable format-string...

Moderate: Red Hat Security Advisory: : : : Updated util-linux package fixes password locking race

A locally exploitable vulnerability is present in the util-linux package which shipped with Red Hat Linux. Updated 8 July 2003 Added packages for Red Hat Linux on IBM iSeries and pSeries systems. The util-linux package contains a large variety of low-level system utilities that are necessary for ...

Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow

To: [email protected] [email protected] [email protected] Caldera International, Inc. Security Advisory Subject: OpenServer: dlvraudit: exploitable buffer overflow Advisory number: CSSA-2002-SCO.8 Issue date: 2002 March 11 Cross reference: 1. Problem Description The dlvraud...

Remote File Attachment Theft via comm.lycos.com,angelfire.com, eudoramail.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date Published: November 28, 2000 Title: Remote File Attachment Theft via comm.lycos.com,angelfire.com, eudoramail.com Class: Access Validation Error Remotely Exploitable: Yes Vulnerability Description: WebMail possibly WhoWhere.com software as...

CVE-2000-0835

search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter...

CVE-1999-0879

CVE-1999-0879 describes a buffer overflow in WU-FTPD and related FTP servers that allows remote attackers to gain root privileges by exploiting macro variables in a message file. The vulnerability affects the FTP server software in the late 1990s era; multiple sources (including Red Hat CVE refer...