Advanced Poll 2.02 - SQL Injection

Advanced Poll 2.02 - SQL Injection + Title : Advanced Poll 2.02 SQL Injection Vulnerability + Affected Version : v2.02 + Software Link : http://www.electrolized.free.fr/scripts-php/pollphp.zip + Tested on : Windows 7 + Date : 15/10/2011 + Dork : inurl:/db/admin intitle:Advanced Poll 2.02 + Catego...

Researcher Warns Of Exploitable Hole In Chinese Translation Software NJStar

UPDATE: An independent security researcher has warned officials in Australia, the US and China about a serious, remotely exploitable hole in language translation software that is used by leading corporations, universities and governments. Dillon Beresford said a stack overflow vulnerability in a...

[PT-2011-14] SQL injection vulnerability in BoonEx Dolphin

---------------------------------------------------------------------- PT-2011-14 Positive Technologies Security Advisory SQL injection vulnerability in BoonEx Dolphin 6.1 ---------------------------------------------------------------------- --- Vulnerable platform BoonEx Dolphin 6.1 Link:...

TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...

Google Chrome - Killing Thread (PoC)

Google Chrome - Killing Thread PoC -' pigtail23 -' -' www.remoteshell.de -.OO .- OO.- OO .-/ | '-' | | | | | | | | |'-| |'| |\ -' / --' --' -----' --' --' --' --' -----' ------' ---'' October 22, 2011 Ohh nice! What u doing google? Thx 4 ur bug! 0o Google Chrome PoC, killing thread. Exploitable o...

Microsoft Publisher 2007 Pubconv.dll Memory Corruption

Core Security Technologies - Corelabs Advisory Microsoft Publisher 2007 Pubconv.dll Memory Corruption 1. Advisory Information Title: Microsoft Publisher 2007 Pubconv.dll Memory Corruption Advisory ID: CORE-2011-0106 Advisory URL:...

MozillaFirefox: Update to Firefox 3.6.23 (important)

Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption...

Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities

Binary data 6027.prm...

Potentially exploitable crash in the YARR regular expression library — Mozilla

Security researcher Aki Helin reported a potentially exploitable crash in the YARR regular expression library used by JavaScript...

Mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-36 Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 MFSA 2011-37 Integer underflow when using JavaScript RegExp MFSA 2011-38 XSS via plugins and shadowed window.location object MFSA 2011-39 Defense against multiple Location headers due to CRLF...

WellinTech KingView History Server Buffer Overflow

Overview ICS-CERT has received a report from the Zero Day Initiative ZDI concerning a heap-based buffer overflow vulnerability in WellinTech’s Kingview HistoryServer.exe, which may allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability was reported to ZDI by...

[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?Onapsis Security Advisory 2011-014: SAP WebAS Remote Denial of Service 1. Impact on Business ========================= By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This...

CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiples Vulnerabilities in ManageEngine ServiceDesk Plus 1. Advisory Information Title: Multiples Vulnerabilities in ManageEngine ServiceDesk Plus Advisory ID: CORE-2011-0506 Advisory URL:...

Equis MetaStock 11 - Use-After-Free

Luigi Auriemma Application: Equis MetaStock http://www.equis.com Versions: = 11 Platforms: Windows Bug: use after free Exploitation: file Date: 06 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix =============== 1 Introduction...

NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities

NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities =================================================== Secur-I Research Group Security Advisory SV-2011-004 =================================================== Title: NetSaro Enterprise Messenger v2.0 Multiple Vulnerabilities Product:...

[PT-2011-23] Database information disclosure in GLPI

---------------------------------------------------------------------- PT-2011-23 Positive Technologies Security Advisory Database information disclosure in GLPI ---------------------------------------------------------------------- --- Vulnerable software GLPI Version 0.80.1 and earlier...

[PT-2011-23] Database information disclosure in GLPI

---------------------------------------------------------------------- PT-2011-23 Positive Technologies Security Advisory Database information disclosure in GLPI ---------------------------------------------------------------------- --- Vulnerable software GLPI Version 0.80.1 and earlier...

phpMyRealty <= 1.0.7 'seed' Parameter SQLi Vulnerability

phpMyRealty is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Netplanet SQL Injection

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability netplanet dettaglio.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.netplanet.it/ Persian Gulf 4 Ever! Dork : "Powered by netplanet" "inurl:dettaglio.asp?id="...

GMX Service Center - Blind SQL Injection Vulnerability

Document Title: =============== GMX Service Center - Blind SQL Injection Vulnerability Release Date: ============= 2011-08-16 Vulnerability Laboratory ID VL-ID: ==================================== 150 Product & Service Introduction: =============================== Das Internet ist Kommunikation ...