6827 matches found
fgs17-sql.txt
FlashGameScript = 1.7 member.php$user SQL-Injection Exploit Vulnrability Discovered By: Xenduer77 ---July 7th, 2007 $user Is passed straight to the query without being filtered. SQL-INJECTION: For Version 1.7: -------...
GameSiteScript 3.1 - profile id SQL Injection
GameSiteScript 3.1 - profile id SQL Injection GameSiteScript Profile$id SQL-Injection Exploit Vulnerability Discovered By: Xenduer77 ---July 7th, 2007 $id Is passed straight to the query without being filtered. SQL-INJECTION: For Version 3.1: -------...
Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
Description Yahoo! Messenger Webcam Viewer ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of applications th...
psychostats-xss.txt
PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities PsychoStats contains multiple cross-site scripting vulnerabilities that may be exploited through the URI. Vulnerable Files: awards.php, login.php, register.php, weapons.php - other files may also be susceptible to this vulnerabilit...
hlstats-xss.txt
HLstats v1.35 Cross-Site Scripting Vulnerability HLstats contains a cross-site scripting vulnerability that may be exploited through the URI. Vulnerability: http://target.com/hlstats/hlstats.php/"alert1 Vulnerable: HLstats v1.35 other versions may also be vulnerable Google d0rk: "generated in...
REWTERZ-20070518 - Authentication Bypass in Rational Soft's Hidden Administrator
REWTERZ-20070518 - Authentication Bypass in Rational Soft's Hidden Administrator Release Date: 18 May, 2007 Severity: High Remote Code Execution Vendor: Rational Soft Software Affected: Hidden Administrator v1.7 and below Overview: rewterz has discovered a critical vulnerability in Hidden...
myGallery <= 1.4b4 - Unauthenticated File Inclusion
The MySliderGallery WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability. PoC This vulnerability has been seen exploited in the wild with the following payload:...
US-CERT Technical Cyber Security Alert TA07-103A -- Microsoft Windows DNS RPC Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-103A Microsoft Windows DNS RPC Buffer Overflow Original release date: April 13, 2007 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows 2003 Server Microsoft Windows 2000...
0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
Today Microsoft released a security advisory about a vulnerability in the Animated Cursor processing code in Windows: http://www.microsoft.com/technet/security/advisory/935423.mspx It seems like the vulnerability is already exploited in the wild:...
Echo Security Advisory 2007.72
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV72$2007 ------------------------------------------------------------------------- ECHOADV72$2007 CARE2X rootpath Remote File Inclusion Vulnerability --------------------------...
solaris/sparc connect-back (with XNOR encoded session) 600 bytes
No description provided by source. / black-RXenc-con-back-SOLARIS.c MIPS This is a relitivly small 600 byte shellcode that encodes all network trafic between the exploited process and the attacker. All clear-text shell i/o is encoded using a simple NOT algo before being transmitted on the wire...
Vulnerability in core server (CVE-2007-0556)
A vulnerability involving changing the data type of a table column can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access...
Apple QuickTime HREFTrack crossite scripting
Script can refer to local resources. Vulnerability is used in-the-wild for malware code installation...
Tencent QQ SuperVideo Remote Denial of Service Vulnerability
QQ is a very popular IM in China developed by Tencent.There exists a remote denial of service vulnerability in QQ when using the SuperVideo chat.Current study showed that the attacker who successfully exploited the vulnerability would cause the remote client crash. There is an attack packet as...
Mozilla Foundation Security Advisory 2006-71
Mozilla Foundation Security Advisory 2006-71 Title: LiveConnect crash finalizing JS objects Impact: Critical Announced: December 19, 2006 Reporter: Steven Michaud Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description...
Microsoft Word malformed string vulnerability
Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a vulnerability that could be exploited when Word opens a specially crafted document. It is possible that the vulnerability can be exploited by...
Microsoft Security Bulletin MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
Microsoft Security Bulletin MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution 924270 Published: November 14, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity...
Echo Security Advisory 2006.57
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV57$2006 ----------------------------------------------------------------------------------------------- ECHOADV57$2006Soholaunch Pro =4.9 r36 Multiple Remote File Inclusion Vulnerability...
Crashes with evidence of memory corruption (rv:1.8.0.8) — Mozilla
As part of the Firefox 1.5.0.8 release we fixed several bugs to improve the stability of the product. Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort...
New PowerPoint 0-day Trojan in the wild
New zero-day vulnerability in Microsoft PowerPoint has been disclosed. This vulnerability is being exploited by Trojan horse Trojan.PPDropper.E. This dropper type file reportedly works in all Windows systems, but the vulnerability itself has been confirmed in PowerPoint 2000 Chinese version...