MoBiC-28 Bonus: XSS in Cryptographp

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в капче Cryptographp. Это капча плагин для WordPress. Всего 24 XSS уязвимости на странице опций плагина http://site/wp-admin/options-general.php?page=cryptographp/admin.php. Причём это persistent XSS уязвимости. XS...

NoAh <= 0.9 pre 1.2 (filepath) Remote File Disclosure Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== NoAh = 0.9 pre 1.2 filepath Remote File Disclosure Vulnerabilities ===================================================================== NoAh = 0.9 pre 1.2 filepath Remo...

NoAh &lt;= 0.9 pre 1.2 (filepath) Remote File Disclosure Vulnerabilities

No description provided by source. NoAh = 0.9 pre 1.2 filepath Remote File Disclosure Vulnerabilities Script : http://sourceforge.net/project/showfiles.php?groupid=131995 /noah0.9pre1.2.tar.gz/ Exploits : /noah/modules/nosystem/templates/cssfile.php?filepath=../../../../../../etc/passwd...

NoAh 0.9 pre 1.2 - &#039;filepath&#039; Remote File Disclosure

NoAh = 0.9 pre 1.2 filepath Remote File Disclosure Vulnerabilities Script : http://sourceforge.net/project/showfiles.php?groupid=131995 /noah0.9pre1.2.tar.gz/ Exploits : /noah/modules/nosystem/templates/cssfile.php?filepath=../../../../../../etc/passwd...

p.mapper 3.2 beta3 - &#039;/incPHP/globals.php?_SESSION[PM_INCPHP]&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/26614/info p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks...

Verify whether the patch installed three large exploit tools-vulnerability warning-the black bar safety net

We are talking about here is some for creating security tools and exploits program Security Platform. Security experts to perform penetration tests, system administrators can verify whether the patch has been installed, manufacturers can perform regression testing. First, the Metasploit Framework...

Security collection: help your hand three exploits tools-vulnerability warning-the black bar safety net

We are talking about here is some for creating security tools and exploits program Security Platform. Security experts to perform penetration tests, system administrators can verify whether the patch has been installed, manufacturers can perform regression testing. First, the Metasploit Framework...

MS07-062: Vulnerability in DNS Could Allow Spoofing (941672)

The remote host has the Windows DNS server installed. There is a flaw in the remote version of this server that could allow an attacker to spoof DNS responses. By exploiting this flaw, an attacker may be able to redirect legitimate traffic from other systems that could allow him to construct more...

Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-329-1)

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. CVE-2006-3113,...

Ubuntu 5.04 / 5.10 / 6.06 LTS : freetype vulnerabilities (USN-291-1)

Several integer overflows have been discovered in the FreeType library. By tricking a user into installing and/or opening a specially crafted font file, these could be exploited to execute arbitrary code with the privileges of that user. Note that Tenable Network Security has extracted the...

GuppY 4.6.3 (includes.inc selskin) Remote File Inclusion Vulnerability

No description provided by source. vuln.: GuppY 4.6.3 includes.inc selskin Remote File Inclusion script info and download: http://www.freeguppy.org/ dork: "Site powered by GuppY" author: irk4zatyahoo.pl greets to: str0ke, rgod, polish under :...

JobSite Professional 2.0 file.php Remote SQL Injection Vulnerability

No description provided by source. JobSite Professional v2.0 Remote SQL Injection Vulnerability AUTHOR : ZynbER HOME : NoWhere Script WebSite: http://www.jobsiteprofessional.com Dork english version : inurl:index.php?page=enjobseekers Dork french version : inurl:index.php?page=frCandidats EXPLOIT...

JobSite Professional 2.0 - &#039;file.php&#039; SQL Injection

JobSite Professional v2.0 Remote SQL Injection Vulnerability AUTHOR : ZynbER HOME : NoWhere Script WebSite: http://www.jobsiteprofessional.com Dork english version : inurl:index.php?page=enjobseekers Dork french version : inurl:index.php?page=frCandidats EXPLOITS : Vulnerability in File.php?id=...

Mozilla Foundation Security Advisory 2007-36

Mozilla Foundation Security Advisory 2007-36 Title: URIs with invalid -encoding mishandled by Windows Impact: Moderate Announced: October 18, 2007 Reporter: Billy Rios, Nate McFeters, Secunia Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.8 Thunderbird 2.0.0.8 SeaMonkey 1.1.5...

efileman-multi.txt

Software : eFileman Version : 7.x tested on 7.1.0.87-88 Found by : Xcross87 A. Remote File Upload Vulnerability : Xploit : http://victim.com/path/upload.html http://victim.com/path/cgi-bin/efileman/upload.cgi The uploaded files are stored in : http://victim.com/path/uploads/uploadfile.xxx B. Dire...

openSUSE 10 Security Update : seamonkey (seamonkey-2691)

This security update brings Mozilla SeaMonkey to version 1.1.1. http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs wer...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)

This update brings Mozilla Firefox to security update version 1.5.0.10. - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs were fixed to improve the stability of the browser. Some of these were crashes that showed evidence of memory corruption and we presume...

openSUSE 10 Security Update : samba (samba-3827)

The previous security fix for CVE-2007-2447 missed one character in the shell escape handling. Also fixed were some regressions introduced by the previous update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...

Solaris 9 (x86) : 114265-23

SunOS 5.9x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

openSUSE 10 Security Update : seamonkey (seamonkey-2811)

This security update brings Mozilla SeaMonkey to version 1.0.8. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases...