Xxe

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

Mandriva Update for curl MDVSA-2012:058 (curl)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RESTEasy: XML eXternal Entity (XXE) flaw

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

Mandriva Linux Security Advisory : curl (MDVSA-2012:058)

Multiple vulnerabilities has been found and corrected in curl : curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem CVE-2011-3389. curl is vulnerable to a data injection attack for certain protocols...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. VID 1f6ee708-0d22-11e1-b5bd-14dae938ec40 OpenVAS Vulnerability Test $ Description: Auto generated from VID 1f6ee708-0d22-11e1-b5bd-14dae938ec40 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

CVE-2011-5071

Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.64 allow remote attackers to execute arbitrary SQL commands via the 1 exc parameter to reportmarketing.php, 2 selected parameter to tasks.php, 3 sites parameter to billableincidents.php, or 4 searchstring paramet...

CURL-CVE-2012-0036 URL sanitization vulnerability

curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. When parsing URLs, libcurl's parser is liberal and only parses as little as possible and lets as much as possible through as long as it can figure out what to do. In...

CVE-2012-0036

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...

One million pages infected by Lilupophilupop SQL injection

One million pages infected by Lilupophilupop SQL injection ISC Internet Storm Center reported that lilupophilupop.com SQL injection attacks. There were about 80 pages infected according to Google searches few weeks back and now it raise to over 1 million . sites being injected with string :...

Research: Botnets, the Most Prevalent Threat in the Enterprise

Botnets are the most significant source of malicious Web traffic for enterprises on the Internet, according to new research from ZScaler’s ThreatLabz. Over the past 30 days, botnets have accounted for nearly 80 percent of the security blocks within ZScaler’s network. In a distant second place amo...

Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability

Summary Biznis Heroj or Business Hero is the first software on the Macedonian market that will help you manage your business processes in your company, such as accounting, production, acquisition, archiving, inventory, and the Cloud. Using the Cloud technology, Biznis Heroj allows you to access t...

Starlight posted it 1. 3 background take the SHELL and repair programme-vulnerability warning-the black bar safety net

by:air of the legend Today analysis of the two programs, made it. Okay, I admit a bit tasteless. in. We first take a look at this file /common.function.php 01functionwritefile$l1,$l2=" //write file 0 2 $dir= dirname$l1; 0 3 if! isdir$dir 0 4 mkdirss$dir; 0 5 0 6 ; 0 7 08functionreadfile$l1 0 9 ; ...

CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...

CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...

Mambo 4.x - 'Zorder' SQL Injection

Exploit Title : CMS 4.x.x Zorder SQL Injection Vul + Author : Kr4L BeNiM + Contact : www.facebook.com/kr4l.hacker + Date : November 13, 2011 + Software Link: http://mambo-developer.org + Category: Web Apps Vulnerability: SQL injection Vulnerability Exploit : - The "zorder" parameter was not...

Million ASP.Net web sites affected with mass SQL injection attack

Million ASP.Net web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted...

Million ASP.Net web sites affected with mass SQL injection attack

Million ASP.Net web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted...

Mass Injection Attack Targets ASP.NET Sites

There is yet another large-scale injection attack going on right now, with nearly 200,000 pages affected so far. The compromised pages are serving visitors with malicious code that sends them off to a remote server for installation of malware. The attack is the latest in a series of similar...

vTiger CRM 5.2.1 Blind SQL Injection

vTiger CRM 5.2.x = Blind SQL Injection Vulnerability 1. OVERVIEW The vTiger CRM 5.2.1 and lower versions are vulnerable to Blind SQL Injection. No fixed version has been released as of 2011-10-05. 2. BACKGROUND vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for small and...