Lucene search
K

729 matches found

Kitploit
Kitploit
added 2013/08/14 2:35 a.m.30 views

[RIPS] A static source code analyser for vulnerabilities in PHP scripts

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks potentially vulnerable functions that can be tainted b...

8.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/09/18 12:0 a.m.31 views

Fedora 18 : bugzilla-4.2.3-1.fc18 (2012-13162)

This release fixes an LDAP injection problem the username entered by a user was not escaped before being used. This is CVE number CVE-2012-3981. See the security advisory for more details. http://www.bugzilla.org/security/3.6.10/ Note that Tenable Network Security has extracted the preceding...

5CVSS5.4AI score0.01741EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/09/13 12:0 a.m.32 views

Bugzilla < 3.6.11 / 4.0.8 / 4.2.3 / 4.3.3 Multiple Vulnerabilities

According to its banner, the version of Bugzilla installed on the remote host is affected by multiple vulnerabilities : - When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to...

5CVSS5.6AI score0.01741EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/09/11 12:0 a.m.32 views

Fedora 16 : bugzilla-4.0.8-1.fc16 (2012-13171)

This release fixes an LDAP injection problem the username entered by a user was not escaped before being used. This is CVE number CVE-2012-3981. See the security advisory for more details. http://www.bugzilla.org/security/3.6.10/ Note that Tenable Network Security has extracted the preceding...

5CVSS5.4AI score0.01741EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/09/11 12:0 a.m.35 views

Fedora 17 : bugzilla-4.0.8-1.fc17 (2012-13163)

This release fixes an LDAP injection problem the username entered by a user was not escaped before being used. This is CVE number CVE-2012-3981. See the security advisory for more details. http://www.bugzilla.org/security/3.6.10/ Note that Tenable Network Security has extracted the preceding...

5CVSS5.4AI score0.01741EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/09/04 12:0 a.m.33 views

FreeBSD : bugzilla -- multiple vulnerabilities (6ad18fe5-f469-11e1-920d-20cf30e32f6d)

A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDA...

5CVSS5.6AI score0.01741EPSS
Exploits0References5
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.67 views

Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP...

5CVSS5.9AI score0.01741EPSS
Exploits0
FreeBSD
FreeBSD
added 2012/08/30 12:0 a.m.37 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP...

5CVSS6.4AI score0.01741EPSS
Exploits0References3
Atlassian
Atlassian
added 2012/07/31 9:7 a.m.33 views

ldap injection in the custom atlassian authentication code

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47275. panel The custom atlassian ldap authentication code is vulnerable to ldap injection. The method which is vulnerable to...

8AI score
Exploits0Affected Software1
0day.today
0day.today
added 2012/04/09 12:0 a.m.24 views

Dolibarr ERP & CRM OS Command Injection

Exploit for php platform in category web applications Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/04/09 12:0 a.m.12 views

Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection

Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...

0.3AI score
Exploits0
CERT
CERT
added 2011/05/18 12:0 a.m.26 views

SmarterTools default basic web server vulnerabilities

Overview Multiple SmarterTools applications install a default basic web server which contains multiple vulnerabilities Description Multiple SmarterTools applications by default install a basic web server which allows administrators to start using the application immediately after installation. Th...

7.2AI score
Exploits0References4
0day.today
0day.today
added 2011/03/11 12:0 a.m.46 views

SmarterMail 7.3 and 7.4 Multiple Vulnerabilities

Exploit for php platform in category web applications Vendor: SmarterTools Application: SmarterMail 7.x Bugs: Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection, LDAP Injection, DoS Patch: The Vendor has released SmarterMail Version 8 at URI...

7.1AI score0.03134EPSS
Exploits14
Packet Storm
Packet Storm
added 2011/03/10 12:0 a.m.50 views

SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal

To: Vuln.Lists Re: Coordinated Disclosure, SmarterMail 7.x Versions Private Note - Rewrite as you wish, vendor has acknowledged these bugs and more and issued a fix. ------------------------------ Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor:...

5CVSS0.03134EPSS
Exploits14
exploitpack
exploitpack
added 2011/03/10 12:0 a.m.64 views

SmarterMail 7.37.4 - Multiple Vulnerabilities

SmarterMail 7.37.4 - Multiple Vulnerabilities Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor: SmarterTools Application: SmarterMail 7.x Bugs: Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection,...

5CVSS0.4AI score0.03134EPSS
Exploits14
Exploit DB
Exploit DB
added 2011/03/10 12:0 a.m.71 views

SmarterMail 7.3/7.4 - Multiple Vulnerabilities

Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor: SmarterTools Application: SmarterMail 7.x Bugs: Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection, LDAP Injection, DoS Patch: The Vendor has...

6.4AI score
Exploits0
exploitpack
exploitpack
added 2010/10/13 12:0 a.m.32 views

Oracle Virtual Server Agent - Command Injection

Oracle Virtual Server Agent - Command Injection Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracle Release mode: Coordinated release 2. Vulnerability...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2010/10/04 12:0 a.m.91 views

SmarterMail 7.x LDAP Injection

Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Tested on : SmarterMail 7.x 7.2.3925 //...

5CVSS0.03134EPSS
Exploits13
0day.today
0day.today
added 2010/10/03 12:0 a.m.63 views

SmarterMail 7.x (7.2.3925) LDAP Injection Vulnerability

Exploit for php platform in category web applications ======================================================= SmarterMail 7.x 7.2.3925 LDAP Injection Vulnerability ======================================================= Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author :...

7.1AI score0.03134EPSS
Exploits13
exploitpack
exploitpack
added 2010/10/02 12:0 a.m.71 views

SmarterMail 7.2.3925 - LDAP Injection

SmarterMail 7.2.3925 - LDAP Injection Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Test...

5CVSS0.03134EPSS
Exploits13
Rows per page
Query Builder