3941 matches found
CVE-2012-2563
Multiple cross-site scripting XSS vulnerabilities in Bloxx Web Filtering before 5.0.14 allow 1 remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow 2 remote authenticated administrators to inject arbitrary web scrip...
Axous 1.1.1 multiple defects (CSRF-persistent XSS)-a vulnerability warning-the black bar safety net
Title: Axous 1.1.1 Multiple Vulnerabilities CSRF - Persistent XSS Author: Ivano Binetti http://www.ivanobinetti.com Software download: http://www.axous.com/get.php?pid=1 App developer website: http://www.axous.com/ Affects versions : 1.1.1 and lower Test system : Debian Squeeze 6.0...
Bugtraq-I : Distribution for Pentesting and forensics
Bugtraq-I : Distribution for Pentesting and forensics Bugtraq system offers the most comprehensive distribution, optimal, stable and automatic security to date. Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can be installed from a...
Kuwebs 3.1.3 admin-index.php参数menu远程文件包含漏洞
No description provided by source...
CVE-2012-0078
CVE-2012-0078 affects Oracle E-Business Suite 12.1.2 and 12.1.3, specifically the Oracle Application Object Library component with a vulnerability related to REST Services (Menu, LOV). The vulnerability is described as allowing remote authenticated users to affect confidentiality. No concrete exp...
BackBox Linux 2.01 released
BackBox Linux 2.01 released The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images 32bit & 64bit can be downloaded from the following location: What's new System upgrade...
Xoops 2.5.4 blind and fix-vulnerability warning-the black bar safety net
------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Download address: Author: blkhtc0rp www.badguest.cn blkhtc0rpatyahoodotcom Test platform: Freebsd 8 and Debian Squeeze Comment: In order to be successful an attacker must have...
Xoops 2.5.4 Blind SQL Injection Vulnerability
No description provided by source. Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian Squeeze Note: In order to be successful an attacker must have permission to access the...
Xoops 2.5.4 - Blind SQL Injection
Xoops 2.5.4 - Blind SQL Injection ------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom...
Xoops 2.5.4 - Blind SQL Injection
------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian...
Joomla NoNumber Framework Local File Inclusion / Shell Upload
Exploit Title: NoNumber Framework Joomla! Plugin Multiple Vulnerabilities Discovery Date: 10 October 2011 Reported Date: 11 October 2011 Patch Date: 17 October 2011 Release Date: 17 October 2011 Author: jdc Software Link: http://nonumber.nl The nnframework plugin by NoNumber! contains multiple...
Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection
?php / ---------------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection Exploit ---------------------------------------------------------------------------- author...............: EgiX mail.................:...
Information disclosure
OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files...
Information disclosure
AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files...
Zyncro 3.0.1.20 - Social Network Message Menu SQL Injection
Zyncro 3.0.1.20 - Social Network Message Menu SQL Injection source: https://www.securityfocus.com/bid/49741/info Zyncro social network is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue cou...
The Security Onion LiveDVD - Download
The Security Onion LiveDVD - Download The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy,...
CVE-2011-3391
IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu...
BackBox Linux 2 released
BackBox Linux 2 released The BackBox team is proud to announce the release of BackBox. Linux 2.BackBox 2 features the following upstream components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8. BackBox is an Ubuntu-based distribution developed to perform penetration tests and security...
WordPress Menu Creator 1.1.7 SQL Injection
Exploit Title: WordPress Menu Creator plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- $menuid = $GET'menuid'; ... $firstitem = $wpdb-getrow"SELECT FROM " . $wpdb-prefix."menuitems WHERE order=0 AND parent=0 AND menu = $menuid";...
WordPress Menu Creator Plugin <= 1.1.7 - SQL Injection
This WordPress Menu Creator plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...