Phorum过滤引擎HTML代码注入漏洞

BUGTRAQ: 35777 Phorum是一款基于PHP的WEB论坛程序，可在Linux和Unix操作系统下使用，也可在Microsoft Windows操作系统下使用。 Phorum的过滤引擎没有充分地验证某些BBcode参数，远程攻击者可以在所提交的请求中使用导致注入并执行恶意JavaScript代码。 Phorum 5.2.11 厂商补丁： Phorum ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.phorum.org/phorum5/read.php?64,139411...

Debian Security Advisory DSA 1866-1 (kdegraphics)

The remote host is missing an update to kdegraphics announced via advisory DSA 1866-1. OpenVAS Vulnerability Test $Id: deb18661.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1866-1 kdegraphics Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit (ppc)

No description provided by source. / Linux socksendpage NULL pointer dereference Copyright 2009 Ramon de Carvalho Valle [email protected] This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Softwar...

Can record windows login password stuff-vulnerability warning-the black bar safety net

from: t00ls.net ========Principle: windows Authentication in General are ultimately in the lsass process 默认 模块 是 msv10.dll while critical in its export function LsaApLogonUserEx2, the The present program by injecting code into the lsass process hook LsaApLogonUserEx2, the interception of the...

Detailed description of SSL and TLS Web Security penetration testing-vulnerability warning-the black bar safety net

If the Web Service of the SSL and TLS Protocol security problem, the consequences will be how? Obviously, in this case the attacker can have all your security information, including user name, passwords, credit card, Bank information...... All in all. This article will give the reader a detailed...

Feed Sidebar Firefox Extension - Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Feed Sidebar Firefox Extension Code Injection Vulnerability Versions affected: 3.2 +-----------+ |Description| +-----------+ The Feed Sidebar Firefox extension will generate a previ...

Stable Update: Security fixes

Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below. CVE-2009- 2935 Unauthorized memory read from Javascript A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing securi...

CoolPreviews - Firefox Extension - Chrome Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. CoolPreviews Chrome Privileged Code Injection +-----------+ |Description| +-----------+ Security-Assessment.com discovered that Coolpreviews stack feature is vulnerable to Cross Sit...

[SECURITY] [DSA 1868-1] New kde4libs packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1868-1 [email protected] http://www.debian.org/security/ Steffen Joeris August 19, 2009 http://www.debian.org/security/faq -...

ZTE ZXDSL 831 II Modem Arbitrary Add Admin User Vulnerability

No description provided by source. ----------------------------------------------------- -- Found By SuNHouSe2 ALGERIAN HaCkEr -- -- Made in "Maghnia City" DZ -- -- Contact : [email protected] -- -- Greetz to : His0k4 all my friends -- -- Good Ramadan to all muslims --...

Debian Security Advisory DSA 1843-2 (squid3)

The remote host is missing an update to squid3 announced via advisory DSA 1843-2. OpenVAS Vulnerability Test $Id: deb18432.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1843-2 squid3 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 Release Date. 17-Aug-2009 Last Update. - Vendor Notification Date. 15-Jun-2009 Product. Piwigo Platform. Independent Affected versions. 2.0.0 verified, possibly others Severity Rating. Medium Impact. Manipulation of data Attack...

[DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities

Digital Security Research Group DSecRG Advisory DSECRG-09-052 Application: Adobe JRun Application Server Versions Affected: 4 updater 7 Vendor URL: http://www.adobe.com/products/jrun/ Bug: Directory Traversal File Read Exploits: YES Reported: 20.01.2009 Vendor response: 21.01.2009 Solution: YES...

Adobe JRUN Directory Traversal

Digital Security Research Group DSecRG Advisory DSECRG-09-051 Application: Adobe JRun Application Server Versions Affected: 4 updater 7 Vendor URL: http://www.adobe.com/products/jrun/ Bug: Directory Traversal File Read Exploits: YES Reported: 20.01.2009 Vendor response: 21.01.2009 Solution: YES...

[SECURITY] [DSA 1863-1] New zope2.10/zope2.9 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA-1863-1 [email protected] http://www.debian.org/security/ Nico Golde August 15th, 2009 http://www.debian.org/security/faq -...

linux udev permissions vulnerability testing methods-vulnerability warning-the black bar safety net

Author: Liang increased sea Article source: http://s-logs.com/2009/04/linux-udev.html Copyright: can any reproduced, reprinted, please be sure to hyperlink marked article origin and author information and this statement Vulnerability relevant information may be in the following link to obtain:...

JetAudio 7.1.9.4030 Universal Stack Overflow Exploit (SEH)

Exploit for unknown platform in category local exploits ========================================================== JetAudio 7.1.9.4030 Universal Stack Overflow Exploit SEH ========================================================== !/usr/bin/env python JetAudio 7.1.9.4030 Universal Stack Overflow...

Debian: Security Advisory (DSA-1840-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-1843-1 squid3 - denial of service

Bulletin has no description...

ILIAS LMS <= 3.9.9/3.10.7 Arbitrary Edition/Info Disclosure Vulns

Exploit for unknown platform in category web applications ================================================================= ILIAS LMS WEB: http://www.ilias.de/ | |--DOWNLOAD: http://www.ilias.de/docu/goto.php?target=st22935&clientid=docu | |--DEMO: http://www.demo.ilias-support.com/ | |--CATEGORY...