Sun Glassfish Enterprise Server 2.1 XSS

Digital Security Research Group DSecRG Advisory DSECRG-09-034 Original advisory: http://dsecrg.com/pages/vul/show.php?id=134 Application: Sun Glassfish Enterprise Server Versions Affected: 2.1 Vendor URL: https://glassfish.dev.java.net/ Bug: Multiple Linked XSS vulnerabilities Exploits: YES...

ProjectCMS 1.0b - 'index.php?sn' SQL Injection

|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | SQL INJECTIO...

Dranzer: Fuzzing for ActiveX vulnerabilities

The United States Computer Emergency Response Team US-CERT has released a new ActiveX fuzzer to help developers pinpoint browser-based security vulnerabilities. The tool, called Dranzer, lets software developers test ActiveX controls for vulnerabilities before the software is released to the...

MDVA-2009:034 : alsa

This update upgrades ALSA packages to version 1.0.18, with minor bug fixes and enhancements, which can be looked in detail at http://www.alsa-project.org/main/index.php/Changesv1.0.18rc3v1.0.18 . Updated libalsa2 also contains fixes affecting, for example, the speaker-testing tool not working...

Watcher: A new web security testing tool

From Microsoft’s SDL blog Chris Weber I’m writing to tell you about our new Watcher tool for web-app security auditing and testing. Watcher is a plug-in for Eric Lawrence’s Fiddler proxy aimed at helping developers and testers find security issues in their web-apps fast and effortlessly. Because ...

Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities

Digital Security Research Group DSecRG Advisory DSECRG-09-018 Application: Apache Geronimo Application Server Versions Affected: 2.1 - 2.1.3 Vendor URL: http://geronimo.apache.org/ Bug: Directory Traversal File Upload Exploits: YES Reported: 10.12.2008 Vendor response: 10.12.2008 Solution: YES Da...

AbleSpace 1.0 (XSS/BSQL) Multiple Remote Vulnerabilities

No description provided by source. riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits:...

[SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA-1766-1 [email protected] http://www.debian.org/security/ Nico Golde April 9th, 2009 http://www.debian.org/security/faq -...

Mandriva Update for gtk+2.0 MDKSA-2007:039 (gtk+2.0)

Check for the Version of gtk+2.0 OpenVAS Vulnerability Test Mandriva Update for gtk+2.0 MDKSA-2007:039 gtk+2.0 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

saspcms 0.9 - Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Content Management System . SASPCMS witc...

Pirelli Discus DRG A225 wifi router WPA2PSK Default Algorithm Exploit

Exploit for hardware platform in category remote exploits ===================================================================== Pirelli Discus DRG A225 wifi router WPA2PSK Default Algorithm Exploit ===================================================================== !/usr/bin/python Pirelli Disc...

Debian Security Advisory DSA 1759-1 (strongswan)

The remote host is missing an update to strongswan announced via advisory DSA 1759-1. OpenVAS Vulnerability Test $Id: deb17591.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1759-1 strongswan Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

DSA-1761-1 moodle - file disclosure

Bulletin has no description...

[SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection

------------------------------------------------------------------------ Debian Security Advisory DSA-1757-1 [email protected] http://www.debian.org/security/ Steffen Joeris March 30, 2009 http://www.debian.org/security/faq -...

PhotoStand 1.2.0 - Remote Command Execution

PhotoStand 1.2.0 - Remote Command Execution !/usr/bin/perl App : PhotoStand 1.2.0 Site : http://www.photostand.org Remote Command Execution Exploit Credits to : Giovanni Buzzin, "Osirys" osirysatautisticidotorg Greets: drosophila, emgent, Fireshot PhotoStand is a used Image Gallery CMS. PhotoStan...

Bypass getimagesize()function defect-vulnerability warning-the black bar safety net

By: the superhei A lot of php code using getimagesizeto determine if your Upload file is not image, a lot of people in the Black-Box testing will be used in the php code before adding a GIF89a to bypass such code: ifgetimagesize$file print yes; else print No.; But there are many cases there are...

PHPRunner 4.2 (SearchOption) Blind SQL Injection Vulnerability

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: PHPRunner SQL Injection Vendor: http://www.xlinesoft.com Vulnerable Version: 4.2 prior versions also may be affected Exploitation: Remote with browser Original Advisory: http://www.bugreport.ir/index63.htm...

The Ryan & Roel Show Episode 5

Explaining AMTSO principles – Fri, November 21, 2008 Ryan grills Roel on the latest “principles” document coming out of the AMTSO Anti-Malware Testing Standards Organizing and the two spar over the value of such a massive effort. Download episode...

The Ryan & Roel Show Episode 1

Welcome to the Show – Mon, October 20 2008 In this show, we introduce ourselves and recap the Virus Bulletin 2008 conference. We talk about the MBR Trojan bootkit, the controversy surrounding anti-virus testing standards, information on the blackmarket for online gaming passwords and some data fr...

PHPRunner 4.2 - 'SearchOption' Blind SQL Injection

www.BugReport.ir AmnPardaz Security Research Team Title: PHPRunner SQL Injection Vendor: http://www.xlinesoft.com Vulnerable Version: 4.2 prior versions also may be affected Exploitation: Remote with browser Original Advisory: http://www.bugreport.ir/index63.htm Fix: N/A - Description: PHPRunner...