6058 matches found
Hacker reported vulnerability in Kaspersky website; Demonstrated malware spreading technique
The cyber Security Analyst 'Ebrahim Hegazy' @Zigoo0 Consultant at Q-CERT has found an "Unvalidated Redirection Vulnerability" in the website of the giant security solutions vendor "Kaspersky". Ebrahim, who found a SQL Injection in "Avira" website last month, this time he found a Unvalidated...
CVE-2013-4083
The dissectpft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service application crash via a crafted...
SAP Portal - Unvalidated redirect
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...
Your Own Classifieds Cross Site Scripting
Vendor: http://www.yourownclassifieds.com Description: Your own classified software is a script that helps you creates your own store. Discovered by: Rafay Baloch Vulnerability: Non persistent XSS The script fails to sanitize the input that is entered into the text box resulting into a XSS. POC:...
vShare<=2.8.1 SQL injection + Remote Command Execution
Unvalidated input results in SQL injection, remote command execution is highly likely after the compromise of the Admin username because of the risky requirements of Video Sharing scripts. I haven't attached a Video because it will disclose the SQL Injection location and posting a blank Video is...
NASA 'Space your Face' domain hacked
Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name "p0ison-r00t" deface a sub domain of NASA http://spaceyourface.nasa.gov/. The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120529)
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : - It was found that the datalen parameter of the sockallocsendpskb function in the Linux kernel's networking implementation was not validated before use. A local...
DEBIAN-CVE-2012-3442
The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...
SA-CORE-2012-002 - Drupal core multiple vulnerabilities
Denial of Service CVE: CVE-2012-1588 Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted...
Gitorious Arbitrary Command Execution
Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Gitorious - Arbitrary Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Gitorious Arbitra...
Spreecommerce 0.60.1 Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Spreecommerce 0.60.1 Arbitrary Command Execution
Exploit for linux platform in category web applications $Id: spreesearchexec.rb 13831 2011-10-07 17:45:15Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...
kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
The agpgenericremovememory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCUNBIND agpioctl ioctl call, a different...
Ileys Web Control SQL Injection Vulnerability
Ileys Web Control is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MyST BlogSite URL Redirect / Information Leakage
=============================== MyST BlogSite | Multiple Vulnerabilities =============================== 1. VULNERABILITY DESCRIPTION -- Issue Title: Arbitrary URL Redirect Component: MyST BlogSite ClickDirector Ref: OWASP - Top 10 - 2010 - A10 Ref-Link:...
Spreecommerce < 0.50.0 Arbitrary Command Execution
Exploit for unix platform in category remote exploits $Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informatio...
Spreecommerce < 0.50.0 - Arbitrary Command Execution (Metasploit)
$Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CVE-2010-4535
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service resource consumption via a URL that...
phpMyAdmin - Client-Side Code Injection Redirect Link Falsification
phpMyAdmin - Client-Side Code Injection Redirect Link Falsification PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili Marco 'whitesheep' Rondini Alessandro 'scox' Scoscia In error.php, PhpMyAdmin permit to insert text and restricted tag,...