Lucene search
+L

6058 matches found

The Hacker News
The Hacker News
added 2013/08/23 6:18 a.m.9 views

Hacker reported vulnerability in Kaspersky website; Demonstrated malware spreading technique

The cyber Security Analyst 'Ebrahim Hegazy' @Zigoo0 Consultant at Q-CERT has found an "Unvalidated Redirection Vulnerability" in the website of the giant security solutions vendor "Kaspersky". Ebrahim, who found a SQL Injection in "Avira" website last month, this time he found a Unvalidated...

6.8AI score
Exploits0
OSV
OSV
added 2013/06/09 9:55 p.m.6 views

CVE-2013-4083

The dissectpft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service application crash via a crafted...

6.2AI score
Exploits0References17
erpscan
erpscan
added 2013/04/20 12:0 a.m.16 views

SAP Portal - Unvalidated redirect

Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2013/03/08 12:0 a.m.25 views

Your Own Classifieds Cross Site Scripting

Vendor: http://www.yourownclassifieds.com Description: Your own classified software is a script that helps you creates your own store. Discovered by: Rafay Baloch Vulnerability: Non persistent XSS The script fails to sanitize the input that is entered into the text box resulting into a XSS. POC:...

7.4AI score
Exploits0
0day.today
0day.today
added 2013/03/06 12:0 a.m.16 views

vShare<=2.8.1 SQL injection + Remote Command Execution

Unvalidated input results in SQL injection, remote command execution is highly likely after the compromise of the Admin username because of the risky requirements of Video Sharing scripts. I haven't attached a Video because it will disclose the SQL Injection location and posting a blank Video is...

8.4AI score
Exploits0
The Hacker News
The Hacker News
added 2013/01/07 8:52 a.m.19 views

NASA 'Space your Face' domain hacked

Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name "p0ison-r00t" deface a sub domain of NASA http://spaceyourface.nasa.gov/. The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.61 views

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120529)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : - It was found that the datalen parameter of the sockallocsendpskb function in the Linux kernel's networking implementation was not validated before use. A local...

7.2CVSS5.3AI score0.00583EPSS
Exploits2References2
OSV
OSV
added 2012/07/31 5:55 p.m.3 views

DEBIAN-CVE-2012-3442

The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...

4.3CVSS6.1AI score0.02072EPSS
Exploits1References1
Drupal
Drupal
added 2012/05/02 12:0 a.m.677 views

SA-CORE-2012-002 - Drupal core multiple vulnerabilities

Denial of Service CVE: CVE-2012-1588 Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted...

5.8CVSS5.8AI score0.02401EPSS
Exploits3References23
0day.today
0day.today
added 2012/01/20 12:0 a.m.12 views

Gitorious Arbitrary Command Execution

Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2012/01/20 12:0 a.m.37 views

Gitorious - Arbitrary Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Gitorious Arbitra...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2011/10/07 3:30 p.m.15 views

Spreecommerce 0.60.1 Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

1.3AI score
Exploits0
0day.today
0day.today
added 2011/10/06 12:0 a.m.24 views

Spreecommerce 0.60.1 Arbitrary Command Execution

Exploit for linux platform in category web applications $Id: spreesearchexec.rb 13831 2011-10-07 17:45:15Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2011/10/05 9:37 p.m.4 views

kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls

The agpgenericremovememory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCUNBIND agpioctl ioctl call, a different...

6.9CVSS7.1AI score0.00381EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2011/08/05 12:0 a.m.10 views

Ileys Web Control SQL Injection Vulnerability

Ileys Web Control is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3AI score
Exploits0References2
Packet Storm
Packet Storm
added 2011/07/16 12:0 a.m.23 views

MyST BlogSite URL Redirect / Information Leakage

=============================== MyST BlogSite | Multiple Vulnerabilities =============================== 1. VULNERABILITY DESCRIPTION -- Issue Title: Arbitrary URL Redirect Component: MyST BlogSite ClickDirector Ref: OWASP - Top 10 - 2010 - A10 Ref-Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/04/22 12:0 a.m.32 views

Spreecommerce < 0.50.0 Arbitrary Command Execution

Exploit for unix platform in category remote exploits $Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informatio...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/04/21 12:0 a.m.31 views

Spreecommerce &lt; 0.50.0 - Arbitrary Command Execution (Metasploit)

$Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.4AI score
Exploits0
OSV
OSV
added 2011/01/10 8:0 p.m.7 views

CVE-2010-4535

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service resource consumption via a URL that...

6.5AI score
Exploits0References15
exploitpack
exploitpack
added 2010/12/06 12:0 a.m.22 views

phpMyAdmin - Client-Side Code Injection Redirect Link Falsification

phpMyAdmin - Client-Side Code Injection Redirect Link Falsification PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili Marco 'whitesheep' Rondini Alessandro 'scox' Scoscia In error.php, PhpMyAdmin permit to insert text and restricted tag,...

Exploits0
Rows per page
Query Builder