Gitweb 1.7.3.3 Cross Site Scripting

-8 Description 8--8 Proof Of Concept 8- " -8 Credits 8--8 Notes 8--8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure...

WAP form content can be leaked to other sites – Opera Security Advisories

When accepting user input in form fields on a WAP page, WML requires that the input contents are remembered, and used to populate every further input sharing the same name. This should continue as long as the user continues to click links known as a WAP session, even populating similarly named...

Information disclosure

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including 1 user.name, 2 user.home, and 3 java.home system properties, and other sensitive...

php: session serializer session data injection vulnerability (MOPS-2010-060)

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

ImageShack Toolbar 4.8.3.75 Remote Code Execution Exploit

Exploit for windows platform in category remote exploits ========================================================= ImageShack Toolbar 4.8.3.75 Remote Code Execution Exploit ========================================================= // calc.exe var shellcode = unescap...

IBM OmniFind - Local Privilege Escalation

IBM OmniFind - Local Privilege Escalation Privilege escalation in two applications CVE-2010-3895 Root SUID bits are set for the applications »esRunCommand« and »estaskwrapper«. ------------------------------------------------------------------------- -rwsr-xr-x 1 root users...

MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

Dozens of Bugs Found in One Version of Android Kernel

Security researchers found dozens of high risk security holes in the software used to run specific Android mobile devices, but that’s still a lot better than industry averages, according to a new report. Coverity, an application code testing firm, analyzed the source code for HTC’s Droid Incredib...

printf(1) via PHP magic_quotes Utility Command Encoder

This encoder uses the printf1 utility to avoid restricted characters. Some shell variable substitution may also be used if needed symbols are blacklisted. Some characters are intentionally left unescaped since it is assumed that PHP with magicquotesgpc enabled will escape them during request...

[SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-2120-1 [email protected] http://www.debian.org/security/ Florian Weimer October 12, 2010 http://www.debian.org/security/faq -...

CVE-2010-3481

Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password variables, possibly related to include/classes/Login.php. NOTE: some of these details are...

Debian DSA-2089-1 : php5 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1917 The fnmatch function can be abused to conduct denial of service attacks by crashing the interpreter by the...

CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

Struts2/XWork < 2.2.0 remote execution of arbitrary code vulnerability analysis and patch-vulnerability warning-the black bar safety net

Neeao's Blog http://neeao.com/ : 1. exploit-db website on 7 month 1 4 day broke aStruts2 remote execution of arbitrary code vulnerabilityvulnerability, hazard of large, can be described as a crack shot, directly to the root, as long as the use Struts2 and webwork framework of the system for the...

Struts2/XWork Remote Command Execution

Friday, July 9, 2010 CVE-2010-1870: Struts2/XWork remote command execution Update Tue Jul 13 2010: Added proof of concept Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 release of the Struts2 web framework which fixes...

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

Exploit for multiple platform in category remote exploits ============================================================ Struts2/XWork 2.2.0 Remote Command Execution Vulnerability ============================================================ Apache Struts team has announced uploaded but has not...

Oracle Secure Backup Administration Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are...