CVE-2015-1119

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different...

CVE-2014-999999

...

WordPress Dmsguestbook Unauthenticated Data Injection

http://packetstormsecurity.com/user/evex/ Author:Evex Title: WordPress dmsguestbook Plugin File Manipulation Description: wordpress dmsguestbook plugin is vulnerable to a file manipulation security issue it allows an unauthenicated attacker to put text into existing text files only " . "saved",...

CVE-2014-1928

The shellquote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "" backslash characters to form multi-command sequences, a different...

DESTOON front Desk getshell-a vulnerability warning-the black bar safety net

Brief description: .... And Detailed description: \module\know\answer.inc.php 1 4 3 - 1 6 row 1 case 'raise': //this function is to "know the function" reward the number of times of update,because by default only allows 2 times to improve the reward for the number of if$credit $credit...

w-CMS 2.0.1 - Remote Code Execution Vulnerability

No description provided by source...

elgg <= 1.5 (/_css/js.php) Local File Inclusion Vulnerability

No description provided by source. Product: elgg.org Version: = 1.5 Dork: Powered by Elgg, the leading open source social networking platform eLwauxc2009 UASC.org.UA POC: /css/js.php?js=../../../../tmp/sessiondir%00&viewtype=xD need: in table datalists must be record simplecacheenabled = 0 defaul...

TaskDriver <= 1.2 Login Bypass/SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered by: Silentz Payload: Login Bypass & Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code login.php: $sql = SELECT FROM $userstable WHERE username =...

XAMPP 3.2.1 Cross Site Scripting

Title : XAMPP 3.2.1 Cross Site Scripting Author : DevilScreaM Date : 15 January 2014 Category : Web Applications Vendor : http://sourceforge.net/projects/xampp Version : 3.2.1 Type : PHP Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker |...

CVE-2013-2145

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/...

PHP-Charts 1.0 - Code Execution

PHP-Charts 1.0 - Code Execution Exploit Title: PHP-CHARTS v1.0 code execution vulnerability Date: 05/15/2013 Exploit Author: fizzle stick Vendor Homepage: http://php-charts.com/ Software Link: http://php-charts.com/downloads/php-chartv1.0.zip Version: v1.0 Tested on: Windows Summary: PHP-charts...

GOM Media Player 2.1.37 Buffer Overflow

Introduction: ============= GOM Player Gretech Online Movie Player is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. It is the primary client player for South Korean GOM-TV, and is more popular in South Korea than any other media player. Key...

flash-player (important)

flash-player 11.1.102.63 fixes two security issues: - memory corruption vulnerability in Matrix3D could lead to code executionn CVE-2012-0768 - integer errors that could lead to information disclosure CVE-2012-0769...

CVE-2011-2648

Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a filter in a modified file...

CentOS Update for glibc CESA-2011:0412 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Google Chrome < 10.0.648.134 Code Execution Vulnerability

Binary data 800895.prm...

A vulnerability in Kaspersky Antivirus

Hello Bugtraq. I write to notify a vulnerability in Kaspersky Antivirus that allows the code injection in the process that is executed in user's context, allowing: 1. The modification, creation and elimination of the values and keys in the Registration with respect to the configuration of the...

al3jeb script - Remote Authentication Bypass

'/ -.- --------------------oOO------OOo------------------- | al3jeb script Remote Login Bypass Exploit | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r ! Date: 19.01.2010 ! Remote: yes ! Vulnerability Code login.php : ! PoC:...

CVE-2009-4035

The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a...

KDE KDELibs 'dtoa()'远程代码执行漏洞

Bugraq ID: 37080 CVE ID：CVE-2009-0689 KDE是一款UNIX工下开源图形桌面环境。 KDELibs是建立在Qt框架之上，它提供框架和众多功能来开发KDE程序。其中dtoa实现存在错误，处理特殊构建的浮点数可导致内存覆盖。由于Kmac定义为15，dtoa函数没有检查Kmac限制，可能调用大于等于16的freelist数组元素。 KDE 4.3.3 目前没有详细解决方案提供： http://www.kde.org/ - ----------------------- script var a=0.?php echo strrepeat"1",296450;...