Aleza Portal v1.6 - Insecure (SQLi) Cookie Handling

Exploit for php platform in category web applications =================================================== Aleza Portal v1.6 - Insecure SQLi Cookie Handling =================================================== My + Author : KnocKout Contact : email protected Software info Web App. : Aleza Portal v1...

Simple Forum PHP - Multiple Vulnerabilities

Exploit Title: Simple Forum PHP XSS/HTML Injection Vulnerabilities Date: August 25, 2010 Author: arnabs Software Link: http://www.simpleforumphp.com/forum/admin.php?act=topicoptions Price: $24.99 found bug on: http://server/demoguestbook.php?act=new details: you can insert html/javascript codes...

Ubuntu 9.04 / 9.10 / 10.04 LTS : vte vulnerability (USN-962-1)

Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges...

Fedora 12 : systemtap-1.1-1.fc12 (2010-0688)

Fixes CVE-2009-4273 Bugzilla 550172: https://bugzilla.redhat.com/showbug.cgi?id=CVE-2009-4273 New upstream release containing new features and bug fixes: better support for gcc 4.5 richer DWARF debuginfo, new preprocessor conditional for kernel 'CONFIG' testing, improved experimental unprivileged...

Fedora 11 : systemtap-1.1-1.fc11 (2010-0671)

Fixes CVE-2009-4273 Bugzilla 550172: https://bugzilla.redhat.com/showbug.cgi?id=CVE-2009-4273 New upstream release containing new features and bug fixes: better support for gcc 4.5 richer DWARF debuginfo, new preprocessor conditional for kernel 'CONFIG' testing, improved experimental unprivileged...

Novell 'modulemanager' Servlet Arbitrary File Upload (safe check)

The Administration Console component of Novell Access Manager or Novell iManager running on the remote web server has an arbitrary file upload vulnerability. Sending a specially crafted multipart POST request to '/nps/servlet/modulemanager' results in the upload of arbitrary data. Specifying a...

Havij 1.10 Cross Site Scripting

Exploit Title: Havij Persistent XSS =v1.10 Date: 15/6/2010 Author: hexon Software Link: http://itsecteam.com/files/Havij%201.10.rar Version: 1.10 and below Tested on: Windows XP Service Pack 2 Professional, Windows 7 Code : htttp://site.com/file.php?param=XSS Code Havij Persistent XSS =v1.10 By :...

Traidnt Discovery Code Execution / Cross Site Request Forgery

Exploit Title: Traidnt Discovery - CSRF inject Blocks With PHP Codes Date: 11-06-2010 Author: G0D-F4Th3r Software Link: http://discovery.traidnt.com/demo/ Version: 1.0 Tested on: http://discovery.traidnt.com/demo/...

Hexjector 1.0.7.2 - Persistent Cross-Site Scripting

Exploit Title: Hexjector Persistent XSS ".""; $url2 is not filtered so XSS codes can be executed. You would need to find a site that is vulnerable either to XSS or SQL Injection to generate this vulnerability.A site that is vulnerable to XSS only will also work because my Hexjector will not stop...

Spaw Editor 1.0 / 2.0 Remote Shell Upload

Tilte: Spaw Editor v1.0 & 2.0 Remote File Upload . Date....................: 20-05-2010 Author..................: Ma3sTr0-Dz Location ...............: Algeria Software ...............: Spaw Editor v1 & v2 Impact..................: Remote Site Software ..........: http://www.spaweditor.com Sptnx...

Akmed (sonucozet_tr.php) SQL Injection Vulnerability

Exploit for php platform in category web applications ====================================================== Akmed sonucozettr.php SQL Injection Vulnerability ====================================================== Author : Emre5807 Homepage : http://www.1923turk.com /// 1923Turk-Grup /// Vulnerab...

Fa-Ads (Auth Bypass) Vulnerability

Exploit for php platform in category web applications ================================== Fa-Ads Auth Bypass Vulnerability ================================== ======================================================================================== | Title : Fa-Ads Auth Bypass Vulnerability | Author...

CVE-2010-0408

The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...

Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability

Windows Media Player is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1974-1 : gzip - several vulnerabilities

Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic...

RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux)

This host is installed with RealPlayer which is prone to multiple code execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodrealplayermultcodeexecvulnlin.nasl 5401 2017-02-23 09:46:07Z teissa $ RealNetworks RealPlayer Multiple Code Execution Vulnerabilities Linux Authors: Antu Sanadi...

Debian: Security Advisory (DSA-1974-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Update for gzip MDVSA-2010:020 (gzip)

Check for the Version of gzip OpenVAS Vulnerability Test Mandriva Update for gzip MDVSA-2010:020 gzip Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for gzip MDVSA-2010:020 (gzip)

Check for the Version of gzip OpenVAS Vulnerability Test Mandriva Update for gzip MDVSA-2010:020 gzip Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

DSA-1974-1 gzip - arbitrary code execution

Bulletin has no description...