Lucene search
K

2404 matches found

Ubuntu
Ubuntu
added 2008/09/18 7:43 p.m.46 views

USN-646-1: rdesktop vulnerabilities

It was discovered that rdesktop did not properly validate the length of packet headers when processing RDP requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user...

9.3CVSS8.8AI score0.13128EPSS
Exploits6
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.14 views

FreeBSD Security Advisory (FreeBSD-SA-06:25.kmem.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:25.kmem.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

2.1CVSS7.1AI score0.00398EPSS
Exploits0References1
seebug.org
seebug.org
added 2008/06/22 12:0 a.m.26 views

Comparison Engine Power 'product.detail.php' SQL注入漏洞

BUGTRAQ ID: 29768 CNCAN ID:CNCAN-2008061904 Comparison Engine Power是一款基于PHP的WEB应用程序。 Comparison Engine Power不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题是'product.detail.php'脚本对用户提交给WEB参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Kalptaru Infotech Comparison Engine Power 1.0 目前没有解决方案提供...

6.9AI score
Exploits0
Prion
Prion
added 2008/06/20 11:48 a.m.15 views

Sql injection

SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS9.1AI score0.00973EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2008/06/20 11:48 a.m.20 views

CVE-2008-2791

SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS6.4AI score0.00973EPSS
Exploits1References5
NVD
NVD
added 2008/06/20 11:48 a.m.18 views

CVE-2008-2791

SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.4AI score0.00973EPSS
Exploits1References4
CVE
CVE
added 2008/06/20 10:0 a.m.45 views

CVE-2008-2791

CVE-2008-2791 describes a SQL injection vulnerability in the Kalptaru Infotech Comparison Engine Power Script 1.0, specifically in the file or process related to product.detail.php . The underlying cause is an unsafely handled id parameter that allows remote attackers to inject arbitrary SQL comm...

7.5CVSS8.4AI score0.00973EPSS
Exploits1References4Affected Software1
exploitpack
exploitpack
added 2008/06/17 12:0 a.m.19 views

Comparison Engine Power 1.0 - Blind SQL Injection

Comparison Engine Power 1.0 - Blind SQL Injection !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " \n"; print " Comparison Engine Power 1.0 Blind SQL Injection Exploit \n"; print " \n";...

0.5AI score
Exploits0
0day.today
0day.today
added 2008/06/17 12:0 a.m.23 views

Comparison Engine Power 1.0 Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================= Comparison Engine Power 1.0 Blind SQL Injection Exploit ======================================================= !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print "...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/17 12:0 a.m.42 views

Comparison Engine Power 1.0 - Blind SQL Injection

!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " \n"; print " Comparison Engine Power 1.0 Blind SQL Injection Exploit \n"; print " \n"; print " Author: Mr.SQL \n"; print " EMAIL :...

7.4AI score
Exploits0
Prion
Prion
added 2008/06/06 10:32 p.m.19 views

Design/Logic Flaw

Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different...

9.3CVSS8AI score0.04235EPSS
Exploits0References7Affected Software1
myhack58
myhack58
added 2008/05/20 12:0 a.m.20 views

Open a Nday MS08-0 1 0(CVE-2 0 0 8-0 0 7 6)-vulnerability warning-the black bar safety net

The recent IE holes in a large stack,record what I know: 1. MS08-0 1 0:In addition to the VFP control of at least the TP mentioned above is able to take advantage of. 2. MS08-0 2 2:script ENCODER processing on the hole,but I see you want to use is too difficult,the hints about the patch compariso...

7.5AI score
Exploits0
Prion
Prion
added 2008/05/18 2:20 p.m.15 views

Authentication flaw

The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "", which is present in the password file and probably passes an insufficient comparison...

7.5CVSS7.9AI score0.02451EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2008/05/18 2:20 p.m.18 views

CVE-2008-2297

The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "", which is present in the password file and probably passes an insufficient comparison...

7.5CVSS7.3AI score0.02451EPSS
Exploits1References4
Cvelist
Cvelist
added 2008/05/18 2:0 p.m.23 views

CVE-2008-2297

The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "", which is present in the password file and probably passes an insufficient comparison...

7.3AI score0.02451EPSS
Exploits1References4
securityvulns
securityvulns
added 2008/04/21 12:0 a.m.64 views

Deciphering the Simple Machines Forum audio Captcha

The Simple Machine’s Forum audio Captcha that has been hardened from attack. I have contacted SMF about this flaw and it has been verified. I go into greater detail of how i am able to break this captcha here: http://www.rooksecurity.com/blog/?p=6 Exploit Code:...

7.2AI score
Exploits0
CVE
CVE
added 2008/04/16 5:0 p.m.62 views

CVE-2008-1842

The CVE-2008-1842 issue affects HP OpenView Network Node Manager (OV NNM) v8.01 and earlier (7.53 and older), where ovspmd.exe mishandles a long TCP request to port 8886. The described integer signedness error can cause a heap-based buffer overflow, enabling a remote attacker to crash the daemon ...

10CVSS7.7AI score0.12193EPSS
Exploits1References9Affected Software1
UbuntuCve
UbuntuCve
added 2008/04/09 9:5 p.m.44 views

CVE-2007-0071

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer...

9.3CVSS7.7AI score0.92501EPSS
Exploits2References1
securityvulns
securityvulns
added 2008/04/09 12:0 a.m.52 views

Re: Multiple vulnerabilities in HP OpenView NNM 7.53

Luigi Auriemma Application: HP OpenView Network Node Manager http://www.openview.hp.com/products/nnm/ Versions: = 7.53 Platforms: Windows tested, Solaris, Linux, HP-UX Bug: memory corruption in ovspmd Exploitation: remote Date: 08 Apr 2008 Author: Luigi Auriemma e-mail: [email protected] web:...

1AI score
Exploits0
NVD
NVD
added 2007/11/15 1:46 a.m.28 views

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...

10CVSS5.9AI score0.02105EPSS
Exploits1References8
Rows per page
Query Builder