979 matches found
PHP source code in the unserialize function throws a vulnerability analysis-vulnerability warning-the black bar safety net
0×0 1 unserialize function concept First look at the official given explanation: unserialize on single serialized variable operation, convert back to PHP values. The return is after the conversion the value can be integer, float, string, array or object. If the passed string cannot be serialized,...
PostgreSQL for Linux Payload Execution
On some default Linux installations of PostgreSQL, the postgres service account may write to the /tmp directory, and may source UDF Shared Libraries from there as well, allowing execution of arbitrary code. This module compiles a Linux shared object file, uploads it to the target host via the...
Openconstructor CMS 3.12.0 \'id\' Parameter Multiple SQL Injection
Exploit for php platform in category web applications Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...
Open Constructor - usersusers.php?keyword Cross-Site Scripting
Open Constructor - usersusers.php?keyword Cross-Site Scripting source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an...
Open Constructor - '/data/file/edit.php?result' Cross-Site Scripting
source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based...
Open Constructor - '/users/users.php?keyword' Cross-Site Scripting
source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based...
Open Constructor - 'confirm.php?q' Cross-Site Scripting
source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based...
Open Constructor - confirm.php?q Cross-Site Scripting
Open Constructor - confirm.php?q Cross-Site Scripting source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to...
Open Constructor - datafileedit.php?result Cross-Site Scripting
Open Constructor - datafileedit.php?result Cross-Site Scripting source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an...
RedHat Update for perl RHSA-2011:1424-01
Check for the Version of perl OpenVAS Vulnerability Test RedHat Update for perl RHSA-2011:1424-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
CVE-2011-3597
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor...
Wind noise CMS 0DAY exploits-exploits warning-the black bar safety net
Keywords: inurl:User/Regservice. asp The wind noise the registration page... Vulnerability page:/user/SetNextOptions. asp Use method: Constructor injection user/SetNextOptions. asp? sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+1,adminname,3,4,5,6,7,8++from+FSMFAdmin “adminname”admin user na...
Perl Digest improper control of generation of code
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor...
RHEL 6 : perl (RHSA-2011:1424)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1424 advisory. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflo...
Perl Digest improper control of generation of code
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor...
Wind noise 4. 0 registered page exploit-vulnerability warning-the black bar safety net
Keywords: inurl:User/Regservice. asp The wind noise the registration page... Vulnerability page:/user/SetNextOptions. asp Use method: Constructor injection user/SetNextOptions. asp? sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+1,adminname,3,4,5,6,7,8++from+FSMFAdmin “adminname” admin user...
Firefox race condition flaw (MFSA 2010-73)
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the...
CVE-2010-1395
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...
CVE-2010-1395
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...
CVE-2010-1395
Removed by vendor...