IBM BladeCenter Management Module - DoS vulnerability

No description provided by source. DSECRG-09-049 IBM BladeCenter Management Module - DoS vulnerability Source: http://www.dsecrg.com/pages/vul/show.php?id=149 This device can be remotely rebooted by sending a malformed TCP packets Digital Security Research Group DSecRG Advisory DSECRG-09-049...

IBM Bladecenter Management - Multiple web application vulnerabilities

No description provided by source. DSECRG-09-054 IBM Bladecenter Management - Multiple vulnerabilities The BladeCenter management module is prone to multiple security vulnerabilities: Unauthorized Access, Directory Listing, XSS Digital Security Research Group DSecRG Advisory DSECRG-09-054...

ezContents CMS 2.0.3 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-038 Application: ezContents CMS Versions Affected: 2.0.3 Application URL: http://www.ezcontents.org/ Vendor URL: http://www.visualshapers.com/ Bug: Multiple Local File Include Exploits: YES Reported:...

OSSIM 2.1 - SQL Injection and xss

No description provided by source. OSSIM - Open Source Security Information Management is vulnerable to multiple security vulnerabilities. 1. SQL Injections 2. Linked XSS 3. Unauthorized access Digital Security Research Group DSecRG Advisory DSECRG-09-055 Application: OSSIM Versions Affected: 2.1...

RunCMS 1.6 - Remote Blind SQL Injection Exploit (IDS evasion)

No description provided by source. // / RUNCMS 1.6 BLIND SQL Injection Exploit + IDS evasion / // / exploit get hash of admin password / / / / Exploit is invisible for / / RUNCMS sql injection detecting mechanism / // // / tested on RUNCMS english version 1.6 / // // / Date of Public EXPLOIT:...

Safari 4.0.5 - parent.close() Memory Corruption exploit (ASLR and DEP bypass)

No description provided by source. Download: http://www.exploit-db.com/sploits/safariparentclosesintsov.zip Unzip and run START.htm This exploit use JIT-SPRAY for DEP and ASLR bypass. jit-shellcode: systemnotepad 0day.html - use 0x09090101 address for CALL JITed shellcode. START.htm - iff.htm -...

Alteon OS BBI (Nortell) - Multiple Vulnerabilities XSS and CSRF

No description provided by source. Exploit Title: Alteon OS BBI Nortell - Multiple Vulnerabilities Date: 16 Nov 09 Author: Sintsov Alexey Software Link: downoad link if available Version: = 21.0.8.3 and may be higher =25.1.0.0 Tested on: relevant os Code : exploit code From: DSecRG research dsecr...

Oracle Document Capture Actbar2.ocx Insecure Method

No description provided by source. Source: http://packetstormsecurity.org/files/view/97866/DSECRG-11-004.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL:...

Pluck CMS 4.5.2 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-037 Application: Pluck CMS Versions Affected: 4.5.2 Vendor URL: http://www.pluck-cms.org/ Bug: Multiple Local File Include Exploits: YES Reported: 28.07.2008 Vendor Response: 03.08.2008 Solution: YES Date...

Pixie CMS 1.0 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-09-005 Application: Pixie CMS Versions Affected: 1.0 Vendor URL: http://www.getpixie.co.uk/ Bug: Multiple Local File Include Exploits: YES Reported: 29.08.2008 Vendor Response: 30.08.2008 Solution: NONE Date...

Synactis All_IN_THE_BOX ActiveX 3.0 - Null byte File Overwrite Vuln

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-09-006 http://www.dsecrg.com/pages/vul/show.php?id=62 Application: Synactis AllINTHEBOX ActiveX Versions Affected: 3 Vendor URL: http://synactis.com Bugs: Null byte File overwriting Exploits: YES Reported:...

blogcms 4.2.1b (sql/xss) Multiple Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-003 Application: Blogcms Versions Affected: Blogcms 4.2.1b Vendor URL: http://blogcms.com/ Bugs: SQL Injestions, SiXSS, XSS Exploits: YES Reported: 15.01.2008 Vendor response: 16.01.2008 Date of Public...

Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)

No description provided by source. !-- JIT-SPRAY for Safari 4.0.5 - 5.0.0 JavaScript JIT SHELLCODE and spray for ASLR / DEP bypass Win x32 By Alexey Sintsov from Digital Security Research Group Special for Hack In The Box 2010 Amsterdam PAYLOAD - exec calc Tested on Windows7 and Windows XP. Sorry...

PowerNews (Newsscript) 2.5.6 - Local File Inclusion Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-014 Application: PowerNews Newsscript Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug: Multiple Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response: none Solution:...

Oracle Document Capture 10.1.3.5 Insecure Method / Buffer Overflow

No description provided by source. Source: http://packetstormsecurity.org/files/view/97871/DSECRG-11-006.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-006 internal DSECRG-09-066 Application: Oracle Document Capture Versions Affected:...

Open Azimyt CMS <= 0.22 (lang) Local File Inclusion Vulnerability

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-026 Application: Open Azimyt CMS Versions Affected: 0.22 minimal, 0.21 stable Vendor URL: http://azimyt.net/ Bug: Local File Include Exploits: YES Reported: 07.06.2008 Vendor Response: 08.06.2008 Solution...

CM3 AcoraCMS XSS / CSRF / Redirection / Disclosure

=============================== - Advisory - =============================== Tittle: CM3 AcoraCMS - Several Vulnerabilities Risk: Medium Date: 12.Sept.2012 Author: Pedro Andujar Twitter: @pandujar .: INTRO :. Acora CMS is a sleek and powerful off-the-shelf content management application coupled...

IBM Lotus Domino Server Controller Authentication Bypass Vulnerability

No description provided by source. Exploit Title: IBM Lotus Domino Controller auth. bypass Date:30/11/2011 Author: Alexey Sintsov Software Link: http://www.ibm.com/ Version:8.5.3/8.5.2 FP3 0day Tested on: Windows 7 / Windows 2008 CVE : CVE-2011-1519 Application: IBM Lotus Domino Controller Versio...

VMware - Update Manager Directory Traversal

Exploit Title:VMware Update Manager Directory Traversal Date:18/11/2011 Author: Alexey Sintsov Software Link: http://www.vmware.com/ Version:2.0.2 Tested on: Windows 2003 / vCenter Update Manager 4.1 U1 CVE : CVE-2011-4404 DSECRG-11-042 VMware Update Manager - Directory Traversal Application:...

VMSA-2011-0014:VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability

VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0014 VMware Security Advisory Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses...