113 matches found
Unfixed XSS vulnerability at www.ratehispanic.com
Security researcher Don Tukulesto, has submitted on 15/09/2009 a cross-site-scripting XSS vulnerability affecting www.ratehispanic.com, which at the time of submission ranked 543638 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/11/2011. It...
Dnsmasq 2.50 - Heap Overflow Null Pointer Dereference
Dnsmasq 2.50 - Heap Overflow Null Pointer Dereference -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server 1. Advisory Information Title: Dnsmasq Heap...
Unfixed XSS vulnerability at www.21stcentury.com.my
Security researcher Don Tukulesto, has submitted on 21/01/2009 a cross-site-scripting XSS vulnerability affecting www.21stcentury.com.my, which at the time of submission ranked 6090601 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/10/2010...
Security Vulnerability in xwork, need to update to fixed version
see http://cwiki.apache.org/confluence/display/WW/S2-003 confluence currently using v1.0.3. 1.0.x branch was not yet patched so we cannot upgrade straight away. Don B is working on releasing the fix...
Mambo Component eWriting 1.2.1 (cat) SQL Injection Vulnerability
No description provided by source. eWriting 1.2.1 - SQL injection Discovered by breakerunit & Don BHack b4lc4n.org Gretz to h4cky0u.org l r00tsecurity.org l h4cky0u.biz l Dorks: "Powered by eWriting 1.2.1 allinurl:"comewriting" Joomla!...
PHP Live! 3.2.2 - 'questid' SQL Injection (1)
!Info! PHP Live! © OSI Codes Inc. enables live help and live customer support communication directly from your website. With PHP Live!, you can provide one-on-one chat assistance in real-time, answer visitor questions and add that extra human touch to your website. !SQL Injection! Code:...
MySpace Content Zone 3.x - Arbitrary File Upload
---------------------------------------------------- +-MySpace Content Zone RFi-+ ---------------------------------------------------- Found By Don & breakerunit ---------------------------------------------------- Vuln file: /admin/uploadgames.php Fix: secure admin area Dork: "Powered by MySpace...
CVE-2007-5218
CVE-2007-5218 describes a cross-site scripting (XSS) vulnerability in the PHP-based “DRBGuestbook” software, specifically in index.php of version 1.1.13 by Don Barnes. The issue allows remote attackers to inject arbitrary web script or HTML via the action parameter. The provided documents do not ...
Ourspace 2.0.9 - 'uploadmedia.cgi' Arbitrary File Upload
++++++++++++++++++++++++++++++++++++ | Discovered by Breakerunit & Don | | Ourspace 2.0.9| script info: http://www.codedworld.com/download/our-space/26931.html Exploit: /cgi-bin/ourspace/newswire/uploadmedia.cgi dork: inurl:"/cgi-bin/ourspace/ Greetz to: Balcan Crew Members h4cky0u.org and my...
Pharmacy System 2.0 - index.php?ID SQL Injection
Pharmacy System 2.0 - index.php?ID SQL Injection --==+================================================================================+==-- --==+ Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS +==-- --==+================================================================================+==...
Unfixed XSS vulnerability at www.freevbcode.com
Security researcher Cyber Don, has submitted on 28/05/2007 a cross-site-scripting XSS vulnerability affecting www.freevbcode.com, which at the time of submission ranked 33185 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 31/05/2007. It is...
Plan 9 Kernel (devenv.c OTRUNC/pwrite) Local Exploit
No description provided by source. / !!! DO NOT DISTRIBUTE !!! / / identity theft this exploit uses my devenv.c OTRUNC/pwrite vulnerability to overwrite specific kernel addresses to help elevate our privileges. this exploit is very picky, so you must understand the plan9 kernel and know what you...
Multiple Vendor DNS Response Flooding DoS Vulnerability
Multiple DNS vendors are reported susceptible to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2004 Cedric Tissieres, Objectif Securite Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...