2657 matches found
Mandriva Linux Security Advisory : mysql (MDVSA-2010:222)
Multiple vulnerabilities were discovered and corrected in mysql : - Joins involving a table with with a unique SET column could cause a server crash CVE-2010-3677. - Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash CVE-2010-3680. - The server could crash if there we...
CVE-2010-3835
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...
Authentication flaw
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the...
MySQL Community Server 5.1 < 5.1.51 Multiple Denial of Service Vulnerabilities
Binary data 5677.prm...
Fedora 12 : java-1.6.0-openjdk-1.6.0.0-40.b18.fc12 (2010-12758)
S6678385, RH551835: Fixes jvm crashes when window is resized. Produces the 'expected' behavior for full screen applications, when running the Metacity window manager. PR453, OJ100142: Fix policy evaluation to match the proprietary JDK. IcedTeaNPPlugin. RH524387: javax.net.ssl.SSLKeyException: RSA...
RM Downloader 3.1.3 (Windows 7) - Local ASLR + DEP Bypass (SEH)
!/usr/bin/perl Exploit Title: RM Downloader 3.1.3 Local SEH Exploit Win7 ASLR and DEP Bypass Date: July 1, 2010 Author: Node Software Link: http://www.mini-stream.net/downloads/RMDownloader.exe Version: RM Downloader 3.1.3.3.2010.06.26 Evaluation Tested on: Windows 7 Ultimate x64 ENG Notes: Only...
Google Releases Skipfish Application Security Scanner
Google has released its own Web application security scanner, called Skipfish. The free scanner is designed to work within a variety of existing Web application frameworks and is built with an emphasis on speed and low false-positives, the company said. Skipfish enters a crowded field of Web...
HTTP File Same Name Directory Scanner
This module identifies the existence of files in a given directory path named as the same name of the directory. Only works if PATH is different than '/'. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
PHP vulnerability full solution-vulnerability warning-the black bar safety net
PHP web page security issues For PHP website mainly exist the following types of attacks: 1. Command injectionCommand Injection 2. eval injectionEval Injection 3. Client scripting attacksScript Insertion 4. Cross-site scripting attacksCross Site Scripting, XSS 5. SQL injectionattacksSQL injection...
[Backports-security-announce] Security update for devscripts
Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or...
About the database the anti download the new strokes of the“# % of”a text analysis-vulnerability warning-the black bar safety net
Database this thing who don't know? As long as webmasters or play Black the all clear however, once a Y download, and that is no joke. The title phrase See the 7 on the X-Files a database the anti download the new strokes of the“%,”A text, looks like the author speaking of having problems. Purely...
PHP Evaluation Replacement String
mberegireplace evaluate replacement string vulnerability by ryatwww.80vul.com when option parameter set e, matchs not be escaped. ex: phpinfo will be evaluated. mberegreplace if replacelen - i = 2 && fwd == 1 && p0 == '\' && p1 = '0' && p1 = 0 && n numregs if regs-begn = 0 && regs-begn endn &&...
PHP mb_ereg(i)_replace() Evaluate Replacement String Vulnerability
No description provided by source. mberegireplace evaluate replacement string vulnerability by ryatwww.80vul.com when option parameter set e, matchs not be escaped. ex: ?php function hi80vul $str = '', phpinfo, ''; mberegreplace'^.$', 'hi80vul'\1'', $str, 'e'; ? phpinfo will be evaluated...
PHP - mb_ereg(i)_replace() Evaluate Replacement String
PHP - mberegireplace Evaluate Replacement String mberegireplace evaluate replacement string vulnerability by ryatwww.80vul.com when option parameter set e, matchs not be escaped. ex: phpinfo will be evaluated. mberegreplace if replacelen - i = 2 && fwd == 1 && p0 == '\' && p1 = '0' && p1 = 0 && n...
DZ! sodb-2 0 0 8-1 3 EXP published-vulnerability warning-the black bar safety net
!/ usr/bin/php ? php / Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp By www.80vul.com Notes the value of the variable, add your own modifications / $host = ‘www.80vul.com’; // Server domain or IP $path = ‘/discuz/’; // Where the program path $key = 0; // The above variable is edited, make will the value...
Generic PHP Code Evaluation
Exploits things like It is likely that HTTP evasion options will break this exploit. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Generic PHP Code Evaluation', 'Description' = %q Exploits...
Advanced Electron Forum <= 1.0.6 Remote Code Execution Vulnerability
Exploit for unknown platform in category web applications ==================================================================== Advanced Electron Forum = 1.0.6 Remote Code Execution Vulnerability ==================================================================== GulfTech Security Research...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. Integer overflow in residue partition value aka partvals evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow...
Debian: Security Advisory (DSA-1030-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1031-1 (cacti)
The remote host is missing an update to cacti announced via advisory DSA 1031-1. Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP, which is embedded in cacti, a frontend to rrdtool for monitoring systems and services. The Common...