34 matches found
CVE-2017-3737
OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...
Fedora 25 : php-horde-kronolith (2017-692c05119d)
kronolith 4.2.22 - jan SECURITY: Fix open redirects. - mjr Prevent broken iCalendar files from causing fatal errors Bug 14672. - jan Work around calendar servers advertising as CalDAV-capable, but ignoring CalDAV requests Bug 14662. - jan Fix displaying yesterday's event in Prior Events portal...
Fedora 26 : php-horde-kronolith (2017-ceb60ebf8f)
kronolith 4.2.22 - jan SECURITY: Fix open redirects. - mjr Prevent broken iCalendar files from causing fatal errors Bug 14672. - jan Work around calendar servers advertising as CalDAV-capable, but ignoring CalDAV requests Bug 14662. - jan Fix displaying yesterday's event in Prior Events portal...
Uebimiau Webmail <= 2.7.2 - Multiple Vulnerabilities.
No description provided by source. Exploit Title: Uebimiau Webmail = 2.7.2 Multiple Vulnerabilities. Date: 13/03/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.comhttp://gmail.com | www.DigitalWhisper.co.ilhttp://www.DigitalWhisper.co.il Software Link: http://www.uebimiau.org/ Version: = 2.7.2 Test...
php: information leak vulnerability in var_export()
The varexport function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if displayerrors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution...
PT-2010-4084 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions 5.2.0 through 5.2.13 PHP versions 5.3.0 through 5.3.2 Description: The issue allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion, due to the...
Blog System <= 1.5 Multiple Vulnerabilities
Exploit for php platform in category web applications =========================================== Blog System | www.DigitalWhisper.co.il Software Link: http://www.netartmedia.net/blogsystem/ | http://www.netartmedia.net/blogsystem/demo.html Version: = 1.5 Tested on: PHP Cross Site Scripting...
Blog System 1.5 - Multiple Vulnerabilities
Blog System 1.5 - Multiple Vulnerabilities Exploit Title: Blog System | www.DigitalWhisper.co.il Software Link: http://www.netartmedia.net/blogsystem/ | http://www.netartmedia.net/blogsystem/demo.html Version: = 1.5 Tested on: PHP Cross Site Scripting Cross-Site Scripting attacks are a type of...
Uebimiau Webmail 2.7.2 Cross Site Scripting / Path Disclosure
Exploit Title: Uebimiau Webmail | www.DigitalWhisper.co.il Software Link: http://www.uebimiau.org/ Version: = 2.7.2 Tested on: PHP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web...
Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities
Exploit Title: Uebimiau Webmail | www.DigitalWhisper.co.il Software Link: http://www.uebimiau.org/ Version: = 2.7.2 Tested on: PHP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web...
For grasping the win2003 system password trick-vulnerability warning-the black bar safety net
The command line to uninstall the win2003 sp1/sp2 %systemroot%$NtServicePackUninstall$\spuninst\spuninst /U Press the unattended mode to remove the service pack. If you use this option, then uninstall SP1, only fatal errors will only display the prompt. /Q Press the quiet mode to remove SP1, this...
DGNews version 2.1 Path Disclosure Vulnerability
netVigilance Security Advisory 21 DGNews version 2.1 Path Disclosure Vulnerability Description: DGNews is small and simple but powered news publishing. Easy installation, no programing required. But you can still change whatever you want for advanced users. Features: add unlimited categories,...
[Full-disclosure] Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities
netVigilance Security Advisory 27 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...
Pinnacle ShowCenter Skin Denial of Service
Dear ladies and gentlemen, I am a proud user of the Pinnacle ShowCenter 1.51. When I was playing around with the system, it seems I have found a denial of service attack against the web interface. First I did manually a HTTP GET request that selects a non-existent skin:...