Nitro Pro 8.0.3.1 - Crash (PoC)

Nitro Pro 8.0.3.1 - Crash PoC !C:\Python27\python.exe Exploit Title: Nitro Pro 8.0.3.1 - DoS Date: 2012-10-07 Exploit Author: John Cobb Author Homepage: www.NoBytes.com Vendor Homepage: www.nitropdf.com Version: 8.0.3.1 Tested on: Win7 64bit CVE : None When the Object Index exceeds 10 characters...

util-linux-ng security, bug fix and enhancement update

2.17.2-12.9 - fix 892471 - CVE-2013-0157 mount folder existence information disclosure 2.17.2-12.8 - fix 679833 - RFE tailf should support - fix 719927 - RFE add adjtimex --compare functionality to hwclock - fix 730272 - losetup does not warn if backing file is 512 bytes - fix 730891 - document...

dovecot security and bug fix update

1:2.0.9-5 - script-login did not drop privileges correctly 709095 - fix directory traversal due to not obeying chroot directive 709097 - check proxy destination host against SSL certificate name 754980 1:2.0.9-4 - dovecot may not set correct premissions for mail folder 697620 1:2.0.9-3 - fix...

[SECURITY] Fedora 18 Update: roundcubemail-0.8.5-1.fc18

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2012-6530

Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request...

Wordpress plugins powerzoomer Arbitrary File Upload Vulnerability

The attacker can uplaod file/shell.php.gif 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...

The movable section(dkcms)vulnerability-vulnerability warning-the black bar safety net

The main is almost 3 versions of main, v2. 0 v3. 1 v4. 2 Google keyword: powered by dkcms The website turned out to find the source code download, Baidu, download this 3 source code, as is the asp source code, mostly to look at the default database, what are the three default database V2. 0...

[Knock] Subdomain Scanner

Knock is a python script, written by Gianni 'guelfoweb' Amato , designed to enumerate subdomains on a target domain through a wordlist. For more information I have posted a documentation page. If you want to see how it works, you can see this sample output: Simple Scan Zone Transfer Scan Wildcard...

FCK 0day FCKeditor create a folder,Upload a file when"." Change"_"to break-vulnerability warning-the black bar safety net

A lot of times the uploaded file for example: shell.php.rar or shell.php;. jpg becomes shellphp;. jpg this is the new version of the FCK change, try to upload 1. asp;jpg Submitted shell.php+space to get around, but the spaces only support win system is nix is not supported, shell.php and...

Private data can be disclosed to other computer users, or be modified by them – Opera Security Advisories

Private data such as cache, password files, and Opera’s configuration files are supposed to be visible only to the user who owns the Opera profile. Opera does not set the profile folder permissions correctly, allowing other computer users to read the sensitive contents of profile files. In some...

CVE-2010-5283

Cross-site request forgery CSRF vulnerability in OpenText ECM formerly Livelink ECM 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions...

A lot of the rebate built Station system V8 installation vulnerability-vulnerability warning-the black bar safety net

Brief description of the A lot of the rebate built Station system after installing the site, will put the install folder of the install. php renamed the install. php. lock, but in this file we can access to, so use the capture tool, you can reinstall the site. The use of Description 1, FireFox to...

The latest FCKeditor proof absolute path vulnerability-vulnerability warning-the black bar safety net

Code: FCKeditor/editor/filemanager/connectors/asp/connector. asp? Command=CreateFolder&Type=File&CurrentFolder=%2F&NewFolderName=aux Version not test it. Principle: create an aux folder, aux in the windows system is not supported, so will complain, broke the absolute path, this relatively...

CVE-2012-5459

Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder."...

Design/Logic Flaw

Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder."...

RealPlayer buffer overflow

Buffer overflow on oversized filename in wathced folder...

FL Studio 10 Producer Edition - Buffer Overflow (SEH) (PoC)

Title : FL Studio 10 Producer Edition - SEH Based Buffer Overflow PoC Author : Dark-Puzzle Souhail Hammou Type : PoC Risk : High Vendor : Image Line: http://www.image-line.com/downloads/flstudiodownload.html Versions : 10 Producer Edition Other Versions May be Vulnerable. Tested On : Windows 7...

CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

CVE-2012-4890

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a 1 comment to the news, 2 title to the news, or 3 the folder names in a gallery...

Mandrake Linux Security Advisory : pine (MDKSA-2000:073-1)

By adding specific headers to messages, the pine mail reader could be made to exit with an error message when users attempted to manipulate mail folders containing those messages. Update : The previous announcement did not make mention of another vulnerability in pine 4.21 and previous in that it...