1511 matches found
Apache Struts2 XWork ParameterInterceptor security bypass
Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...
Microsoft Windows Shell LNK Code Execution
$Id: ms10046shortcuticondllloader.rb 9955 2010-08-04 02:21:20Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Struts2/XWork < 2.2.0 remote execution of arbitrary code vulnerability analysis and patch-vulnerability warning-the black bar safety net
Neeao's Blog http://neeao.com/ : 1. exploit-db website on 7 month 1 4 day broke aStruts2 remote execution of arbitrary code vulnerabilityvulnerability, hazard of large, can be described as a crack shot, directly to the root, as long as the use Struts2 and webwork framework of the system for the...
CVE-2010-0909
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors...
CVE-2010-0912
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors...
Web Application Security Scanner: w3af
w3af is a Web Application Attack and Audit Framework The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Identify and exploit a SQL injection One of the most difficult parts of securing your application is to identify the...
CVE-2010-1622
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...
Playlistmaker version 1.51 Local Buffer Overflow Exploit (SEH) META
Exploit for windows platform in category local exploits =================================================================== Playlistmaker version 1.51 Local Buffer Overflow Exploit SEH META ===================================================================...
fusebox - 'ProductList.cfm?CatDisplay' SQL Injection
----------------------------------------------------------------------------------------- AJSADVISORIES01&2010 fusebox ProductList.cfm?CatDisplay Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------- Author : Shamus Date : May...
fusebox (ProductList.cfm?CatDisplay) Remote SQL Injection Vulnerability
Exploit for windows platform in category web applications ======================================================================= fusebox ProductList.cfm?CatDisplay Remote SQL Injection Vulnerability ======================================================================= Author : Shamus Date : Ma...
PHP-Nuke 7.0 / 8.1 / 8.1.35 Wormable Remote Code Execution
!/usr/bin/php ?php / Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35newist as of release Vendor's Website:http://phpnuke.org/ Secuirty Researcher: Michael Brooks https://sitewat.ch Original Advisory: http://blog.sitewat.ch/2010/05/vulnerabilities-in-php-nuke.html Google hack: "Francisco...
DSA-2042-1 iscsitarget - arbitrary code execution
Bulletin has no description...
Winamp - Playlist UNC Path Computer Name Overflow (Metasploit)
$Id: winampplaylistunc.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Xftp FTP Client 3.0 - PWD Remote Buffer Overflow (Metasploit)
$Id: xftpclientpwd.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Winamp 5.572 whatsnew.txt SEH (meta)
No description provided by source. Title: Winamp 5.572 whatsnew.txt SEH MSF Author: Blake Published: 2010-04-15 Tested on Windows XP SP3 This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for...
Joomla! Component FLEXIcontent 1.5 - Local File Inclusion
Joomla Component comflexicontent Local File Vulnerability +Title: Joomla Component Local File Inclusion Vulnerability +Version: comflexicontent FLEXIcontent 1.5 stable +Download: http://www.flexicontent.org/downloads/latest-version.html +Author: eidelweiss +Contact: eidelweissatcyberservicesdotco...
Fedora Update for horde FEDORA-2010-5483
Check for the Version of horde OpenVAS Vulnerability Test Fedora Update for horde FEDORA-2010-5483 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Computer Associates License Server GETCONFIG Overflow
$Id: calicservgetconfig.rb 8478 2010-02-13 16:16:13Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Publique! Framework 2.3 SQL Injection
===== Tempest Security Intelligence - Advisory 01 / 2010 ============= SQL injection vulnerability in Publique! Framework -------------------------------------------------- Authors: Christophe de la Fuente Gustavo Pimentel Bittencourt ===== Table of Contents ================================= 1...
Adobe Collab.collectEmailInfo() Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'zlib' class Metasploit3...