134 matches found
[Full-Disclosure] Advisory: Upload Authorization bypass in CitrusDB
Advisory: Upload Authorization bypass in CitrusDB A group of students at our lab called RedTeam found an authorization bypass vulnerability in CitrusDB which results in upload of fake credit card data, SQL-Injection and disclosure of credit card data. Details ======= Product: CitrusDB Affected...
[Full-Disclosure] Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software
Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software A group of students at our lab called RedTeam found a cross site scripting vulnerability in openconf which results in possible session takeover. Details ======= Product: openconf Affected Version: 1.04, probab...
[Full-Disclosure] Advisory: Authentication bypass in CitrusDB
Advisory: Authentication bypass in CitrusDB A group of Students in our lab called RedTeam found an authentication bypass vulnerability in CitrusDB which can result in complete corruption of the installed CitrusDB application. Details ======= Product: CitrusDB Affected Version: 0.3.6 verified,...
[Full-Disclosure] Credit Card data disclosure in CitrusDB
Credit Card data disclosure in CitrusDB A group of students at our lab called RedTeam found an information disclosure vulnerability in CitrusDB which can result in disclosure of credit card information. Details ======= Product: CitrusDB Affected Version: = 0.3.5 Immune Version: =0.3.6 OS affected...
Solaris 9 (x86) : 114715-01
SunOS 5.9x86: libdb2.so.1 Patch. Date this patch was last updated by Sun : Mar/25/03 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
[Full-Disclosure] php-ping: Executing arbritary commands
ppp-design found the following design error in php-ping: Details ------- Product: php-ping Affected Version: no version information included in the script Immune Version: latest version OS affected: all OS with php Vendor-URL: http://www.theworldsend.net/ Vendor-Status: informed, new version...
ICQ 2003a Password Bypass
Software: ICQ 2003a Threat: Login password can be bypassed locally I have found a vulnerability in ICQ Pro 2003a that allows anyone to connect to ICQ server using any account registered locally regardless the 'save password' option is checked or not. High level security password is also bypassed!...
SQL Injection in COMMUNITY WIZARD PORTAL
Author : MaskNBTA Vendor : http://www.commwiz.com/ Version : maybe all version Problem : Admin access Security : high Date : 16/12/2002 Exploit : In login page : LOGIN : ' OR ''=' PASS : ' OR ''=' You ' re administrator . You can do anything you want . Regards [email protected] Member of HVA -...
phpGB: cross site scripting bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following cross-site-scripting-bug in phpGB: Details - ------- Product: phpGB Affected Version: 1.10 and maybe all versions before Immune Version: 1.20 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status:...
Kerio Personal Firewall DOS Vulnerability
NSSI-Research Labs Security Advisory http://www.nssolution.com Philippines/.ph "Maximum e-security" http://nssilabs.nssolution.com Kerio Personal Firewall 2.x.x Denial of Service Vulnerability Author: Abraham Lincoln Hao / SunNinja e-Mail: [email protected] / [email protected] Advisory...
dnstools: authentication bypass vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following authentication bypass vulnerability in dnstools: Details - ------- Product: dnstools Affected Version: 2.0 beta 4 and maybe all versions before Immune Version: 2.0 beta 5 OS affected: Linux only Vendor-URL:...
Blahz-DNS: Authentication bypass vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following authentication bypass vulnerability in Blahz-DNS: Details - ------- Product: Blahz-DNS Affected Version: 0.2 and maybe all versions before Immune Version: 0.25 OS affected: OS indipentend php/mysql Vendor-URL:...
SunSop: cross-site-scripting bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following cross-site-scripting bug in SunShop Shopping Cart: Details - ------- Product: SunShop Shopping Cart Version: 2.5 and maybe all versions before OS affected: all OS with php and mysql Vendor-URL:...
WebSight Directory System: cross-site-scripting bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following cross-site-scripting bug in WebSight Directory System: Details - ------- Product: WebSight Directory System Affected Version: 0.1 Immune Version: 0.1.1 OS affected: all OS with php and mysql Vendor-URL:...