4491 matches found
SchoolMation Version 2.3 SQLi and XSS Vulnerability
Exploit for php platform in category web applications =================================================== SchoolMation Version 2.3 SQLi and XSS Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'...
Haciendo amigos
Cuando haga amigos, considere ubicarlos en grupos. Puede organizarlos en grados de privacidad aquéllos que sepan de mi familia y aquéllos que no o personas que se conocen entre ellas. La gente puede pertenecer a más de un grupo si usted así lo desea. Piense en qué tipo de amigos son. ¿Familia?...
[SECURITY] Fedora 13 Update: alienarena-7.33-2.fc13
Alien Arena 2009 is an online deathmatch game with over 30 levels, seven mo des of play, loads of mutators, built-in bots, multiple player characters and w eapons with alt-fire modes...
Joomla! Component JInventory 1.23.02 - Local File Inclusion
Joomla! Component JInventory 1.23.02 - Local File Inclusion --------------------------------------------------------------------------------- Joomla Component JInventory Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s...
Joomla! Component JInventory 1.23.02 - Local File Inclusion
--------------------------------------------------------------------------------- Joomla Component JInventory Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group : LatinHackTeam Email & msn : [email protected] Date ...
JQL breaks issue security levels based on custom fields
The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...
WD-CMS 3.0 XSS / File Disclosure
Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities Date: December 31st, 2009 Author: Sora Software Link: http://www.webdiamond.net/cms.html Version: 3.0 Tested on: Windows Vista and Linux Backtrack 3 --------------------------------------------------------------- WD-CMS 3.0 Multiple Vulnerabiliti...
WD-CMS 3.0 - Multiple Vulnerabilities
WD-CMS 3.0 - Multiple Vulnerabilities Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities Date: December 31st, 2009 Author: Sora Software Link: http://www.webdiamond.net/cms.html Version: 3.0 Tested on: Windows Vista and Linux Backtrack 3...
WD-CMS 3.0 Multiple Vulnerabilities
Exploit for unknown platform in category web applications =================================== WD-CMS 3.0 Multiple Vulnerabilities =================================== Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities Date: December 31st, 2009 Author: Sora Software Link:...
Easy News Content Management (News.mdb) Database Disclosure Vuln
No description provided by source. Author : BeyazKurt Contact : [email protected] Site : www.khg-crew.ws - KOSOVA HACKERS GROUP Script : Easy Content Management Publishing Script Site : http://easy-news.org/content-management-terns.asp Description : An easy to use ASP-based content management...
smb-enum-sessions NSE Script
Enumerates the users logged into a system either locally or through an SMB share. The local users can be logged on either physically on the machine, or through a terminal services session. Connections to a SMB share are, for example, people connected to fileshares or making RPC calls. Nmap's...
Design/Logic Flaw
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...
CVE-2008-3657
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...
CVE-2008-3655
CVE-2008-3655 affects Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423. It does not properly restrict access to critical variables and methods at various safe levels, allowing context‑dependent attackers to bypass access restrictions via (1) untrac...
CVE-2008-3657
CVE-2008-3657 is a confirmed issue in the Ruby DL module where inputs are not tainted, allowing context-dependent attackers to bypass safe levels and call dangerous functions via DL.dlopen. Affected are Ruby 1.8.5 and older, 1.8.6 up to -p286, 1.8.7 up to -p71, and 1.9 up to r18423. Connected adv...
CVE-2008-3657
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...
Ruby missing "taintness" checks in dl module
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...
Ruby multiple insufficient safe mode restrictions
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...
Debian Security Advisory DSA 1157-1 (ruby1.8)
The remote host is missing an update to ruby1.8 announced via advisory DSA 1157-1. Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service. The Common Vulnerabilities and Exposures project...
Debian: Security Advisory (DSA-1139-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...