Parallels Plesk Panel phppath/php vulnerability

Overview Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution. Description Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms may be exploited by a combination of CVE-2012-1823 and the Plesk phppath script alias usage. There have been...

flash-plugin: multiple code execution flaws (APSB13-11)

Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before...

KMPlayer ‘.m3u’文件拒绝服务漏洞

KMPlayer是来自韩国的影音全能播放器，是从linux平台移植而来的，几乎可以播放您系统上所有的影音文件。 KMPlayer 3.5.0.77版本存在拒绝服务漏洞。攻击者利用该漏洞导致受影响应用程序崩溃,该漏洞可能导致执行任意代码。 0 KMPlayer 3.5.0.77 厂商补丁： KMPlayer -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://kmplayer.kde.org/...

RHEL 5 : flash-plugin (RHSA-2008:0945)

An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. Updated 18th November 2008 The erratum has been updated to...

Nagios3 history.cgi Host Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 'Nagios3 history.cgi Hos...

flash-plugin: multiple code-execution flaws (APSB12-22)

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710...

Polycom Web Management Interface Command Injection

===== Tempest Security Intelligence - Advisory 02 / 2012 ================== Polycom Web Management Interface O.S. Command Injection ------------------------------------------------------- Authors: - Joao Paulo Caldas Campello: - @jpcampello - http://linkedin.com/in/jpcampello - - Heyder Andrade: ...

[SECURITY] Fedora 15 Update: nagios-3.3.1-3.fc15

Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...

flash-plugin: multiple code execution flaws (APSB12-03)

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified...

PHP local file inclusion(LFI)exploit-vulnerability warning-the black bar safety net

This study main references are: http://downloads.ackack.net/LocalFileInclusion.pdf Experimental code: If you are on linux, be submitted directly to: test. php? for=/etc/passwd%0 0 to display the file. ? php include$GET'for'.‘. php’;//for testing local include vulnerability ?& gt; If it is on win,...

flash-plugin: mulitple code execution flaws (APSB11-28)

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a...

flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service memory corruption via...

flash-plugin: critical flaws fixed in APSB11-26

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service browser crash via unspecified vectors, related to a "logic error issue."...

flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as...

jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

Interactive World SQL Injection

Interactive World index.php Sql Injection Vulnerability Multiple Vulnerabilities ============================================================== .:. Exploit Title : Interactive World SQL Injection Vulnerability Multiple Vulnerabilities .:. Author : Netrondoank aka netron .:. My Web :...

Is-Human 1.4.2 WordPress Plugin Command Execution

Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in /is-human/engine.php . It is possible to take control ...

Wordpress Plugin Is-human <=1.4.2 Remote Command Execution

Exploit for php platform in category web applications Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in...

WordPress Plugin Is-human 1.4.2 - Remote Command Execution

Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in /is-human/engine.php . It is possible to take control ...

flash-plugin: crash and potential arbitrary code execution (APSB11-12)

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors...