phpwind （manage.php）SQL injection exploit-vulnerability warning-the black bar safety net

PHPWind is a set of used php+mysql database running and can generate a html page of new and perfect of powerful system. We hope that as an open source. Sharing software,PHPWind can to its smooth speed and high load capacity aroused you to join PHPWind camp enthusiasm! Together to create a...

Windows Vista / 7 lpksetup. exe the DLL-hijacking-vulnerability warning-the black bar safety net

/ Exploit: Windows Vista/7 lpksetup.exe oci.dll DLL Hijacking Vulnerability Extension: the . mlc Author: Tyler Borland [email protected] Date: 10/20/2010 Tested on: Windows 7 Ultimate Windows Vista Ultimate/Enterpries and Windows 7 Enterprise should be vulnerable as well Effect: Remote Code...

kernel: buffer overflow in OSS load_mixer_volumes

The loadmixervolumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensiti...

JVN#33880169: Opera may insecurely load executable files

Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...

CVE-2011-0734

Cross-site scripting XSS vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as...

Microsoft Office Document Conversions Load Balancer Detection

Microsoft Office Document Conversions Load Balancer is running on this port. This service aides in the discovery of the Microsoft Office Document Conversions Launcher service and controls how jobs are routed to Conversions Launcher services. C Tenable Network Security, Inc. include"compat.inc";...

Mandriva Update for cyrus-sasl MDVA-2011:002 (cyrus-sasl)

Check for the Version of cyrus-sasl OpenVAS Vulnerability Test Mandriva Update for cyrus-sasl MDVA-2011:002 cyrus-sasl Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Mandriva Update for cyrus-sasl MDVA-2011:002 (cyrus-sasl)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

MySQL: mysqld DoS (assertion failure) while reading the file back into a table (MySQL bug #52512)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service mysqld daemon crash via a crafted request...

MySQL Handler Multiple Denial Of Service Vulnerabilities

MySQL is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mysql:mysql";...

kernel: socket filters infoleak

The skrunfilter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a 1 BPFSLDMEM or 2 BPFSLDXMEM instruction, which allows local users to obtain potentially sensitive information from kernel stac...

nrpe-enum NSE Script

Queries Nagios Remote Plugin Executor NRPE daemons to obtain information such as load averages, process counts, logged in user information, etc. This script attempts to execute the stock list of commands that are enabled. User-supplied arguments are not supported. Script Arguments nrpe-enum.cmds ...

DEBIAN-CVE-2010-4540

Stack-based buffer overflow in the loadpresetresponse function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long Position field...

Sigma Portal Denial of Service Vulnerability

Securitylab.ir Application Info: Name: Sigma Portal Vendor: http://www.sigma.ir Vulnerability Info: Type: Denial of Service Risk: Medium 2010-08-11 - Vendor notified Vulnerability: http://site.ir/Portal/Picture/ShowObjectPicture.aspx?Width=27910000&Height=1099000-=&ObjectType=News&ObjectID=Pictur...

Sigma Portal Denial Of Service

Securitylab.ir Application Info: Name: Sigma Portal Vendor: http://www.sigma.ir Vulnerability Info: Type: Denial of Service Risk: Medium 2010-08-11 - Vendor notified Vulnerability: http://site.ir/Portal/Picture/ShowObjectPicture.aspx?Width=%27910000&Height=1099000-=&ObjectType=News&ObjectID=Pictu...

Stack overflow

Stack-based buffer overflow in the SapThemeRepository ActiveX control sapwdpcd.dll in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the 1 Load and 2 LoadTheme methods...

Microsoft SharePoint Server Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Office Document...

Microsoft SharePoint Malformed Request Remote Code Execution (MS10-104; CVE-2010-3964)

Document Conversions Launcher Service schedules and initiates the document conversions on a server. When Microsoft Office SharePoint Server 2007 passes the service a document conversion request, the Document Conversions Launcher Service calls the appropriate document converter. A remote code...

CVE-2010-4513

Multiple cross-site scripting XSS vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 file parameter in a load action to zimplit.php and 2 client parameter to Englishmanualversion2.php...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1017-1)

It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. CVE-2010-2008 It was discovered that MySQL...