Airport Koeln/Bonn Blind SQL Injection

Title: ====== Airport Koeln/Bonn - Blind SQL Injection Vulnerabilities Date: ===== 2012-01-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=174 VL-ID: ===== 174 Introduction: ============= Der Köln Bonn Airport ist einer der größten Verkehrsflughäfen Deutschlands...

CVE-2011-4153

PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...

CVE-2011-4153

PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...

LibLime Koha 4.2 - Local File Inclusion

Exploit Title: Koha Opac Local File Inclusion Google Dork: inurl:koha/opac-main.pl Date: 17.11.2011 Author: Akin TosunlarVigasis Labs Software Link: www.koha.org Version: 4.2 Tested on: LinuxApache 2.2.14 CVE : Vigasis Pentest Team www.vigasis.com 0-Day Exploit Akin Tosunlar Special Thanks to Ozg...

CVE-2010-5025

Cross-site scripting XSS vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fldpath parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-5010

Cross-site scripting XSS vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter...

CVE-2010-4989

SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter...

The Mystery of Duqu

First of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident. To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here at a minimum – the main module and a...

[SECURITY] Fedora 14 Update: libsoup-2.32.2-2.fc14

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

THC-HYDRA v7.0 new version released for Download

THC-HYDRA v7.0 new version released for Download THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from...

Defence.pk Gets Hacked pr0tect0r A.K.A. mrNRG

Defence.pk Gets Hacked pr0tect0r A.K.A. mrNRG Defence.pk An independent defence organization committed to the research and analysis of Pakistan's security and strategic affairs Hacked by Indian Hacker pr0tect0r A.K.A. mrNRG. Defence.PK, one of the largest and most active Pakistani forum on...

CentOS Update for dbus-glib CESA-2010:0616 centos5 i386

Check for the Version of dbus-glib OpenVAS Vulnerability Test CentOS Update for dbus-glib CESA-2010:0616 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

cPanel 11.x (Fantastico) Local File Include / SM-b0x

Exploit for php platform in category web applications cPanel 11.x Fantastico Local File Include / SM-b0x ////\ //\ //\ //\ //\ //\ //\ //\ //\ :::/\ ::\:.\ \::\ \ \ \ :\ \ ::: \ \::: \ \::\ \:::/ /: / \:::/ ::/\ .\ \ //\:\ \ :: \ \:: /:/ /: / /::/ /\/\:: ::\ \::::/ :...

win32/PerfectXp-pc1/sp3 Tr Add Admin Shellcode 112 bytes

win32/PerfectXp-pc1/sp3 Tr Add Admin Shellcode 112 bytes. Shellcode exploit for win32 platform Title : win32/PerfectXp-pc1/sp3 Tr Add Admin Shellcode 112 bytes Author : KaHPeSeSe Screenshot : http://i53.tinypic.com/289yamq.jpg Desc. : usr: kpss , pass: 12345 , localgroup: Administrator Tested on ...

Istgah CMS Cross Site Scripting / SQL Injection

=========================================================================== Istgah Cms Multiple Vulnerability =========================================================================== Name: Istgah Cms Multiple Vulnerability Vendor: http://www.iran-team.com/agahi1.html Price: $40 Date: 2011-04-1...

HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow

This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is...

Race condition

Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System OTRS before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets...

CVE-2010-4765

Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System OTRS before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets...

CVE-2010-4765

The CVE affects Open Ticket Request System (OTRS) prior to 2.4.8. A race condition in Kernel::System::Main::FileWrite can allow remote authenticated users to corrupt the TicketCounter.log during ticket creation. Impact is data integrity loss and potential data corruption; exploitation requires au...

CVE-2010-4748

Cross-site scripting XSS vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information...