Authentication flaw

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562...

discuz 7.2 code execution vulnerability using the method of two-vulnerability and early warning-the black bar safety net

Use the exp while only the machine testing, and other purposes at your own risk! The first method: First register a user and then put form method="post" action=" http://www.xxx.com/bbs/misc.php" enctype="multipart/form-data" Post ID, specify the presence of a post:input type="text" name="tid"...

Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)

$Id: mssqlpayloadsqli.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Shenzhen College of Information Technology V3. 0 injection vulnerability-vulnerability warning-the black bar safety net

Publishing author: xiaokis Affected version: V3. 0 Vulnerability type: SQL injection Vulnerability description: File: the newss. asp % on error resume next sql="update news set hits=hits+1 where id="&cstrrequest"id" conn. execute sql set rs=server. createobject"adodb. recordset" sql="select from...

Microsoft SQL Server Payload Execution via SQL Injection

This module will execute an arbitrary payload on a Microsoft SQL Server, using a SQL injection vulnerability. Once a vulnerability is identified this module will use xpcmdshell to upload and execute Metasploit payloads. It is necessary to specify the exact point where the SQL injection...

Oracle Document Capture empop3.dll Insecure Methods

Exploit for windows platform in category remote exploits Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting, File deleting Exploits: YES Reported: 22.03.2010 Vendor response: 31.03.2010 Date of Public...

[DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods

DSECRG-11-002 Internal DSECRG-00143 SAP Crystal Report Server 2008 scriptinghelpers.dll ActiveX component - Insecure methods The component contains insecure methods by which you can overwrite any file in the OS, run the executable file, kill process, delete the file. Application: SAP Crystal Repo...

Oracle Document Capture - empop3.dll Insecure Methods

Oracle Document Capture - empop3.dll Insecure Methods Source: http://packetstormsecurity.org/files/view/97868/DSECRG-11-005.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture...

Oracle Document Capture Actbar2.ocx Insecure Method

ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting Exploits: YES Reported: 22.03.2010 Vendor response:...

Hackers learning new ways to hijack smartphones !

How safe is your cell phone? Thieves are coming up with new ways to hijack the most popular smartphones. ABC Action News investigative reporter Michael George enlisted the help of a hacking expert to find out how these programs work, and how to beat them. Droids, iPhones, and BlackBerries are jus...

CVE-2010-4254

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call...

CVE-2010-4254

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call...

JavaSnoop-1.0 FINAL - Latest Release

"JavaSnoop is a tool that lets you intercept methods, alter data and otherwise hack Java applications running on your computer." This is the change log for the current release: Added granular logging on the agent still controlled by the main UI menu Fixed Jython/BeanShell bug had to remove...

CVE-2010-4254

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call...

NSA: Our Development Methods Are in the Open Now

WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtual...

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 aka tg2 before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors...

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 aka tg2 before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors...

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 aka tg2 before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors...

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 aka tg2 before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors...

CVE-2009-5015

Removed by vendor...