Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 groupname parameter in a savecategory in the users module; 2 virtualfilename, 3 branch, 4 contactperson, 5 street, 6 city, 7 province, 8 postal, 9...

Python-wrapper Untrusted Search Path / Code Execution

python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root to help'modules' or help and then modules from withi...

rsyslog security, bug fix, and enhancement update

5.8.10-2 - add patch to update information on debugging in the man page Resolves: 820311 - add patch to prevent debug output to stdout after forking Resolves: 820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: 822118 5.8.10-1 - rebase to rsyslog 5.8.1...

Drupal Drag And Drop 6.x-1.5 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Drupal Modules - Drag & Drop Gallery Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Silverstripe Modules - Pixlr Image Editor Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Design/Logic Flaw

The imalsmruleinit function in security/integrity/ima/imapolicy.c in the Linux kernel before 2.6.37, when the Linux Security Modules LSM framework is disabled, allows local users to bypass Integrity Measurement Architecture IMA rules in opportunistic circumstances by leveraging an administrator's...

iScripts EasyCreate CMS 2.0 SQL Injection / Cross Site Scripting

Title: ====== iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites Date: ===== 2012-06-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=588 VL-ID: ===== 588 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Joomla jFancy 2.03 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Snack Attack: Analyzing Flame's Replication Pattern

The Flame malware uses several methods to replicate itself. The most interesting one is the use of the Microsoft Windows Update service. This is implemented in Flame’s “SNACK”, “MUNCH” and “GADGET” modules. Being parts of Flame, these modules are easily reconfigurable. The behavior of these modul...

PowerSploit

This project is no longer supported PowerSploit is a col...

Through the Zend directory permissions are not strict get execute permissions-bug warning-the black bar safety net

On the server a lot have installed Zend Even if C:\Program Files\ set permissions, install Zend, Zend will auto-configure directory permissions C:\Program Files\Zend\ZendOptimizer-3.3.0\ under the directory permissions for the Everyone full,which leads to the intruder can be written into the file...

SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS)

Cross Site Scripting CVE: CVE-2012-2708. Hostmaster displays a log from tasks executed in Aegir's backend component, provision. In certain circumstances these log messages were not escaped properly before being displayed to the user. This vulnerability is mitigated by the fact that people wishing...

[SECURITY] Fedora 16 Update: python-2.7.3-1.fc16

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

Citing Terms Of Service, Google Takes Down Blog Of Iranian Security Researcher

An Iranian man who revealed a vulnerability in a widely used point of sale POS system in Iran had his blog confiscated by Google, which cited violations of its Terms of Service. A Google spokesman acknowledged that the company pulled down the Blogger site that Khosrow Zarefarid, an Iranian IT...

Fedora Update for pam FEDORA-2011-16390

Check for the Version of pam OpenVAS Vulnerability Test Fedora Update for pam FEDORA-2011-16390 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Joomla 2.5 Modules Simple Spotlight Upload Shell

Exploit for php platform in category web applications Joomla 2.5 Modules Simple Spotlight Upload Shell 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 | | | | || | | | / \ | / | / / 3 1 | | | | | || | | | | | | | | || | / / 7 3 | Exploit Modules Joomla by...

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. Use dynamic analysis on Android applications and devices for quicker security assessments. Share publicly known...

PRE PRINTING STUDIO - SQL Injection

Exploit Title: PRE PRINTING STUDIO Sql Injection Date: 16/03/2012 Author: r45c4l Email: [email protected] Script url: http://www.preprojects.com/preprojects/printing.asp Version: N/A CVE : ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::...

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...