3088 matches found
MySQL < 4.1.2 Insecure Temporary File Creation
The version of MySQL installed on the remote host is earlier than 4.1.2 and reportedly allows a local user to overwrite files via a symlink attack. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17799; scriptversion"1.4"; scriptcvsdate"Date: 2018/07/16 14:09:12";...
TFTP Server 1.4 - ST 'RRQ' Remote Buffer Overflow
!/usr/bin/python --------------------------------------------------------------------------- Exploit: TFTP SERVER V1.4 ST RRQ Overflow OS: Windows XP PRO SP3 Author: b33f --------------------------------------------------------------------------- Smashing the stack for fun and practise... This tf...
CVE-2012-6038
creationtimestamp| type| source ---|---|--- 2012-01-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/18344...
OpenSSL 0.9.7 < 0.9.7f Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.7f. It is, therefore, affected by a vulnerability as referenced in the 0.9.7f advisory. - The derchop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwri...
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. The Ruby...
SAP NetWeaver SOAP RFC - CSRF
Application: SAP BASIS Vendor URL: http://www.sap.com Bugs: CSRF Exploits: YES Reported: 12.03.2011 Vendor response:13.03.2011 Date of SAP Security Note published: 14.08.2012 Date of Public Advisory:13.11.2012 Reference: SAP Security Note 1728500 Author: Alexey Tyurin ERPScan Description It is...
SAP Portal - unauthorized file read
Application: SAP Portal Vendor URL: http://www.sap.com Bugs: Directory traversal Exploits: YES Reported: 12.03.2011 Vendor response: 13.03.2011 Date of Public Advisory: 12.09.2012 Reference: SAP Security Note 1707494 Author: Dmitry Chastukhin ERPScan Description It is possible to read files in...
[DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS
SAP NetWeaver JavaMailExamples has linked XSS vulnerability. Digital Security Research Group DSecRG Advisory Internal DSecRG-00135 Application: SAP NetWeaver Versions Affected: SAP NetWeaver JavaMailExamples Vendor URL: http://www.SAP.com Bugs: XSS Exploits: YES Reported: 11.05.2010 Vendor...
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation
DSECRG-11-040 SAP NetWeaver SPML - XML CSRF user creation Attacker can create a new user in J2EE Engine using CSRF attack on SPML service. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: CSRF Reported: 14.03.2011 Vendor response: 15.03.2011 Date of...
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
DSECRG-11-032 SAP NetWeaver ipcpricing - information disclose com.sap.ipc.webapp.ipcpricing application has information disclose vulnerability Digital Security Research Group DSecRG Advisory DSECRG-11-032 Internal DSecRG-00197 Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL...
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
DSECRG-11-031 SAP RFC EPSDELETEFILE - Authorisation bypass, smbrelay Security vulnerability was founded in sap EPSDELETEFILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack. Digital Security Research Group...
SAP NetWeaver BW Doc Cross Site Scripting
DSECRG-11-037 SAP BW Doc - Multiple XSS BW DOC metadata application in SAP NetWeaver is vulnerable to XSS attack. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: XSS Reported: 14.03.2011 Vendor response: 16.03.2011 Date of Public Advisory: 11.11.20...
Oracle DataDirect Buffer Overflow
g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This exception may be expected and handled...
CVE-2011-3883
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters...
CVE-2011-3254
Cross-site scripting XSS vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note...
CVE-2011-3254
Cross-site scripting XSS vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note...
redmind Online-Shop / E-Commerce-System SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : redmind Online-Shop / E-Commerce-System SQL Injection Vulnerability Google Dork : "powered by redmind" or "Entwickelt und betrieben von redmind" Software Link : http://www.redmind.de/online-shop.html Version : N/A Tested on :...
Trojan Makes Child-Porn Accusation, Locks Computer, Requests $17
A new ransomware scam locks down its victims’ computers, attempting to convince them that child pornography has been found therein, and informs users that their machine will be unlocked only after paying a $17 500 ruble fine, according to a BitDefender analysis reported by MalwareCity. The trojan...
SAP NetWeaver Business Communication Broker - multiple XSS
Application: SAP NetWeaver Vendor URL: Bugs: Multiple XSS Risk: High Exploits: YES Reported: 09.12.2011 Vendor response: 10.12.2011 Date of Public Advisory: 20.01.2012 Reference: SAP Security Note 1585652 Description SAP NetWeaver Business Communication Broker has multiple linked XSS vulnerabilie...
WordPress Paid Downloads 2.01 SQL Injection
Exploit Title: WordPress Paid Downloads plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $downloadkey = $GET"downloadkey"; $sql = "SELECT FROM ".$wpdb-prefix."pddownloadlinks WHERE downloadkey = '".$downloadkey."'"; $linkdetails =...