EUVD-2012-5537

Malware in sbrugna...

EUVD-2016-10648

Malware in sbrugna...

EUVD-2014-8871

Malware in sbrugna...

EUVD-2022-52807

Malicious code in bioql PyPI...

Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

SUSE CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

Fedora 22 : asterisk-13.3.2-1.fc22 (2015-5948)

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2. These releases are...

FreeBSD : asterisk -- TLS Certificate Common name NULL byte exploit (5fee3f02-de37-11e4-b7c3-001999f8d30b)

The Asterisk project reports : When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion o...

CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...

Zubrag Smart File Download 1.3 Arbitrary File Download Vulnerability

No description provided by source. --------------------------------------------------- "File Download 1.3" Remote File Download Exploit. --------------------------------------------------- By :Aodrulez. Email :[email protected] Blog :aodrulez.blogspot.com...

Zubrag Smart File Download 1.3 - Arbitrary File Download

Zubrag Smart File Download 1.3 - Arbitrary File Download --------------------------------------------------- "File Download 1.3" Remote File Download Exploit. --------------------------------------------------- By :Aodrulez. Email :[email protected] Blog :aodrulez.blogspot.com...

ArGoSoft FTP Server <= 1.4.2.8 Denial of Service Exploit

No description provided by source. / ArGoSoft Ftp Server remote overflow exploit author : c0d3r "kaveh razavi" [email protected] [email protected] package : ArGoSoft 1.4.2.29 and prior advisory : packetstormsecurity.nl/0503-advisories/argosoftFTP1428.txt company address : argosoft.com the bug...

Apache Tomcat 3.x - Null Byte Directory / File Disclosure

source: https://www.securityfocus.com/bid/6721/info Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier. It has been reported that remote attackers may view directory contents even when an 'index.html' or other welcome file. It is also possible...

MSIE may download and run programs automatically - details

This posting briefly describes some technical details of the vulnerability discussed in the Bugtraq messages with the subjects "MSIE may download and run progams automatically" Dec 14 2001 and "File extensions spoofable in MSIE download dialog" Nov 26 2001. The flaw allows a malicious web site to...

Fun with UltraBoard V1.6X

hola friends, found some interesting things in the "old" UltraBoard-Forum scripts UltraBoard V 1.6 class:Input Validation Error remote:Yes vulnerable:UltraBoard V1. vendor: www.ultrascripts.com || www.ub2k.com Description: By using the good old NullByte000 its possible to open "any" file on the...