HP Operations Agent Opcode 0x8c vulnerability

Added: 08/20/2012 CVE: CVE-2012-2020 BID: 54362 OSVDB: 83674 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

F5 BIG-IP - Authentication Bypass (PoC)

F5 BIG-IP - Authentication Bypass PoC Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date:...

PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)

Bugtraq ID: 51954 CVE ID：CVE-2012-0831 Php存在一个安全漏洞允许远程禁用magicquotesgpc，这允许远程攻击者绕过防止SQL注入的限制 0 PHP 5.3.8 PHP 5.3.7 PHP 5.3.6 PHP 5.3.2 PHP 5.2.4 PHP 5.3.5 PHP 5.3.4 PHP 5.3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息： https://bugs.php.net/bug.php?id=61043...

MyBB 1.6.6之前版本多个安全漏洞

BUGTRAQ ID: 51962 MyBB是一款流行的Web论坛程序。 MyBB在实现上存在多个安全漏洞，攻击者可利用这些漏洞执行脚本代码、窃取Cookie身份验证凭证、泄露或修改敏感信息或执行非法操作。 0 MyBB 1.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybboard.com/...

PHP 5.3.x libxslt安全限制绕过漏洞

BUGTRAQ ID: 51806 CVE ID: CVE-2012-0057 PHP是一种在电脑上运行的脚本语言，主要用途是在于处理动态网页，包含了命令行运行接口或者产生图形用户界面程序。 PHP在libxslt安全设置上存在漏洞，可使远程攻击者通过使用了libxslt输出扩展的特制XSLT样式表创建任意文件。 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

Joomla Boss Component Local File Inclusion Vulnerability

This host is running Joomla Boss component and is prone to local file inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacombosslfivuln.nasl 7577 2017-10-26 10:41:56Z cfischer $ Joomla Boss Component Local File Inclusion Vulnerability Authors: Madhuri D Copyright: Copyright c 2012...

Joomla XBall Component SQL Injection Vulnerability

This host is running Joomla XBall component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomxballsqlinjvuln.nasl 5950 2017-04-13 09:02:06Z teissa $ Joomla XBall Component SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2012 Greenbone...

FreeSSHd Remote Denial of Service Vulnerability

The host is running FreeSSHd and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodfreesshdremotedosvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ FreeSSHd Remote Denial of Service Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...

PT-2011-5166 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 3.0.4 SP2.1 and earlier Description: The issue allows remote attackers to hijack the authentication of admins for specific requests. This can be achieved through cross-site request forgery CSRF vulnerabilities. The...

Touhou Hisouten vulnerable to denial-of-service

Overview Touhou Hisouten from Twilight Frontier contains a denial-of-service DoS vulnerability. Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Yu...

phpMyAdmin 3.x Conditional Session Manipulation

No description provided by source. Application: phpMyAdmin 3.x Patched ver: 3.3.10.3 and 3.4.3.2 Severity: Low Exploitable: Remote PMASA ID: PMASA-2011-12 Description If the Swekey extention is activated a remote attacker can manipulate the variables in the the global namespace. Fix Upgrade to...

Mandriva Linux Security Advisory : kdenetwork4 (MDVSA-2011:081)

A vulnerability has been found and corrected in kdenetwork4 : Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. dot dot in the na...

MediaCast 8 Credential Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: MediaCast Password Dump Vulnerability Release Date: 04/25/2011 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application: MediaCast &ClearSession=1 or...

NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration

======= Summary ======= Name: Cisco IPSec VPN Implementation Group Name Enumeration Release Date: 22 March 2011 Reference: NGS00014 Discoverer: Gavin Jones Vendor: Cisco Vendor Reference: CSCei51783, CSCtj96108 Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series...

IBM Tivoli vulnerable to denial-of-service (DoS)

Overview IBM Tivoli contains a denial-of-service DoS vulnerability. IBM Tivoli contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. A wide range of products are affected. For more information, refer to the vendor's website. Impact A remote attacker may...

Google Chrome 9.0.597.94之前的版本多个漏洞

BUGTRAQ ID: 46262 Google Chrome是Google开发网页浏览器。 Google Chrome 9.0.597.94之前版本在实现上存在多个安全漏洞，远程攻击者可利用这些漏洞在浏览器中执行任意代码或造成拒绝服务。 Google Chrome 7.0.548.0 - 9.0.597.84 厂商补丁： Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.google.com...

Automated Solutions ModbusTCP OPC Server - Remote Heap Corruption (PoC)

Automated Solutions ModbusTCP OPC Server - Remote Heap Corruption PoC !/usr/bin/python asmb-heap.py Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC Jeremy Brown 0xjbrown41-gmail-com Jan 2011 A specially crafted length field in a MODBUS packet header can trigger heap corruptio...

Blue River Mura CMS Directory Traversal

Sep 24, 2010 Title: Blue River Mura CMS Directory Traversal Version: 1.0 Issue type: Directory Traversal Affected vendor: Blue River Interactive Group Release date: 24/09/2010 Discovered by: Steven Seeley & Rohan Stelling Summary Mura CMS is an open source content management system which is built...

Achievo 1.4.3 - Cross-Site Request Forgery

Achievo 1.4.3 - Cross-Site Request Forgery Advisory Name: Cross Site Request Forgery in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-03 Vulnerability Class: Cross Site Request Forgery Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable...

Achievo 1.4.3 - Multiple Authorisation Vulnerabilities

Advisory Name: Multiple Authorization Flaws in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-02 Vulnerability Class: Authorization Flaw Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable Affected Platforms: Any Local / Remote: Remote Severit...