1196 matches found
chCounter indirect SQL Injection and XSS Vulnerabilities
No description provided by source. Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...
Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit
No description provided by source. ?!/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written for...
Minify4Joomla Upload and Persistent XSS Vulnerability
No description provided by source. ======================================================= Minify4Joomla Upload and Persistent XSS Vulnerability ======================================================= Name : Minify4Joomla Upload and Persistent XSS Vulnerability Date : july 9,2010 Critical Level :...
OTSCMS <= 2.1.3 - Multiple Remote File Include Vulnerabilities
No description provided by source. Coding 4 Fun c4f.pl OTSCMS = 2.1.3 by Wrzasq www.otscms.com ; Class = Remote File Inclusion ; Download = http://sourceforge.net/project/showfiles.php?groupid=145557 ; Found by = GregStar gregstaratc4fdotpl ;...
webgrind 1.0 (file param) Local File Inclusion Vulnerability
No description provided by source. webgrind 1.0 file param Local File Inclusion Vulnerability Vendor: Joakim Nygard and Jacob Oettinger Product web page: http://code.google.com/p/webgrind Affected version: 1.0 v1.02 in trunk on github Summary: Webgrind is an Xdebug profiling web frontend in PHP5...
Joomla Component RSComments 1.0.0 Persistent XSS
No description provided by source. Exploit Title: Joomla Component RSComments 1.0.0 Multiple XSS Vulnerabilities Date: 18 May 2010 Author: jdc Software Link: http://www.rsjoomla.com Version: 1.0.0 Tested on: PHP5, MySQL5 Name Field Persistent XSS -------------------------...
BPStudent 1.0 - Blind SQL Injection
No description provided by source. x========================================================================================================================================x | AntiSecuritydotorg |...
Ubuntu: Security Advisory (USN-2254-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2254-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
php5 security update
Package : php5 Version : 5.3.3-7+squeeze20 CVE ID : CVE-2014-4049 It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle...
php5 security update
Package : php5 Version : 5.3.3-7+squeeze20 CVE ID : CVE-2014-4049 It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle...
Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management...
DLA-0010-1 php5 - security update
Bulletin has no description...
openSUSE Security Update : php5 (openSUSE-SU-2014:0841-1)
php5 was updated to prevent insecure DNS TXT record parsing. This security issue was fixed : - Heap-based buffer overflow in DNS TXT record parsing CVE-2014-4049 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUS...
USN-2254-2 php5 updates
USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185 further restricted the permissions on the PHP FastCGI Process Manager FPM UNIX socket. This update grants socket access to the www-data user and group so installations and documentation relying on the previous socket permissions...
Lunar CMS 3.3 - Remote Command Execution
!/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so...
Lunar CMS 3.3 - CSRF And Stored XSS Vulnerability
Exploit for php platform in category web applications CSRF Add Admin =============== inpu...
USN-2254-1: PHP vulnerabilities
Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. CVE-2014-0185 Francisco...
Lunar CMS 3.3 CSRF / Cross Site Scripting
CSRF Add Admin =============== input type="hidden" name="email" v...
Lunar CMS 3.3 - Cross-Site Request Forgery Persistent Cross-Site Scripting
Lunar CMS 3.3 - Cross-Site Request Forgery Persistent Cross-Site Scripting CSRF Add Admin =============== input type="hidden" name="name" value="Hacker"...