141 matches found
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
UBUNTU-CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
PT-2014-1991 · Trane · Trane Comfortlink Ii
Name of the Vulnerable Software and Affected Versions: Trane ComfortLink II SCC firmware version 2.0.2 Description: The issue is related to a design flaw in the service that allows remote attackers to gain complete control of the system. It is also associated with the exploitation of predefined...
ActFax 4.31 Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html...
CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL:...
Apple OS X Sandbox Predefined Profiles Bypass
No description provided by source. Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL: http://www.coresecurity.com/content/apple-osx-sandbox-bypass Date published: 2011-11-10 Date of...
Apple OS X Sandbox Predefined Profiles Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL:...
Adobe AIR < 2.6.0.19140 ActionScript Predefined Class Prototype Addition Remote Code Execution (APSB11-07)
The remote Windows host contains a version of Adobe AIR earlier than 2.6.0.19140. Such versions are reportedly affected by a memory corruption vulnerability. By tricking a user on the affected system into opening a specially crafted document with Flash content, such as a SWF file embedded in a...
Struts2/XWork < 2.2.0 remote execution of arbitrary code vulnerability analysis and patch-vulnerability warning-the black bar safety net
Neeao's Blog http://neeao.com/ : 1. exploit-db website on 7 month 1 4 day broke aStruts2 remote execution of arbitrary code vulnerabilityvulnerability, hazard of large, can be described as a crack shot, directly to the root, as long as the use Struts2 and webwork framework of the system for the...
OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
Application executes all executables with predefined names found in system...
OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...
OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...
TutorialCMS <= 1.01 Authentication Bypass Vulnerability
No description provided by source. TutorialCMS = 1.01 Authentication Bypass Discovered by: Silentz Payload: Authentication Bypass Website: http://www.w4ck1ng.com Vulnerability: Variables $loggedIn & $activated are not predefined. Vulnerable Files: login.php headerLinks.php submit1.php myFav.php...
tutorialcms-bypass.txt
TutorialCMS = 1.01 Authentication Bypass Discovered by: Silentz Payload: Authentication Bypass Website: http://www.w4ck1ng.com Vulnerability: Variables $loggedIn & $activated are not predefined. Vulnerable Files: login.php headerLinks.php submit1.php myFav.php userCP.php PoC:...
Microsoft ISA Server NetBIOS预定义过滤策略绕过漏洞(MS05-034)
ISA Server是微软产品家族之一,可以提供企业防火墙和高性能的Web缓存。 ISA Server 2000中存在权限提升漏洞,成功利用这个漏洞可以绕过策略限制。 攻击者可以利用NetBIOSall预定义报文过滤同ISA Server创建NetBIOS连接。 Microsoft ISA Server 2000 SP2 Microsoft已经为此发布了一个安全公告(MS05-034)以及相应补丁: MS05-034:Cumulative Security Update for ISA Server 2000 899753...
McAfee WebShield applience backdoor account
There is built-in account with predefined login and password...
CVE-2005-1216
Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS all predefined packet filter...
Cisco Unity multiple bugs
Local account with predefined passsword, server awaits for connection from statically compiled address. etc/...
Predefined Restriction Tables Allow Calls to International Operator
...