In-depth understanding of the JAVA deserialization vulnerability-vulnerability warning-the black bar safety net

1.Java serialization and deserialization Java serialization refers to the Java object is converted to byte sequence of the process easy to save in memory, a file, a database, the ObjectOutputStream class's writeObjectmethod can be implemented serialized. Java deserialization refers to the sequenc...

CVE-2016-2049

examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...

Digital Scribe 1.4.1 - Multiple SQL Injection Vulnerabilities

No description provided by source. Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities Name Digital Scribe Vendor http://www.digital-scribe.org Versions Affected 1.4.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Da...

Directory traversal

Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager VSM before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the CiscoVSBWT aka Broadware sample code package, aka Bug ID CSCsv37163...

Code injection

google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2011-5238

CVE-2011-5238 affects google-checkout-php-sample-code up to version 1.3.1. The issue is inadequate TLS hostname verification: the code does not ensure the server hostname matches CN/subjectAltName, enabling MITM with any valid certificate. Impact per note: partial confidentiality and integrity; n...

CVE-2012-5820

The CVE concerns the Google AdMob developer-account sample code failing to verify that the server hostname matches the CN/subjectAltName in the X.509 certificate. This allows MITM attackers to spoof SSL servers using an arbitrary valid certificate. Affected: Google AdMob sample code; root cause: ...

Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control

Exploit for windows platform in category remote exploits ob...

Joomla! Component JE Auto 1.0 - SQL Injection

Joomla! Component JE Auto 1.0 - SQL Injection JE Auto 1.0 SQL Injection Vulnerability Name JE Auto Vendor http://joomlaextensions.co.in/extensions/components/je-auto.html Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at...

TTVideo 1.0 Joomla Component SQL Injection Vulnerability

TTVideo 1.0 Joomla Component SQL Injection Vulnerability Name TTVideo Vendor http://www.toughtomato.com Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-27 X. INDEX I. ABOUT THE APPLICATION II...

Joomla Appointinator 1.0.1 SQL Injection

Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities Name Appointinator Vendor http://appointinator.chemeia.info Versions Affected 1.0.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-27 X. INDEX ...

RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability

RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability Name RedShop Vendor http://redweb.dk Versions Affected 1.0.23.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-13 X. INDEX I. ABOUT THE...

UHTTP Server Path Traversal

uhttp Server Path Traversal Vulnerability Name uhttp Server Vendor http://uhttps.sourceforge.net Versions Affected 0.1.0-alpha Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-03-10 X. INDEX I. ABOUT THE APPLICATION I...

Miniweb 2.0 - Full Path Disclosure

Miniweb 2.0 - Full Path Disclosure Miniweb 2.0 Full Path Disclosure Name Miniweb 2.0 Vendor http://www.miniweb2.com Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-12 X. INDEX I. ABOUT THE APPLICATION II...

phpCollegeExchange 0.1.5c - Multiple SQL Injections

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities Name phpCollegeExchange Vendor http://phpcollegeex.sourceforge.net Versions Affected 0.1.5c Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-11 X...

Vulnerability in Sample Code in Hitachi uCosminexus Portal Framework Manuals

Overview The sample code provided in Hitachi uCosminexus Portal Framework Manuals has a vulnerability which could allow a logged-in user to view or update data with the privileges of those who have logged in later than the user. Impact A remote attacker could view or update files. Solution Please...

CVE-2007-1871.txt

Cross site scripting in chcounter 3.1.3 security advisory References: http://chcounter.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1871 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be use...

CVE-2007-1871: Cross site scripting in chcounter 3.1.3

Cross site scripting in chcounter 3.1.3 security advisory References: http://chcounter.org/ https://vulners.com/cve/CVE-2007-1871 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal session...

Microsoft Windows - 'RPC DCOM' Remote Buffer Overflow

include include include include include include pragma commentlib,"ws232" unsigned char bindstr= 0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00, 0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,...