164 matches found
Drupal Coder Remote Code Execution Vulnerability
Drupal is a free, open-source content management system developed in the PHP language maintained by the Drupal community; Coder is Drupal's encoder module. A remote code execution vulnerability exists in the Drupal Coder module. Because the module does not adequately validate user-entered script...
The vulnerability of the ATML component in Microsoft Lync, the Microsoft Office suite, and the Windows operating system allows a perpetrator to execute arbitrary code.
The vulnerability of the ATML component in Microsoft Lync, the Microsoft Office suite, and the Windows operating system is due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted script file...
Mozilla - Maintenance Service Log File Overwrite Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=427&can=1 Mozilla Maintenance Service: Log File Overwrite Elevation of Privilege Platform: Windows Version: Mozilla Firefox 38.0.5 Class: Elevation of Privilege Summary: The maintenance service creates a log file in a use...
Mozilla Maintenance Service Log File Overwrite Elevation of Privilege Exploit
Exploit for windows platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=427&can=1 Mozilla Maintenance Service: Log File Overwrite Elevation of Privilege Platform: Windows Version: Mozilla Firefox 38.0.5 Class: Elevation of Privilege...
CVE-2015-0926
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file...
Sybase Advantage Data Architect - "*.SQL" Format Heap Oveflow
No description provided by source. Exploit Title: Sybase Advantage Data Architect .SQL Format Heap Oveflow RCE Date: 2010-10-16 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility...
WihPhoto 0.86 -dev sendphoto.php File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6929/info A vulnerability has been reported for WihPhoto that may result in the disclosure of files to remote attackers. The vulnerability exists due to inadequate verification of some URI parameters in the sendphoto.php...
Nukebrowser 2.x Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6731/info Nukebrowser is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the nukebrowser.php script file. Under some circumstances, it is possible fo...
TalentSoft Web+ Application Server (Linux) 4.6 Example Script File Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/1725/info Web+ is a development language for use in creating web-based client/server applications. In Linux versions of the product, an example script installed in Web+ Web+Ping which fails to correctly filter shell meta...
Design/Logic Flaw
The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions www write access for unspecified scripts, which allows local users to gain privileges by modifying a script file...
CVE-2008-7303
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script...
CVE-2011-3218
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by spoofing the http server during local viewing of an exported...
Cross site scripting
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by spoofing the http server during local viewing of an exported...
Novell iManager getMultiPartParameters file upload vulnerability
Added: 10/11/2010 BID: 43635 OSVDB: 68320 Background Novell iManager is a web-based management interface for other Novell products. Problem The getMultiPartParameters function in the nps.jar web application in Novell iManager allows remote attackers to upload arbitrary files to the server. By...
TikiWiki jhot.php Script File Upload Security Bypass (CVE-2006-4602)
TikiWiki, also known as Tiki CMS/Groupware or simply Tiki, is a powerful wiki-based Content Management System CMS which allows users and/or groups of users to manage their data on-line via a web browser. TikiWiki provides numerous features, including Wiki-based Documentation, Groupware, Blogging...
yPlay 1.0.76 - .mp3 Local Crash (PoC)
yPlay 1.0.76 - .mp3 Local Crash PoC !/usr/bin/perl Usage--file created--load file--b00m.mp3 BOOM print "\n"; print "! yPlay 1.0.76 .mp3 Local Crash PoC\n"; print "\n"; print "! Author: cr4wl3r\n"; print "! Mail: cr4wl3r!linuxmail.org\n"; print "\n"; my $boom = "A" x 1337; my $filename = "b00m.mp3...
CVE-2009-1840
CVE-2009-1840 affects Mozilla Firefox (before 3.0.11), Thunderbird and SeaMonkey, where content policy checks were not performed before loading a script file into a XUL document. This allowed a crafted HTML document (e.g., via a web bug in email or a web page/ad) to bypass intended access restric...
philboard1-sql.txt
Philboard W1L3D4 v1.0 Multiple SQL İnjection Vulnerable Author : U238 mail : setuid.noexec0x1aqhotmaildotcom webpage: http://noexec.blogspot.com Script : http://www.aspindir.com/Goster/4703 Script2: http://rapidshare.de/files/39107179/philboardtrge.zip.html...
The use of the system vulnerabilities to easily bypass your CAPTCHA-vulnerability warning-the black bar safety net
CAPTCHA's every time you access the page when randomly generated pictures, the content is generally numbers and letters the more powerful point and Chinese, you need the visitor to put in letters to fill into the form submission, thus effectively preventing brute force. CAPTCHA is also used to...
Mysteriously replaced Windows XP user password-vulnerability warning-the black bar safety net
Windows XP startup scriptstartup scriptsis a computer in the login screen to appear before running the batch file, which functions similar to the Windows 9×and DOS automatically executed batch file, the autoexec. bat. Using this feature, you can write a batch file to re-set the user password, and...