14 matches found
Malicious Package
Overview iv-bloomfilter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...
Internet Security Systems ICECap Manager 2.0.23 Default Username and Password
No description provided by source. source: http://www.securityfocus.com/bid/1216/info ICECap Manager is a management console for BlackICE IDS Agents and Sentries. By default, ICECap Manager listens on port 8081, transmits alert messages to another server on port 8082, and has an administrative...
Firefox 28 Patches Four Pwn2Own Zero-Day Vulnerabilities
The Firefox web browser took a beating during last week’s Pwn2Own contest with researchers bringing four zero-day vulnerabilities and exploits to the table, walking away with a collective $200,000 in prize money in the process. Yesterday, Mozilla capped all four bugs among 18 security advisories...
ShopEx API injection vulnerability-vulnerability warning-the black bar safety net
Detailed description The defect file: \core\api\payment\2.0\apib2b20paymentcfg.php core\api\payment\1.0\apib2b20paymentcfg.php Section 4 row 4 $data'columns' do not filter lead injection REF: http://www.cnseay.com/3237/ Vulnerability hazard The administrator password can be used by hackers to get...
2 5 1 7 5 student enrollment management system Ze70_0ay-vulnerability warning-the black bar safety net
Go By Link Hazards. The problem will lead to hackers construct a malicious statement injection indirect to get webshell Many of the files are with the che function to filter the post or get to the variables che whether the function security. See.: the Function cheStr If IsnullStr Then che = "" Ex...
Use google to conduct“penetration testing”-vulnerability warning-the black bar safety net
One, use google to find is people who installed a php webshell back door of the host, and test the ability to use; Second, use google to find exposed INC sensitive information. OK, now we start: 1. Lookup using a php webshell We in the google search box fill in: Code: intitle:"php shell" "Enable...
Apple Mac OS X iChat AIM URL Format String (CVE-2007-0021)
Apple Computer Mac OS X is the operating system shipped with Apple Macintosh computers. The product bundles numerous Internet applications such as web browser, email client, instant messenger, etc. Apple iChat is a multi-protocol instant messaging application that supports AIM and Jabber services...
Hack explore lake2 conjecture Serv-U the bounce attack and use-vulnerability and early warning-the black bar safety net
The FTP bounce attack the FTP Bounce Attack is a very old technology, actually in our information security educational materials on find description, its indeed the age is. The so-called FTP bounce attack is to use the FTP Protocol PORT command to send the data to a third party, so you can use...
F2BLGO/BLOG vulnerability to practice see-vulnerability warning-the black bar safety net
Original F2BLGO/BLOG vulnerability to practice see Information sources:http://www.1steam.cn Author:Sakura the prodigal sonI. S. T Note:this article starting in the hacker manual,. Reprint please indicate the source F2BLGO blog is a PHP+MYSQL blog program, you can say this app from the Security...
PHP import_request_variables()函数任意变量覆盖漏洞
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的importrequestvariables函数实现上存在漏洞,远程攻击者可能利用此漏洞控制服务器。 远程攻击者可以利用PHP的importrequestvariables函数覆盖$和$变量(任意php变量),导致执行任意代码。有漏洞代码位于以下文件中: ./ext/standard/basicfunctions.c:PHPFUNCTIONimportrequestvariables ./Zend/zendhash.c:ZENDAPI void...
checkpoint-bypass.txt
I. INTRODUCTION Check Point Connectra is a complete Web Security Gateway that provides SSL VPN access and comprehensive endpoint and integrated intrusion prevention Security in a single unified remote access solution. By combining both SSL VPN connectivity and security in one solution,...
BadBlue XSS vulnerabilities / Filesharing Server Worm
Strumpf Noir Society Advisories ! Public release ! -- -= BadBlue XSS vulnerabilities / Filesharing Server Worm =- Release date: Tuesday, February 26, 2002 Introduction: BadBlue is the technology behind Working Resources Inc.'s product line with the same name and which, amongst other things, also...
anyboard.forum.passwd.txt
Date: Sat, 24 Apr 1999 03:55:39 +0200 From: "Bluefish @ home" To: [email protected] Subject: Anyboard www.netbula.com problem's publicly discussed in eurohack Draz Q published a short summary of problems with a webrelated software in eurohack. Basicly it sounds pretty much like a common CGI...