107 matches found
Don’t Trust Android OEM Patching, Claims Researcher
Many Android device manufacturers are not telling the truth when they say they have patched phone vulnerabilities in new updates, researchers found. Karsten Nohl and Jakob Lell, researchers with Security Research Labs, told Threatpost they have tested the firmware on close to 3,000 phones and fou...
In Fear of IoT Security
I wish I had a dime for every time I have heard someone say "With so many vulnerabilities being reported in the Internet of Things, I just dont trust that technology, so I avoid using any of it." I am left scratching my head because these same people seem to have no issues running a Windows...
epson.nl XSS vulnerability
Vulnerable URL: https://www.epson.nl/search/products?search=" Details: Description| Value ---|--- Patched:| Yes, at 08.07.2017 Latest check for patch:| 08.07.2017 13:07 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 479516 VIP website status:| No Check epson.nl...
Struts2 remote code execution vulnerability S2-0 3 3 technology analysis and protection solution-vulnerability warning-the black bar safety net
Apache Struts2 in open dynamic method invocation Dynamic Method Invocation case, the attacker using the REST plug-in calls a malicious expression can be remote code execution. This vulnerability number CVE-2 0 1 6-3 0 8 7, named S2-0 3 of 3. This article on the vulnerability of technical analysis...
estereovisiondivino.com XSS vulnerability
Vulnerable URL: http://estereovisiondivino.com/wp-content/plugins/shoutcast-icecast-html5-radio-player/html5/html5shoutcast.php?id=%3C/title%3E%3C/script/%22-alert%280%29-%22--%3E%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017...
Report Companies Still Not Patching Security Vulnerabilities
The Cisco 2015 Annual Security Report is out and the findings are troubling as always: for every positive finding in the report, it seems, there is a negative finding, neutralizing any gains in the network security struggle. Chief information security officers say their security postures are stro...
DESTOON 补丁没补好导致的注射
简要描述: 2014-07-22 .应该对关键的地方打补 详细说明: $post = daddslashesdstripslashes$post; 打的补丁只是对 修改资料的$post做了daddslashes的措施 但是 注册的时候还是能注册特殊字符的 .找了一处 可以利用的地方 extract$USER, EXTRPREFIXALL, ''; //common.inc.php中的初始化(登录) /module/quote/price.inc.php 24-28 if$userid $post'company' = $company;//这里使用了 require...
PT-2013-5165 · Monroe Electronics +1 · R189 One-Net +1
Name of the Vulnerable Software and Affected Versions: Digital Alert Systems DASDEC EAS device versions 2.0-2 through 2.0-2 Monroe Electronics R189 One-Net EAS device versions 2.0-2 through 2.0-2 Description: The administrative web server uses predictable session ID values, making it easier for...
Firefox 12 Debuts With Silent Update Mechanism
Mozilla has released version 12 of Firefox and the big change in the popular browser is the inclusion of a new update mechanism that will allow users to enable automatic updates that won’t require user interaction. The mechanism is similar to what Google Chrome has and is part of a trend toward...
New Java Exploits boosts BlackHole exploit kit
New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. Th...
MSN Editor 0DAY-vulnerability warning-the black bar safety net
Simple to say under the use of the method. Click on the image upload will appear after the upload page, the address is http://www.xxx.cn/admin/uploadPic.asp?language=&editImageNum=0&editRemNum= With ordinary picture after uploading, the address is...
NNTP Server Message Header Handling Remote Overflow
Nessus was able to crash the remote NNTP server by sending a message with long headers. This flaw is probably a buffer overflow and might be exploitable to run arbitrary code on this machine. C Tenable Network Security, Inc. Overflow on the user name is tested by cassandranntpdos.nasl NNTP protoc...
CGI bugs
No description provided...
Fusion News Yet Another Unauthorized Account Addition Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: Fusion News vendor: FusionPHP fusionphp.net Affected Versions: 3.6.1 and lower Description: A widely used news management system Vulnerabilities: Unauthorized Account Addition Vulnerability Date: July 29, 2004 Vuln Finder: r3d5pik...
OpenSSH Server Vulnerabilities
...
OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool
OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool / SSHBRUTE - OpenSSH/PAM Proof of concept code by Maurizio Agazzini Tested against Red Hat, Mandrake, and Debian GNU/Linux. Reference: http://lab.mediaservice.net/advisory/2003-01-openssh.txt $ tar xvfz openssh-3.6.1p1.tar.gz $ patch -p0 include...
lotus domino server 5.08 is very gabby
maybe this is nothing new, but when i looked at some html raw headers after i surfed to a lotus domino 5.08 webserver, he tells me the following information : Lotus-Domino Release 5.0.8 - June 18, 2001 on AIX and further a request like this : GET //////////// HTTP/1.0 gives me the internal...
CVE-2021-32866
...
CVE-2025-48842
...
CVE-2025-53878
This CVE-2025-53878 entry is rejected/not used and does not represent an active vulnerability.