Remote code execution

Hello, as discussed by email, this fixes a serious vulnerability. Hopefully my code is OK-ish...

serdika-offices.com Cross Site Scripting vulnerability

Security Researcher geeknik Helped patch 8616 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting serdika-offices.com website and its users. Following...

SQL injection attack as control user

PMASA-2016-42 Announcement-ID: PMASA-2016-42 Date: 2016-07-15 Summary SQL injection attack as control user Description A vulnerability was discovered in the user interface preference feature where a user can execute an SQL injection attack against the account of the control user. Severity We...

Unsafe comparison of XSRF/CSRF token.

PMASA-2016-5 Announcement-ID: PMASA-2016-5 Date: 2016-01-24 Summary Unsafe comparison of XSRF/CSRF token. Description The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF...

Vimeo: Serious Vulnerability Found

Hello , I have found interesting vulnerability and i hope you will like it and fix it soon because it will really cause damage . I can hijack your email server because there is no protection not even consider spam . kindly check the POC video :...

Multiple XSS.

PMASA-2011-14 Announcement-ID: PMASA-2011-14 Date: 2011-09-14 Summary Multiple XSS. Description Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities...

XSS on plausible insecure PHP installation

PMASA-2008-4 Announcement-ID: PMASA-2008-4 Date: 2008-06-23 Summary XSS on plausible insecure PHP installation Description We received an advisory from Tim Starling Wikimedia, and we wish to thank him for his work. Some scripts in the /libraries directory were vulnerable to XSS. Severity We...

PJBLOG photo album plug-in there is a serious vulnerability-a vulnerability warning-the black bar safety net

Continue the Halo one! The want to get hold of a PJ album plug-in to play, did not expect to pass up, vulnerability is I found. The following I listed in the vulnerability details. -------------------------------------------------- Software name: PJBLOG album plug-in V2. 0 Wizard full version...

Debian DSA-184-1 : krb4 - buffer overflow

Tom Yu and Sam Hartman of MIT discovered another stack-based buffer overflow in the kadmserwrapin function in the Kerberos v4 administration server. This kadmind bug has a working exploit code circulating, hence it is considered serious. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Ethereal(v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit

/ THE EYE ON SECURITY RESEARCH GROUP - INDIA Ethereal IGAP Dissector Message Overflow Remote Root exploit Copyright 2004 - EOS-India Group Authors note: Shellcode splitting technique: Due to difficulty involved while following normal exploitation techniques due to shortage of memory space for our...

Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit

Exploit for linux platform in category remote exploits ======================================================== Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit ======================================================== / THE EYE ON SECURITY RESEARCH GROUP - INDIA Ethereal IGAP Dissector...

SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)

Weakness in GoldMinetm Email Manager allows arbitrary code execution Systems: GoldMine 5.70 and 6.00 prior to version 30503 Vulnerable: 5.70.11111,5.70.20404,6.00.21021,6.00.30203,6.00.30403 Not Vulnerable: 5.70.30503, 6.00.30503 Severity: Serious Category: Arbitrary Execution of Code of Hackers...

ILMI community in olicom/crosscomm routers

Crosscomm/Olicom routers have a undocumented community string ILMI yes, the same as in cisco : that has read and write permissions i didn't check the whole tree, but you can set system.sysContact.0 for example. This was checked on a XLT-F router with software 'XL 80 IM Version 5.5 Build Level 2'...