994 matches found
WordPress Disclosure Policy Plugin 1.0 - Remote File Inclusion
This WordPress Disclosure Policy plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Upgrade the plugin...
WordPress Annonces Plugin 1.2.0.0 - Remote File Inclusion
WordPress Annonces plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Upgrade the plugin...
WordPress TheCartPress Plugin 1.1.1 - Remote File Inclusion
TheCartPress plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Update the plugin...
WordPress Mailing List Plugin 1.3.2 - Remote File Inclusion
This Mailing List plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Upgrade the plugin...
Nmap NSE net: x11-access
Checks if you're allowed to connect to the X server. If the X server is listening on TCP port 6000+n where n is the display number, it is possible to check if you're able to get connected to the remote display by sending a X11 initial connection request. In reply, the success byte 0x00 or 0x01 wi...
Discuz! NT 3.1.0 后台拿webshell
简要描述: 通过后台写入aspx木马,直接拿到webshell,然后获取整个服务器权限。 详细说明: 1、访问http://127.0.0.1/admin/global/globaltemplatesedit.aspx?path=../tools/&filename=rss.aspx&templateid=1&templatename=Default,写入aspx木马。 2、写入aspx木马后,访问http://127.0.0.1/tools/rss.aspx就可以了。 漏洞证明:...
Comodo Hacker - "Comodogate" Iranian hacker claims all internet is insecure !
Comodo Hacker - "Comodogate" Iranian hacker claims all internet is insecure Message By Comodo Hacker : Hello I'm writing this to the world, so you'll know more about me.. At first I want to give some points, so you'll be sure I'm the hacker: I hacked Comodo from InstantSSL.it, their CEO's e-mail...
Unkn0wnV1rus said - Indian Reserve Bank is Venerable and easy to hack !
Unkn0wnV1rus said - Indian Reserve Bank is Venerable and easy to hack ! Hello Friends, Last night I got a email from "Unkn0wnV1rus" . He/she submit us a news about "Venerability of Indian Reserve Bank's website" . He claim that he have access to server . Purpose of publishing this news is just to...
SSH password weakness
Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...
SSH password weakness
Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...
Blue River Mura CMS - Directory Traversal
Blue River Mura CMS - Directory Traversal Sep 24, 2010 Title: Blue River Mura CMS Directory Traversal Version: 1.0 Issue type: Directory Traversal Affected vendor: Blue River Interactive Group Release date: 24/09/2010 Discovered by: Steven Seeley & Rohan Stelling Summary Mura CMS is an open sourc...
FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution
Exploit for php platform in category web applications ================================================================== FreePBX = 2.8.0 Recordings Interface Allows Remote Code Execution ================================================================== Vendor: FreePBX http://www.freepbx.org/...
CVE-2010-3098
Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename...
ActiveCollab 2.3.0 Directory Traversal / Local File Inclusion
============================================================ PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001 - Original release date: June 24th, 2010 - Discovered by: Jose Carlos de Arriba dade at painsec dot com - Severity: 10/10 Base CVSS Score...
DEBIAN-CVE-2010-0401
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service daemon crash by sending a company password packet...
Security feature bypass
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance Cisco ASA 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web site...
CVE-2009-3839
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv37 through snv125, might allow remote attackers to execute arbitrary code by leveraging access to the X server...
CVE-2009-3166
Bugzilla 3.4rc1–3.4.1 vulnerability: token.cgi places a password in the login URL after a reset, allowing context-dependent attackers to obtain passwords via web server access logs, Referer logs, or browser history. The provided documents confirm Bugzilla involvement and CVE-2009-3166, but do not...
Shop Script Pro 2.12 - SQL Injection
!/usr/bin/perl =about VENDOR Shop Script Pro 2.12 maybe other versions vulnerable too http://www.shop-script.com/ AUTHOR discovered & written by Ams ax330d doggy gmail dot com http://www.0x416d73.name/ VULN. DESCRIPTION Look in index.php at line 101. Variable $currentcurrency is set from...
BlackJumboDog authentication bypass vulnerability
Overview BlackJumboDog from SapporoWorks contains an authentication bypass vulbnerability. BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability. Tsuyoshi Ishibashi of Mitsui Bussan Secure...