984 matches found
Blue River Mura CMS - Directory Traversal
Blue River Mura CMS - Directory Traversal Sep 24, 2010 Title: Blue River Mura CMS Directory Traversal Version: 1.0 Issue type: Directory Traversal Affected vendor: Blue River Interactive Group Release date: 24/09/2010 Discovered by: Steven Seeley & Rohan Stelling Summary Mura CMS is an open sourc...
FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution
Exploit for php platform in category web applications ================================================================== FreePBX = 2.8.0 Recordings Interface Allows Remote Code Execution ================================================================== Vendor: FreePBX http://www.freepbx.org/...
CVE-2010-3098
Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename...
ActiveCollab 2.3.0 Directory Traversal / Local File Inclusion
============================================================ PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001 - Original release date: June 24th, 2010 - Discovered by: Jose Carlos de Arriba dade at painsec dot com - Severity: 10/10 Base CVSS Score...
DEBIAN-CVE-2010-0401
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service daemon crash by sending a company password packet...
Security feature bypass
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance Cisco ASA 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web site...
CVE-2009-3839
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv37 through snv125, might allow remote attackers to execute arbitrary code by leveraging access to the X server...
CVE-2009-3166
Bugzilla 3.4rc1–3.4.1 vulnerability: token.cgi places a password in the login URL after a reset, allowing context-dependent attackers to obtain passwords via web server access logs, Referer logs, or browser history. The provided documents confirm Bugzilla involvement and CVE-2009-3166, but do not...
Shop Script Pro 2.12 - SQL Injection
!/usr/bin/perl =about VENDOR Shop Script Pro 2.12 maybe other versions vulnerable too http://www.shop-script.com/ AUTHOR discovered & written by Ams ax330d doggy gmail dot com http://www.0x416d73.name/ VULN. DESCRIPTION Look in index.php at line 101. Variable $currentcurrency is set from...
BlackJumboDog authentication bypass vulnerability
Overview BlackJumboDog from SapporoWorks contains an authentication bypass vulbnerability. BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability. Tsuyoshi Ishibashi of Mitsui Bussan Secure...
JVN#98063934 BlackJumboDog authentication bypass vulnerability
BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability Impact A remote attacker can bypass authentication of BlackJumboDog. As a result, the attacker gains access to the server and information may...
A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg...
A-Link WL54AP3 / WL54AP2 - Cross-Site Request Forgery / Cross-Site Scripting
Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg [email protected] Device: A-Link WL54AP3 and WL54AP...
singapore-database.txt
Singapore 0.10.1 Directory Traversal vulnerability/Database credential exploit Discovered by: e.wiZz! Site: madspot.org Info: no info today,sorry :D / Script site: http://www.sgal.org/ Download:...
WebNote Clip vulnerable to OS command injection
Overview WebNote Clip is CGI software to create bulletin boards, calendars, reports, and diaries. WebNote Clip contains an OS command injection vulnerability as it does not validate inputs properly. Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
Cpanel all version >> root access with a reseller account.
By : Ali Jasbi IHST security & hacking Research team WwW.Hackerz.ir Vendor : Cpanel.net Version : ALL !! Risk : Very high What u can do with this bug is : u can have a access to all the server with reseller privilege Th3 r00t how it's work ? when u want to create an account in shell what will...
cpanel-root.txt
By : Ali Jasbi IHST security & hacking Research team WwW.Hackerz.ir Vendor : Cpanel.net Version : ALL !! Risk : Very high What u can do with this bug is : u can have a access to all the server with reseller privilege Th3 r00t how it's work ? when u want to create an account in shell what will...
idm-disclose.txt
--==+================================================================================+==-- --==+ idmos1.0 Remote File Discolousure Vulnerability +==-- --==+================================================================================+==-- Author: MhZ91 Title: Remote File Discolusure...
Pragma Systems FortressSSH 5.0 - msvcrt.dll Exception Handling Remote Denial of Service
Pragma Systems FortressSSH 5.0 - msvcrt.dll Exception Handling Remote Denial of Service source: https://www.securityfocus.com/bid/27141/info Pragma Systems FortressSSH is prone to a remote denial-of-service vulnerability because it fails to adequately handle certain exceptions when processing...