57 matches found
On the know Chong Yu intercepted the soil 0day-vulnerability warning-the black bar safety net
The day before yesterday in the microblogging see on the know Chong Yu sent most soil buy the 0day, the day before yesterday evening under a source code see, because just for microblogging on the screenshot to see, should the analysis is not comprehensive. Look at the page:./...
phpweb finished website full version through the kill injection vulnerability and fix-vulnerability warning-the black bar safety net
Keywords: inurl:webmall/detail. php? id Data table: pwnbaseadmin About to get shell 首先 登录 后台 admin.php See the upload. php source code analysis for an afternoon, and then about understand that although the upload where only allowed to upload gif,jpg,png,bmp four types of files, but not the file...
www.eVuln.com : SQL Injection in WikLink
www.eVuln.com advisory: SQL Injection in WikLink Summary: http://evuln.com/vulns/170/summary.html Details: http://evuln.com/vulns/170/description.html -----------Summary----------- eVuln ID: EV0170 Software: WikLink Vendor: n/a Version: 0.1.3 Critical Level: medium Type: SQL Injection Status:...
Social Share 2010-06-05 Cross Site Scripting
www.eVuln.com advisory: "search" - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/169/summary.html Details: http://evuln.com/vulns/169/description.html -----------Summary----------- eVuln ID: EV0169 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Typ...
6KBBS system to break the back door file-vulnerability warning-the black bar safety net
From:Dream an end Hello, I'm Dream an end. See the September the the hackers Handbook the lone water around the city, my brother wrote that article, the alarm bells ringing-the vigilant hidden in the web site behind the trap of feeling quite a lot. In this crazy Internet era, made a rookie your o...
[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues
MajorSecurity Advisory 53BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues Details ======= Product: BLUEPAGE CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.bluepage-cms.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...
major_rls53.txt
MajorSecurity Advisory 53BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues Details ======= Product: BLUEPAGE CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.bluepage-cms.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...
Analysis upload vulnerability-vulnerability warning-the black bar safety net
In a brief introduction through the injection vulnerability check and fill, following the coupling re-introduce a vulnerability--upload vulnerability, which is a ratio to inject more lethal vulnerability. By injecting the resultant is often a database of some sensitive information such as...
Apache Prefork MPM vulnerabilities - Report
----- Apache Prefork MPM vulnerabilities ---------------------------------- PSNC Security Team http://security.psnc.pl/files/apachereport.pdf 1. Introduction This small case study is a result of source code analysis of Apache httpd server MPM modules. The main goal of this document is to show, wh...
Analysis upload vulnerability-vulnerability warning-the black bar safety net
This article sent to the hacker line of Defense of 2006.4 period, reproduced please indicate the Analysis upload vulnerability in the form English / the loneliness of the hedgehog In a brief introduction through the injection vulnerability check and fill, following the coupling re-introduce a...
Pre-open files attack agains locked file
Hello lists, hello Roger. It's me again. Sorry for annoyance, but there is one more attack vector with pre-open files I meant, but forgot to mention. It seems dangerous enough and need to be investigated for different applications. Attack is against application relying on mandatory locks. Attack...
SQL Injection Vulnerability in bfExplorer 0.0.6
Armorize Technologies Security Advisory Advisory No: Armorize-ADV-2006-0007 Status: Partial Date: 2006/10/31 Summary: Armorize-ADV-2006-0007 discloses SQL injection vulnerability that is found in bfExplorer BytesFall Explorer, http://sourceforge.net/projects/bfexplorer, which is is a web-based fi...
Re: Multiple XSS Vulnerabilities in Zen Cart 1.3.5
Full Disclosure Armorize Technologies Security Advisory Advisory No: Armorize-ADV-2006-0003 Status: Full Date: 2006/9/27 Summary: Armorize-ADV-2006-0003 discloses multiple cross-site scripting vulnerabilities that are found in Zen Cart, which is a PHP e-commerce shopping program and is Built on a...
Directory Traversal Vulnerability in Goop Gallery 2.0.2
Armorize Technologies Security Advisory Advisory No: Armorize-ADV-2006-0004 Status: Partial Date: 2006/10/04 Bugtraq No.: N/A Summary: Armorize-ADV-2006-0004 discloses a special case of directory traversal vulnerability found in Goop Gallery, which is is a directory based photo gallery and does n...
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
/ Kuon Armorize Security Team Kuon-at-Armorize.com YaPiG thankscomment.php Cross-Site Scripting Vulnerability Contact : Kuon-at-Armorize.com Link : www.Armorize.com / Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability...
[SA20436] PyBlosxom Contributed Packages Cross-Site Scripting Vulnerability
---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Local Overflow
/ This is simple local exploit Proof of Concept? for local bug in ProFTPd not in default options must be configured with option --enable-ctrls. Bug exist in func tion prctrlsconnect in file "src/ctrls.c", look: "src/ctrls.c" int prctrlsconnectconst char socketfile ... struct sockaddrun clsock,...