96 matches found
Open redirect
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 for 2.1 and before version 2.3...
CVE-2011-4181
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 for 2.1 and before version 2.3...
RubyGems: Cross-Domain JavaScript Source File Inclusion
The page includes one or more script files from a third-party domain. XSSI is a fancy way of saying: you are including in your program, someone elses code; You don't have any control over what is in that code, and you don't have any control over the security of the server on which it is hosted...
Arbitrary File Read Vulnerability in Hazardous Chemicals Public Security Management Information System of Guangzhou Zhongbao Digital Information Technology Co.
Ltd. is a high-tech enterprise engaged in information technology research and development, promotion and application, and technical support services in the field of software, hardware, Internet application technology and other information technology in the field of hazardous explosives-related...
Weblate: Self-XSS can be achieved in the editor link using filter bypass
Description I saw the fixed issue in the https://hackerone.com/reports/223692 and i think i found another filter bypass. I noticed that we actually can use special keywords like %branchs, %files and %lines. So XSS can be achieved in this way: %branchs:alert1;//https:// if the branch will be named...
ok.ru: web.xml configuration file disclosure
Several source files were accessible at .mycdn.me https://st.mycdn.me//WEB-INF/web.xml https://st.mycdn.me/WEB-INF/web.xml https://groupava1.mycdn.me/redirect.jsp https://groupava1.mycdn.me/index.jsp...
New Relic: Unauthorized Access
Summary of Findings ------------------------------- The remote server https://download.newrelic.com allowed unauthenticated access to special access files that are only intended to be accessible after contacting the New Relic program managers as seen below. Exploiting the...
Epicor CRS Retail Source File Manipulation Local Command Execution Vulnerability
Epicor CRS Retail is a retail solution. Epicor CRS Retail has a security vulnerability that allows a local attacker to edit program source files and execute arbitrary commands...
java-1.6.0-openjdk security update
1:1.6.0.35-1.13.7.1 - Repackaged source files - Resolves: rhbz1209067 1:1.6.0.35-1.13.7.0 - Update to IcedTea 1.13.7 - Regenerate add-final-location-rpaths patch so as to be less disruptive. - Resolves: rhbz1209067...
[SECURITY] Fedora 20 Update: ctags-5.8-16.fc20
Ctags generates an index or tag file of C language objects found in C source and header files. The index makes it easy for text editors or other utilities to locate the indexed items. Ctags can also generate a cross reference file which lists information about the various objects found in a set o...
Moa Gallery <= 1.2.0 - Multiple Remote File Inclusion Vulnerabilities
No description provided by source. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&...
php security, bug fix and enhancement update
5.3.3-22 - php-xml provides php-xmlreader and php-xmlwriter 874987 - fix possible NULL derefence and buffer overflow 879179 - fix zend garbage collector 848186, 868375 5.3.3-21 - fix CVE reference in previous changelog entry 5.3.3-20 - remove reproducer from security fix for CVE-2012-0781 5.3.3-1...
[SECURITY] Fedora 15 Update: cvs-1.11.23-17.fc15
CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why...
[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
CVE-2011-2729: Commons Daemon fails to drop capabilities Apache Tomcat Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.19 Tomcat 6.0.30 to 6.0.32 Tomcat 5.5.32 to 5.5.33 Description: Due to a bug in the capabilities code, jsvc the service wrapper...
Fixed in Apache Tomcat 7.0.20
Important: Information disclosure CVE-2011-2729 Due to a bug in the capabilities code, jsvc the service wrapper for Linux that is part of the Commons Daemon project does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occu...
Concave Yaya 4. 7 and following versions through the kill EXP-vulnerability warning-the black bar safety net
Description: 0. google : inurl:/otype. asp? classid= 1. Type the destination Station, no accident words will you wait a while,because you want to and other script timeout error,is recommended to drink tea. 2. Then the address bar type the following code, The JavaScript hijack it. 3. Refresh once,...
Sulata iSoft Local File Disclosure
========================================================= Sulata iSoft stream.php Local File Disclosure Exploit ========================================================= Exploit Title : Sulata iSoft developer by Rizwan Azam you look site.com/about.php Date : 10 December 2010 Author : Suddendeath...
ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution
== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...
Blue Collar Productions iGallery 4.1 Plus File Download
Vendor Notified: 05/25/2009 Vulnerability Details: ------------------------------------------- Blue Collar Productions iGallery 4.1 Plus http://www.b-cp.com/igallery/default.asp is a commercial photo gallery script written in Classic ASP. There exists also a free version named iGallery 3.4. The...
GoAhead WebServer information disclosure and authentication bypass vulnerabilities
Overview GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU975041. Description GoAhead WebServer contains vulnerabilities...