332 matches found
UBUNTU-CVE-2014-9422
The checkrpcsecauth function in kadmin/server/kadmrpcsvc.c in kadmind in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/ authorization check and obtain administrative access by leveraging access to a...
CVE-2014-7899
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string...
CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
Maccms V8 最新版SQL注入(无视GPC)
简要描述: 官网刚下的程序,确认不重复。利用起来特别有意思。 详细说明: 苹果CMS使用be函数来获取参数 function be$mode,$key,$sp=',' iniset"magicquotesruntime", 0; $magicq= getmagicquotesgpc; switch$mode case 'post': $res=isset$POST$key ? $magicq?$POST$key:@addslashes$POST$key : ''; break; case 'get': $res=isset$GET$key ?...
MyPHP Forum <= 3.0 Edit Topics/Blind SQL Injection Vulnerabilities
No description provided by source. / ----------------------------------------------------------------------------------- MyPHP Forum Final = 3.0 Edit Topics/Blind SQL Injection Remote Vulnerabilities ----------------------------------------------------------------------------------- Discovered By...
phpMDJ <= 1.0.3 (id_animateur) Blind SQL Injection Exploit
No description provided by source. --+++=========================================================+++-- --+++====== phpMDJ = 1.0.3 Blind SQL Injection Exploit ======+++-- --+++=========================================================+++-- ?php function query $usr, $chr, $pos $query = x' OR...
MGASA-2014-0143 Updated openssh packages fix CVE-2014-2532
Updated openssh packages fix security vulnerability: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character CVE-2014-2532...
CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...
PT-2014-1796
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.6 OpenSSH version 5.3p1 Description The issue allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character in the AcceptEnv lines of the sshd config...
Code injection
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2ESSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to...
crypt(): DES encrypted password weakness
The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...
crypt(): DES encrypted password weakness
The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...
Medium: postgresql9
Issue Overview: The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain...
CVE-2011-4319
Cross-site scripting XSS vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the railsxss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string...
CVE-2011-4319
Cross-site scripting XSS vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the railsxss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string...
CVE-2011-1482
Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...
CVE-2009-5055
Open Ticket Request System OTRS before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the...
PHP Lowbids - 'viewfaqs.php' Blind SQL Injection
== +Script: PHP Lowbids +Version: n/a +Link: http://phplowbids.com == +Author: BorN To K!LL - h4ck3r +Contact: [email protected] == +3xploit: /viewfaqs.php?cat=Blind-Injection +3xample: /viewfaqs.php?cat=1 and substringversion,1,1=4 // true /viewfaqs.php?cat=1 and substringversion,1,1=5 // false ...