SuSE 10 Security Update : bind (ZYPP Patch Number 7851)

This update fixes the issue that specially crafted DNS queries could crash the bind name server. CVE-2011-4313 Additionally, a syntax check warning complaining about every include file that only provides a snippet for the overall configuration has been removed. %NASLMINLEVEL 70300 C Tenable Netwo...

Whois.com Cross Site Scripting

Exploit Title: whois.com XSS Date: 26.11.2011 - 19.23 Author: Mr.PaPaRoSSe Tested On: Win7 Platform: Php ------------------------------------------------------------- http://domains.whois.com/hosting.php?type= "alert"DarkDevilZ / Mr.PaPaRoSSe"...

CVE-2011-3723

Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...

Information disclosure

Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...

CVE-2011-3723

Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...

CVE-2011-3723

Crafty Syntax 3.0.2 is affected by an information-disclosure vulnerability: remote attackers can obtain sensitive data by directly requesting a PHP file, causing an error message that reveals the installation path (demonstrated by README_FILES/livehelp.php and related files). This occurs due to t...

Nginx Code Execution with Null Bytes to several hidden points and critical points-vulnerability warning-the black bar safety net

Last night, the Black pot on the microblogging made a foreigner explosion Nginx vulnerability, the beginning and few people pay attention, the ego immediately frame environmental testing to verify that my product is good handy online and tried the two sites also verify this vulnerability, so...

Fedora Update for curl FEDORA-2011-8640

Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2011-8640 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

[SECURITY] Fedora 15 Update: dokuwiki-0-0.9.20110525.a.fc15

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at crea ting documentation of any kind. It has a simple but powerful syntax which makes sure the datafiles remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

Discuz! X1-1.5 notify_credit.php Blind SQL injection exploit

No description provided by source. ?php printr' +---------------------------------------------------------------------------+ Discuz! X1-1.5 notifycredit.php Blind SQL injection exploit by toby57 2010.11.05 mail: toby57 at 163 dot com team: http://www.wolvez.org...

Nmap NSE net: ms-sql-xp-cmdshell

Attempts to run a command using the command shell of Microsoft SQL Server ms-sql. The script needs an account with the sysadmin server role to work. It needs to be fed credentials through the script arguments or from the scripts 'ms-sql-brute' or 'ms-sql-empty- password'. When run, the script...

Nmap NSE net: ms-sql-hasdbaccess

Queries Microsoft SQL Server ms-sql for a list of databases a user has access to. The script needs an account with the sysadmin server role to work. It needs to be fed credentials through the script arguments or from the scripts 'mssql-brute' or 'mssql-empty- password'. When run, the script...

Nmap NSE net: dhcp-discover

Sends a DHCPDISCOVER request to a host on UDP port 67. The response comes back to UDP port 68, and is read using pcap due to the inability for a script to choose its source port at the moment. DHCPDISCOVER is a DHCP request that returns useful information from a DHCP server. The request sends a...

Nmap NSE net: informix-brute

Performs brute force password auditing against IBM Informix Dynamic Server. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true brute.retries: the number of times to retry if recoverable...

Nmap NSE net: nfs-ls

Attempts to get useful information about files from NFS exports. The output is intended to resemble the output of 'ls'. The script starts by enumerating and mounting the remote NFS exports. After that it performs an NFS GETATTR procedure call for each mounted point in order to get its ACLs. For...

Nmap NSE net: ldap-search

Attempts to perform an LDAP search and returns all matches. If no username and password is supplied to the script the Nmap registry is consulted. If the ldap-brute' script has been selected and it found a valid account, this account will be used. If not anonymous bind will be used as a last...

Code injection

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service memory consumption via "badly behaved applications," related to 1 SlapiAttr mishandling in the DN normalization code and 2 pointer mishandling in the...

Альтернативный LIMIT

Затравка. Приведу альтернативу LIMIT, когда в url нельзя использовать символы: пробел,,',/,% Из-за ограничений отпадают альтернативные пробелы %09,%0A,... и //. Остается альтернативный синтаксис с использованием скобок. Но синтаксис limit не позволяет даже их: Код: ... limit1,100 -- error...

PixelPost 1.7.3 - Multiple POST SQL Injections

-------------------------------------------------------------------- Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability Vendor: Pixelpost.org Product web page: http://www.pixelpost.org Affected version: 1.7.3 Summary: Pixelpost is an open-source, standards-compliant, multi-lingua...

Pixelpost 1.7.3 SQL Injection

-------------------------------------------------------------------- Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability Vendor: Pixelpost.org Product web page: http://www.pixelpost.org Affected version: 1.7.3 Summary: Pixelpost is an open-source, standards-compliant, multi-lingua...