7411 matches found
NewsCMSlite Insecure Cookie Handling
www.BugReport.ir AmnPardaz Security Research Team Title: NewsCMSlite Vendor: http://www.katywhitton.com Bug: Insecure Cookie Handling Exploitation: Remote with browser Fix: N/A Original Advisory: http://www.bugreport.ir/index62.htm - Description: NewsCMSlite is an easy way to get regularly update...
[SECURITY] Fedora 10 Update: libnasl-2.2.11-3.fc10
NASL is a scripting language designed for the Nessus security scanner. Its aim is to allow anyone to write a test for a given security hole in a few minutes, to allow people to share their tests without having to worry about their operating system, and to guarantee everyone that a NASL script can...
Debian: Security Advisory (DSA-1707-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Treetextbox editor times right directory vulnerability-vulnerability warning-the black bar safety net
Today is the 2 0 0 8. 1 1. 2 4 Monday, I stayed the All right things on the Internet to find a website to do the following littlesecurity testing thus find the Treetextbox editing can be a convenient directory vulnerability First talk about my ideas Editor specific code is: td bgcolor="f6f6f6"...
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001
Digital Security Research Group DSecRG Advisory DSECRG-09-001 Application: Oracle Application Server SOA Versions Affected: Oracle Application Server SOA version 10.1.3.1.0 Vendor URL: http://www.oracle.com Bugs: XSS Exploits: YES Reported: 10.01.2008 Vendor response: 11.01.2008 Date of Public...
[SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1704 [email protected] http://www.debian.org/security/ Steffen Joeris January 14, 2009 http://www.debian.org/security/faq -...
DSA-1692-1 php-xajax - cross-site scripting
Bulletin has no description...
DSA-1689-1 proftpd-dfsg - Cross-Site Request Forgery
Bulletin has no description...
[DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x
Digital Security Research Group DSecRG Advisory DSECRG-08-041 Application: XOOPS Versions Affected: 2.3.1, 2.3.2a Vendor URL: http://www.xoops.org/ Bug: Stored XSS Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors: Digital...
DSA-1683-1 streamripper - potential code execution
Bulletin has no description...
Pluck CMS 4.5.3 (g_pcltar_lib_dir) Local File Inclusion Vulnerability
No description provided by source. Hello, bugtraq. Digital Security Research Group DSecRG Advisory DSECRG-08-039 Application: Pluck CMS Versions Affected: 4.5.3 Vendor URL: http://www.pluck-cms.org/ Bug: Local File Include Exploits: YES Reported: 25.08.2008 Vendor Response: 30.08.2008 Solution: Y...
smb-enum-shares NSE Script
Attempts to list shares using the srvsvc.NetShareEnumAll MSRPC function and retrieve more information about them using srvsvc.NetShareGetInfo. If access to those functions is denied, a list of common share names are checked. Finding open shares is useful to a penetration tester because there may ...
smb-enum-users NSE Script
Attempts to enumerate the users on a remote Windows system, with as much information as possible, through two different techniques both over MSRPC, which uses port 445 or 139; see smb.lua. The goal of this script is to discover all user accounts that exist on a remote system. This can be helpful...
myforum-insecure.txt
MyForum 1.3 Insecure Cookie Handling Vulnerability + Discovered By : Mountassif Moad + Greetz : All my freind Exploit: javascript:document.cookie = "myforumlogin=1; path=/"; javascript:document.cookie = "myforumpass=1; path=/"; desc: if it dont work in the first test try another test...
[SECURITY] Fedora 8 Update: rubygem-actionpack-2.1.1-1.fc8
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...
[SECURITY] Fedora 8 Update: rubygem-actionmailer-2.1.1-1.fc8
Makes it trivial to test and deliver emails sent from a single service laye r...
[SECURITY] Fedora 9 Update: rubygem-actionpack-2.1.1-1.fc9
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...
Debian: Security Advisory (DSA-1634-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
sagem-xsrf.txt
!/usr/bin/env python OOO OOO OO OOO O O O O O O O O O O O O OO OO OOOOO OOOOO OOO OO OOOOOO O O OO OO OOOOO O O OO O O O O O OO O O O O O OO O O O O O O O O O OOOOOOO O O O O O O OOOOOOO O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O OOO OOO OOO OOOOOO OOOOO OOOOO OOOOOO OOO OOO OO...
Sagem F@ST Routers - DHCP Hostname Cross-Site Request Forgery
Sagem F@ST Routers - DHCP Hostname Cross-Site Request Forgery !/usr/bin/env python OOO OOO OO OOO O O O O O O O O O O O O OO OO OOOOO OOOOO OOO OO OOOOOO O O OO OO OOOOO O O OO O O O O O OO O O O O O OO O O O O O O O O O OOOOOOO O O O O O O OOOOOOO O O O O O O O O O O O O O O O O O O O O O O O O ...