Vanilla Forums LatestComment 1.1 Plugin Persistent XSS

No description provided by source. Title: Vanilla LatestComment 1.1 Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Latest Comment 1.1...

yMonda Thread-IT 1.6 - Multiple Fields HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8692/info It has been reported that yMonda Thread-IT is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'Topic Title'...

Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit

No description provided by source. !/usr/bin/python Title: Mini HTTPD stack buffer overflow POST exploit Author: TheColonial Date: 20 Feb 2013 Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Vendor Homepage: http://www.picolix.jp/ Version: 1.21 Tested on: Windows XP Profession...

Microsoft Windows VISTA/2008 - Thread Pool ACL Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34444/info Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected...

Motorola SB5101 Hax0rware Rajko HTTPD Remote Exploit PoC

No description provided by source. !/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC Author: Dillon Beresford Date: 6/6/2010 Vendor: SBHacker & Motorola Software Link: http://www.sbhacker.net/forum/index.php Tested on Hax0rware 1.1 R30, R32 and R39 Description: Motorola SB51...

APBoard 2.0 2 Unauthorized Thread Reading Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6330/info A vulnerability has been reported for APBoard that may allow unauthorized users to read postings in internal forums. The vulnerability is a result of the 'useraction.php' script failing to properly check user...

Systrace Multiple System Call Wrappers Concurrency Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/25258/info Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. Attackers can explo...

vanilla forums poll plugin 0.9 - Stored XSS

No description provided by source. Title: Vanilla Poll 0.9 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Vanilla Poll 0.9 http://vanillaforums.org/download http://vanillaforums.org/addon/poll-plugin...

wpbf - WordPress Brute Force

The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. If a single username is given, the script will not search for additional usernames. When a correct username/passwords...

[SECURITY] Fedora 20 Update: nspr-4.10.6-1.fc20

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes : - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

UBUNTU-CVE-2014-3154

Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/childthread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown...

OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...

OpenJDK: AWT thread context handling (AWT, 8025010)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451...

OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...

OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458...

OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458...