OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI...

OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI...

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...

Remoting: DoS by file descriptor exhaustion

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

tcp(port&seq) backdoor

Автор: slashd Что это? Реализации скрытого канала передачи данных на сервер с помощью стандартных полейв нашем случае поля SEQ и Source Port TCP-заголовка. Теоритическая часть. Реализовать скрытую передачу данных с помощью TCP-заголовка можно несколькими способами. Клиентхакер иницирующий...

CVE-2012-4067

Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service memory, thread, and CPU consumption via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request...

CVE-2012-4067

CVE-2012-4067 affects Eucalyptus Walrus prior to version 3.2.2. A crafted XML message containing a DTD can trigger a denial-of-service by exhausting memory, threads, and CPU resources, demonstrated via a bucket-logging request. Related entries also reference CVE-2013-2296. Multiple connected sour...

Cross site scripting

Cross-site scripting XSS vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads LQT extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject...

CVE-2013-5035

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series...

Race condition

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series...

CVE-2013-5035

Vulnerability: Race conditions in HtmlCleaner (library used by Open-Xchange AppSuite) allow remote authenticated users to read other users’ private emails when rapid mail-send or draft-save operations occur. Affected versions: HtmlCleaner prior to 2.6; Open-Xchange AppSuite 7.2.2 before rev13 (an...

Ultra Mini HTTPD Stack Buffer Overflow

This module exploits a stack based buffer overflow in Ultra Mini HTTPD 1.21, allowing remote attackers to execute arbitrary code via a long resource name in an HTTP request. This exploit has to deal with the fact that the application's request handler thread is terminated after 60 seconds by a...

CVE-2013-3724

The mkrequestheaderprocess function in mkrequest.c in Monkey 1.1.1 allows remote attackers to cause a denial of service thread crash and service outage via a '\0' character in an HTTP request...

CVE-2013-3724

The mkrequestheaderprocess function in mkrequest.c in Monkey 1.1.1 allows remote attackers to cause a denial of service thread crash and service outage via a '\0' character in an HTTP request...

MojoPortal 2.3.9.7 Cross Site Scripting

Class Stored Cross-Site Scripting Remote Yes Credit Michael Savage of Dionach [email protected] Vulnerable MojoPortal 2.3.9.7 MojoPortal is prone to a stored cross-site scripting vulnerability because it does not escape the titles of forum threads when inserting into the page title element. An...

Oracle Linux 5 : boost (ELSA-2012-0305)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0305 advisory. 1.33.1-15 - Fix bugs in parsing invalid regexps - Resolves: 766755 1.33.1-14 - Delete leftover .orig files after patches are successfully applied...

Oracle Linux 4 : cyrus-sasl (ELSA-2007-0795)

From Red Hat Security Advisory 2007:0795 : An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The cyrus-sas...

Bifrost 1.2d - Remote Buffer Overflow Vulnerability

Exploit for windows platform in category remote exploits !/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import threading import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi %...

LotusCMS 3.0 PHP Code Execution

LotusCMS version 3.0 remote PHP code execution exploit as disclosed in 2011. It spawns a reverse shell. !/usr/bin/python Script that spawns a reverse shell python on vulnerable LotusCMS 3.0 installations. Uses a simple PHP eval vulnerability. http://secunia.com/secuniaresearch/2011-21/ infodox -...

MyMarket 1.72 bypass admin login & product_details blind sqli

Exploit for php platform in category web applications Exploit Title: MyMarket 1.72 bypass admin login & productdetails blind sqli Google Dork: intext:"MyMarket version 1.71" Tested on: Linux Bug finder & Exploit Coder:NEt Bomber http://fb.me/net.bomba Beside other sqli exploits found on exploits...