36 matches found
RockyLinux 9 : mingw-glib2 (RLSA-2026:18705)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18705 advisory. glib: Integer overflow in in gescapeuristring CVE-2025-13601 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...
CLSA-2026-1779123668 Fix CVE(s): CVE-2026-6735
SECURITY UPDATE: XSS via unsanitized request URI in PHP-FPM status page - debian/patches/CVE-2026-6735.patch: escape requesturi with HTML entities in fpmstatushandlerequest for HTML/XML output formats, and fix querystring escape flags in sapi/fpm/fpm/fpmstatus.c - CVE-2026-6735...
Moderate: Red Hat Security Advisory: glib2 security update
An update for glib2 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System...
Moderate: Red Hat Security Advisory: glib2 security update
An update for glib2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
ALSA-2026:0991 Moderate: glib2 security update
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: Integer overflow in in...
SUSE-SU-2026:0018-1 Security update for glib2
This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. - CVE-2025-14087: buffer underflow in the GVariant parser...
CVE-2025-8113
The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
Slackware: Security Advisory (SSA:2014-111-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FileBuster - An Extremely Fast And Flexible Web Fuzzer
An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...
D-Link DSL-2730B Modem - XSS Injection Stored Exploit Lancfg2get.cgi Exploit
Exploit for hardware platform in category web applications Exploit Title: D-Link DSL-2730B Modem lancfg2get.cgi Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1 Version: GE 1.01 Tested on: Windows 8 and Linux...
D-Link DSL-2730B Modem - XSS Injection Stored Exploit DnsProxy.cmd Exploit
Exploit for hardware platform in category web applications Exploit Title: D-Link DSL-2730B Modem dnsProxy.cmd Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1 Version: GE 1.01 Tested on: Windows 8 and Linux...
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd
Exploit Title: D-Link DSL-2730B Modem dnsProxy.cmd Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1 Version: GE 1.01 Tested on: Windows 8 and Linux !/usr/bin/perl Date dd-mm-aaaa: 11-11-2014 Exploit for D-Link...
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl Wlsecurity.wl
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl Wlsecurity.wl Exploit Title: D-Link DSL-2730B Modem wlsecrefresh.wl & wlsecurity.wl Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1...
Bing Dork Scanner - Tool to extract urls from a bing search
This is a simple script with GUI, to extract urls from a bing search. Support only HTTP proxy. Required Perl Modules: LWP Gtk2 Glib uft8 threads threads::shared URI::Escape Download Bing Dork Scanner...
CuteNews <= 1.4.1 (categories.mdu) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl cijfer-cnxpl - CuteNews =1.4.1 Remote Command Execution Copyright c 2005 cijfer [email protected] All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache...
ezDatabase <= 2.0 (db_id) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl ezDatabase Remote Command Execution Exploit based on advisory by Pridels Team Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ $Id:...
[slackware-security] libyaml
New libyaml packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/libyaml-0.1.6-i486-1slack14.1.txz: Upgraded. This update fixes a heap overflow in URI escape parsing of YAML in...
PhotoStand 1.2.0 - Remote Command Execution
PhotoStand 1.2.0 - Remote Command Execution !/usr/bin/perl App : PhotoStand 1.2.0 Site : http://www.photostand.org Remote Command Execution Exploit Credits to : Giovanni Buzzin, "Osirys" osirysatautisticidotorg Greets: drosophila, emgent, Fireshot PhotoStand is a used Image Gallery CMS. PhotoStan...
e107 Plugin EasyShop - category_id Blind SQL Injection
e107 Plugin EasyShop - categoryid Blind SQL Injection !/usr/bin/perl ------------------------------------------------------------ e107 Plugin EasyShop Remote Blind SQL Injection Exploit By StAkeRathotmaildotit Dork allinurl: e107plugins/easyshop/easyshop.php Example http://www.clan-designs.co.uk...
ADN Forum <= 1.0b Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================= ADN Forum get$host."/index.php?fid=".$send; if$request-issuccess and $request-content = /hace clic en el boton de abajo/i $hash .= chr$ord; $uid++; ifdefined $hash print "+ MD5: $hash\n"; exit;...