88 matches found
Google Proposes Marking 'HTTP' as Insecure in 2015
The Chromium security team is devising a plan to explicitly and actively inform users that ‘HTTP’ connections provide no data security protections. Google’s grand vision is that some day, HTTPS will become so widespread and commonplace that secure connections can be unmarked in the way that HTTP...
IF-CMS 2.07 - Local File Inclusion (1)
!/usr/bin/python INFORMATION Exploit Title: If-CMS 2.07 Pre-Auth Local File Inclusion 0day Exploit Author: TecR0c Date: 13/3/2011 Software link: http://bit.ly/hh9ZB4 Tested on: Linux bt Version: 2.07 PHP.ini Settings: gpcmagicquotes = Off import...
N'CMS 1.1E Pre-Auth Local File Inclusion Code Execution
!/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was lucky to not be exploited by session...
N`CMS 1.1E - Local File Inclusion / Remote Code
!/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was lucky to not be exploited by session...
Vtiger CRM 5.0.4 Local File Inclusion
!/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link: http://bit.ly/hluzLf Tested on: Windows XP/Linux Ubuntu...
ruby -- UTF-7 encoding XSS vulnerability in WEBrick
The official ruby site reports: WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not...
sipXtapi Cseq header buffer overflow
Added: 07/17/2006 CVE: CVE-2006-3524 BID: 18906 OSVDB: 27122 Background The Session Initiation Protocol SIP is a signaling protocol for a variety of uses, including instant messanging and Voice over Internet Protocol. sipXtapi is a client library for SIP-based user agents. It is included in Pingt...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:022)
Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory : 'The cookie specifications detail a path argument that can be used ...