260 matches found
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYPHP-DEV-SERVER-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ===============...
Wix. com there is delay in the repair of the vulnerability millions of websites at risk-vulnerability and early warning-the black bar safety net
Foreword Web hosting cloud service provider Wix. com the presence of the Dom typeXSSvulnerability that can allow an attacker to control in this platform hosted on any one site. Contrast Security's senior security researcher Matt Austin said,“the only need in the Wix create site to add a single...
Canoas Web Hosting Administration Page Bypass Vulnerability
A security vulnerability exists in the Canoas web hosting administration page. Due to a failure to filter the Login and Senha parameters in the admin/login.php page. This allows an attacker to bypass login restrictions and perform unauthorized operations...
Vesta Control Panel Cross-Site Scripting Vulnerability
Vesta Control Panel is an open source web hosting control panel. Vesta Control Panel suffers from a cross-site scripting vulnerability that could be exploited by attackers to conduct cross-site scripting attacks...
Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion
Title: Ramui web hosting directory script 4.0 Remote File Include Vulnerability Author: bd0rk Twitter: twitter.com/bd0rk Vendor: http://www.ramui.com Download: http://ramui.com/directory-script/download-v4.html Proof-of-Concept: /gb/include/connection.php lines 6-13 in php-sourcecode class...
Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion
Exploit for php platform in category web applications Title: Ramui web hosting directory script 4.0 Remote File Include Vulnerability Author: bd0rk Twitter: twitter.com/bd0rk Vendor: http://www.ramui.com Download: http://ramui.com/directory-script/download-v4.html Proof-of-Concept:...
Ramui Web Hosting Directory Script 4.0 RFI
Title: Ramui web hosting directory script 4.0 Remote File Include Vulnerability Author: bd0rk Twitter: twitter.com/bd0rk Vendor: http://www.ramui.com Download: http://ramui.com/directory-script/download-v4.html Proof-of-Concept: /gb/include/connection.php lines 6-13 in php-sourcecode class...
Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion
Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion Title: Ramui web hosting directory script 4.0 Remote File Include Vulnerability Author: bd0rk Twitter: twitter.com/bd0rk Vendor: http://www.ramui.com Download: http://ramui.com/directory-script/download-v4.html Proof-of-Concept:...
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
Exploit for php platform in category web applications ============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/08 + Test...
DirectAdmin 1.483 Cross Site Request Forgery / Cross Site Scripting
============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/08 + Tested on : Elementary Os + Vendor Homepage :...
[SECURITY] Fedora 22 Update: fusionforge-5.3.2-4.fc22
FusionForge provides many tools to aid collaboration in a development project, such as bug-tracking, task management, mailing-lists, SCM repository, forums, support request helper, web/FTP hosting, release management, etc. All these services are integrated into one web site and managed through a...
Vesta Control Panel Cross-Site Request Forgery Vulnerability
Vesta Control Panel is an open source web hosting control panel. A cross-site request forgery vulnerability exists in Vesta Control Panel. As the program fails to properly validate HTTP requests. An attacker could use this vulnerability to perform unauthorized actions on a user's logged in...
GoDaddy Vulnerability Allows Domain Hijacking
An Internet domain registrar and web hosting company GoDaddy has patched a Cross-Site Request Forgery CSRF or XSRF vulnerability that allowed hackers and malicious actors to hijack websites registered with the domain registration company. The vulnerability was reported to GoDaddy on Saturday by...
Bash Vulnerability Exploits Dropping DDoS Bots
A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability. One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks DDoS, said Jaime Blasco,...
openSUSE Security Update : php5 (openSUSE-2014-471)
php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...
openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...
openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...
CVE-2014-4698
Use-after-free vulnerability in ext/spl/splarray.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments...
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments...
Design/Logic Flaw
Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments...