47153 matches found
CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability
http://john-martinelli.com/work/codebreak.txt !-- CodeBreak codebreak.php processmethod - Remote File Inclusion Vulnerability Google d0rk: intitle:"CodeBreak - Hidden Morse Code" Vulnerable Code: include$POST"processmethod" . "" . $POST"outputmethod" . ".inc"; John Martinelli [email protected]...
PerlSoft Guestbook v1.7b Bruteforcer + RCE!
Typ: Bruter & RCE Name: PerlSoft GB Pwner Affected Software: PerlSoft Gastebuch Version: 1.7b Coder/Bugfounder: Perforin ------ the RCE is only once possible, do not waste your command! STEP1: Use my script to bruteforce the admin login from the guestbook. STEP2: If we gain access, you can decide...
[USN-2782-1] Apport vulnerability
========================================================================== Ubuntu Security Notice USN-2782-1 October 27, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities
Title: ====== PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=623 VL-ID: ===== 625 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= PBBoard...
CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability
CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability Issued: April 13, 2014 Updated: May 12, 2014 CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CVE identifier CVE-2014-0160 has been...
Article DashBoard all version SQL Injection Vulnerability
ArticleDashBoard all version SQL Injection Vulnerability Homepage: http://articledashboard.com/ Download: http://www.articledashboard.com/addxpc/ArticleDashboard.zip SQL Injection Found by : ^ Xcross87 | xcross87.info | hcegroup.net Thanks to: ^ RongChauA | reaonline.net | rongchaua.net Dork :...
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: ERPSCAN-15-029 Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass
Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras RTSP Authentication Bypass 1. Advisory Information Title: Vivotek IP Cameras RTSP Authentication Bypass Advisory ID: CORE-2013-0704 Advisory URL:...
Vulnerability found in Flynax Classifieds products
I. BACKGROUND -------------- Flynax is a software development company which produces several CMSs to mantain different kinds of classifieds websites. II. DESCRIPTION ---------------- Nasel members discovered a critical vulnerability in the front-end of these products. The vulnerability is an SQL...
AllMyLinks PHP Code Injection vulnerability
AllMyLinks PHP Code Injection vulnerability Product : AllMyLinks Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/footer.inc.php -------------------------------------------------------------- $AMLfooterget =...
Multiple vulnerabilities in Joomla-Base
Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insufficient Anti-automation vulnerabilities in Joomla-Base. This is package of Joomla with different plugins with their vulnerabilities. These vulnerabilities are in Google Maps plugin for...
Cisco CUCM - Multiple Vulnerabilities
Recurity Labs GmbH http://www.recurity-labs.com [email protected] Date: 08.11.2011 Vendor: Cisco Systems Product: CUCM Environment Cisco Unified Communications Manager CallManager Cisco IP Phone CP-7975G Vulnerability: Directory Traversal Reversible Obfuscation Algorithm SCCP service...
[security bulletin] HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03808969 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03808969 Version: 1 HPSBHF02888 rev....
new vulnerability inPowerFTP Personal FTP Server
PowerFTP Personal FTP Server is a multithreaded FTP server for the MS Windows OS by Cooolsoft. The PowerFTPd is available from vendor Cooolsoft's website: http://www.cooolsoft.com I found a vulnerability has PowerFTP that allows a remote user--any user--to shut down the ftp server tested on v 2.2...
[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 1 HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...
PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-16: CSRF Cross-site Request Forgery on Moodle edit profile page Vulnerability found: 25/06/2008 Vendor informed: 28/06/2008 Vulnerability fixed: 16/07/2008 Advisory publicly released: 22/07/2008 Severity: High Description: HTTP requests can be...
Cpanel 5 and below remote command execution and local root vulnerabilities
Products: Cpanel 5 and below http://www.cpanel.net Date: 19th February 2003 Author: pokleyzz pokleyzzatscan-associates.net Contributors: sk skatscan-associates.net shaharil shaharilatscan-associates.net Special thanks: Skywizard skywizardatmybsd.org.my Description =========== Cpanel is web hostin...
Microsoft Security Bulletin MS10-071 - Critical Cumulative Security Update for Internet Explorer (2360131)
Microsoft Security Bulletin MS10-071 - Critical Cumulative Security Update for Internet Explorer 2360131 Published: October 12, 2010 Version: 1.0 General Information Executive Summary This security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabiliti...
PhotoPost PHP 4.6 - 4.5 [PP_PATH] >> Remote File Include Vulnerability
PhotoPost PHP 4.6 - 4.5 PPPATH Remote File Include Vulnerability Found by ..........: AG-Spider our Web Site : ---- http://www.ArabAttack.com Arab Attack Security Team Affected Software .: PhotoPost PHP Vendor ............: http://www.popphoto.com Risk & Class...: high-Remote File Inclusion C0ntA...
[Full-disclosure] D-Link DSL routers authentication bypass
====================== SUMMARY ======================== Title: D-Link DSL routers authentication bypass Date: 19 May 2005 Author: Francesco Orro francesco.orro 4t akhela.com Product: DSL-502T, DSL-504T, DSL-562T, DSL-G604T Vendor: D-Link Vendor URL: http://www.dlink.com Vendor Status: D-Link was...
[waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]
================================================================================ waraxe-2004-SA026 ================================================================================ Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke...
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol SIP Original release date: February 21, 2003 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affect...
[security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04236062 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236062 Version: 2 HPSBMU02994 rev....
CVE-2011-2730: Spring Framework Information Disclosure
CVE-2011-2730: Spring Framework Information Disclosure Severity: Variable depending on application. Likely to be low to moderate, may be important. Version affected: 3.0.0 to 3.0.5 2.5.0 to 2.5.6.SEC02 community releases 2.5.0 to 2.5.7.SR01 subscription customers Earlier, unsupported versions may...
XSRF (CSRF) in CMScout
Vulnerability ID: HTB22719 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincmscout.html Product: CMScout Vendor: CMScout Team http://www.cmscout.co.za/ Vulnerable Version: 2.09 and probably prior versions Vendor Notification: 25 November 2010 Vulnerability Type: CSRF Cross-Site Request Forge...
Office XP Remote SQL Injection
Aria-Security Team Persian Security Network http://forum.Aria-Security.com ENGLISH FORUM! -------------------------------------------------- Shoutz: Aura, Null, Kinglet Office XP Remote SQL Injection Vendor: vso-xp.com Vulnerable File: MyIssuesView.asp Original Adivosry:...
OpenBSD ICMPv6 buffer overflow
Buffer oveflow on fragmented IPv6 packet...
RUNCMS 1.3a SQL injection
refrence: http://www.runcms.org/public/modules/forum/viewtopic.php?topicid=4003&forum=18 http://hamid.ir/security/ ----------------------------------------------- RUNCMS 1.3a SQL injection Runcms Includes most things a webmaster would expect from a cms: downloads, links, tutorials section, polls,...
Zorum Portal (PHP)
Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: --------------------------------- include.php --------------------------------- PHP Code: --------------------------------- ... include"$gorumDir/generformlibmultipleselection.php";...
BF and FPD vulnerabilities in MODx
Hello 3APA3A! I want to warn you about security vulnerabilities in MODx. This is the first part of the vulnerabilities in this CMS the first 19 vulnerabilities. These are Brute Force and Full path disclosure vulnerabilities in MODx. It's about 0.x and 1.x Evolution versions of MODx CMS. In 2.x...
XSS and IL vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about Cross-Site Scripting and Information Leakage vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3302. ------------------------- Affected products:...
Geovision Digital Video Surveillance System directory traversal
No description provided...
Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Alert Update Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD DB12 Jan 18, 2007 Updated July 18th, 2007 Risk Level: High Affected versions: Oracle Database Server versions 8i...
D-Link DIR-300 authentication bypass
intro Hello, I found security bug in D-Link DIR-300 wireless router. It can be used to bypass authentication mechanizm by attacker with access to web interface. I reported it to D-Link but they are not replying for my emails. According to other D-Link security holes and their status I think that...
WGCC Beta <= 0.5.6 (quiz.php) Remote SQL InJection Vulnerability
Title : WGCC Beta = 0.5.6 quiz.php Remote SQL InJection Vulnerability Author : ajann Dork : "Web Group Communication Center beta 0.5.6/0.5.5/.." Greetz : Tm, Mslman, Aleminin, Ramazan, Bayram., MUBAREK, Olsun --Login Before Injection Inject http://target.com/path/quiz.php?action=show&qzid=SQL...
ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-081 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...
PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding
!/usr/bin/perl use Getopt::Std; use LWP::UserAgent; sub usg printf" --------------------------- | PHP-NUKE KutubiSitte kid = SQL Injection | --------------------------- Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 ----------------------------- :::::::::::::::::::::::::::::...
[Full-disclosure] FusionPHP Multiple Vulnerabilities
Advisory 8 Title: FusionPHP Multiple Vulnerabilities Author: 0ozeuso0 Contact: [email protected] Website: www.elitemexico.org Date: 01/03/2006 Risk: High Vendor Url: http://fusionphp.net/forums/ Affected Software: FusionPHP Non Affected: We Are: olimpus klan team Info:...
CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box
CVE-2014-1599 39 Type-1 XSS in SFR ADSL/Fiber Box. SFR is the french Vodafone estimated DSL user base of 5.2 Millions. affected product: SFR BOX NB6-MAIN-R3.3.4 vulnerabilities: /network/dns 5 non-filtered Type-1 XSS /network/dhcp 6 non-filtered Type-1 XSS /network/nat 7 non-filtered Type-1 XSS...
HP/H3C and Huawei SNMP Weak Access to Critical Data
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP/H3C and Huawei SNMP Weak Access to Critical Data =================================================== http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html Overview - - -------- HP/H3C and Huawei networking equipment...
XSS in phpFoX Version 1.06
Advisory: XSS in phpFoX Version 1.06 Home Page: http://www.phpfox.com/ Уязвимость/Vulnerability: Межсайтовый скриптинг/Cross Site Scripting http://www.arcticarmy.co.uk/user/?P=Daalvashi"scriptalert/script" http://www.arcticarmy.co.uk/user/?G=Cutiebubbleboo"scriptalert/script"...
HTTP Response Splitting Vulnerability in Wordpress 1.2
SECURITY ADVISORY: HTTP Response Splitting in WordPress 1.2 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 6th, 2004 PRODUCT: WordPress 1.2 wordpress.org FROM THE VENDOR WEBSITE: WordPress is a state-of-the-art semantic personal publishing platform with a focus on...
Security Advisory: FreeBSD-SA-00:58.chpass
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:58 Security Advisory FreeBSD, Inc. Topic: chpass family contains local root vulnerability Category: core Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd Announced:...
AOL Instant Messenger DoS
AOL Instant Messenger version 4.1.2010 others? appears to be vulnerable to a DoS attack when handling file transfers with filenames containing s. The problem I encountered is that trying to send a file to crash my victim's client would cause my client to crash first, defeating the purpose. To get...
WebdesignJiNi Cms Sql Injection Vulnerability
Sql Injection Vulnerability in WebdesignJiNi Cms in All Version @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, crossite scripting, DoS, information leakage...
Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities
Elgg 1.7.9 = | Multiple Cross Site Scripting Vulnerabilities 1. OVERVIEW The Elgg 1.7.9 and lower versions are vulnerable to multiple Cross Site Scripting. 2. BACKGROUND Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities...
Microsoft Security Bulletin MS08-037 – Important Vulnerabilities in DNS Could Allow Spoofing (953230)
Microsoft Security Bulletin MS08-037 – Important Vulnerabilities in DNS Could Allow Spoofing 953230 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in the Windows Domain Name System DNS that could allo...
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
/ Kuon Armorize Security Team Kuon-at-Armorize.com YaPiG thankscomment.php Cross-Site Scripting Vulnerability Contact : Kuon-at-Armorize.com Link : www.Armorize.com / Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability...
Multiple Sql injection and XSS in CartWIZ ASP Cart
Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple Sql injection and XSS i...