47153 matches found
Foxit Reader buffer overflow
util.printf JavaScript function buffer overflow...
EQdkp <= 1.3.1 Referer Spoof to access to SQL Database
Title: EQdkp = 1.3.1 Referer Spoof to access to SQL Database URL: http://www.eqdkp.com Hook: "Powered by EQdkp" Author: Eight10 Contact: [email protected] -------------------------------------------------------------------------------------------------------- Background: EQdkp is the largest DKP...
SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion
Solpot Crew Community ReviewPost 2.5 RPPATH Remote File Inclusion Donwload File : http://3-bius.com/ReviewPost.zip Bug Found By :homeedition2001 a.k.a bius 15-09-2006 contact: [email protected] Website : http://www.nyubicrew.org/adv/homeedition2001-adv-01.txt Greetz:...
[UNIX] Dropbear SSH Server Format String Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Microsoft Security Bulletin MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution(Q823980)
-----BEGIN PGP SIGNED MESSAGE----- - - --------------------------------------------------------------- Title: Buffer Overrun In RPC Interface Could Allow Code Execution 823980 Date: 16 July 2003 Software: Microsoftr Windows r NT 4.0 Microsoft Windows NT 4.0 Terminal Services Edition Microsoft...
[SECURITY] [DSA 3265-1] zendframework security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3265-1 [email protected] http://www.debian.org/security/ David PrA©vot May 20, 2015 http://www.debian.org/security/faq -...
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...
Cisco ASA SSL VPN protection bypass
It's possible to bypass URL filtering feature...
KwsPHP (Upload) Remote Code Execution Exploit
?php / ---KwsPHP All Version / Remote Code Execution--- Faille Discovered By TsukasaGenesis && Ajax Sploit Coded By Ajax Site: http://www.r57shell.in / if$argc9 print "---KwsPHP All Version / Remote Code Execution---nn"; print "usage: kwsphpsploit.php -url url -login login -pass pass -email email...
Дырка в compressed folders Windows 98/ME (recoverable passwords)
Пароли могут быть восстановлены...
CGI - mailnews.cgi vulnerability...
Hello BuGReaders... Script: mailnews.cgi Introduction: cat from source CGI-Script MAILNEWS 1.3 This script helps you to maintain a mailinglist. /cat Tested Version: 1.1, 1.3 Author dont parse some characters and he use very stupid "password protection". We can add or delete users from maillist...
Glype proxy privacy settings can be disabled via CSRF
------------------------------------------------------------------------ Glype proxy privacy settings can be disabled via CSRF ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------...
multiple Vulnerability in "WahmShoppes eStore"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : multiple Vulnerability in "WahmShoppes eStore" Author : alieye vendor : http://www.wahmshoppes.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:WsError.asp inurl:store/ We apologize but your request...
[security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262472 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262472 Version: 2 HPSBMU03020 rev....
RuggedCom - Backdoor Accounts in my SCADA network? You don't say...
Title: Undocumented Backdoor Access to RuggedCom Devices Author: jc Organization: JC CREW Date: April 23, 2012 CVE: CVE-2012-1803 Background: RuggedCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardened" networking equipment. You'll find...
Dropbear SSH server use-after-free
No description provided...
HTB22814: XSS vulnerability in ViArt Shop
Vulnerability ID: HTB22814 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinviartshop.html Product: ViArt Shop Vendor: Viart Software http://www.viart.com/ Vulnerable Version: Enterprise v.4.0.5 Vendor Notification: 25 January 2011 Vulnerability Type: XSS Cross Site Scripting Status:...
acvsws_php5_v1.0 <= Multiple Remote File Include Vulnerablitiy
acvswsphp5v1.0 = Multiple Remote File Include Vulnerablitiy D.Script: http://www.acvsnet.net/DNN ACVS/Portals/0/Commun/WebServices/acvswsphp5v1.0release.zip/ Discovered by: MoHaNdKo-=-=- [email protected] Homepage: http://www.MoHaNdKo.cOm Exploit:Path/incACVS/SOAP/Transport.php?CheminInclude=She...
Vulnerabilities in CrushFTP Server
----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in CrushFTP Server Overview CrushFTP Server 2.1.4 is a java ftp server available from http://www.crushftp.com. Multiple vulnerabilities exist which allow users to change directories outside of the ftp root and downlo...
Vbulletin Plugin ChatBox Xss Vulnerability
Vbulletin Plugin ChatBox Xss Vulnerability Discovered By AleminKrali [email protected] www.al3m.blogspot.com Greetz : BeyazKurt,Kerem125,Cr@zyKing,Ercu145,Abo Mohammed Net Devil High Risk Vulnerability! Xss Working!note:You login site and xss try. Ex: http://www.localhost/misc.php?do=ccarc&cbt=xss...
[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-001 Product: Kaspersky Endpoint Security for Windows KES Manufacturer: Kaspersky Lab ZAO Affected Versions: 8.1.0.1042, 10.2.1.23 Tested Versions: 8.1.0.1042, 10.2.1.23 Vulnerability Type: Authentication Bypass Using an...
[security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 1 HPSBPV02918 rev....
ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-165 : 0Day HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-165 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...
Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access
----------------------------------------------------------------------------- Vulnerabilities: An unspecified bug can cause an unsafe/undocumented TCP port to open allowing for: - Unauthenticated remote access to all pages of the router administration GUI, bypassing any credential prompts under...
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CERT: VU325039 Affected Software: - libzip 0.9.3 - PHP 5.3.5 fixed 5.3.6 Original URL:...
NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability
-------------------------- NSOADV-2010-010 --------------------------- DATEV Multiple Applications DLL Hijacking Vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 11...
some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability)
This reminded me of a bunch of problems I spotted in Juniper SSL VPN a while ago; they are apparently fixed, but I don't recall seeing any public vendor advisory / credit for reporting them - so here you go, even if just for the record... These were fixed by Juniper in IVE 6.3R1, 6.2R3, 6.1R5,...
XSS phpBB 2.0.21 in administration
phpBB 2.0.21 XSS in administration //-- By Blwood [email protected] //-- http://www.blwood.net //-- Style Admin ----------- Management & Create a theme Lots of input are not properly "filtrate" like stylename, headstylesheet, bodybackground, trcolor1name all the input in simple name... We cand...
Yapig: XSS / Code Injection Vulnerability
=========================================================== Yapig: XSS / Code Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0510-001, October 13, 2005...
Virginity Security Advisory 2003-001 : Hola CMS - Admin Password Disclosure by Include vulnerability
-------------------------------------------------------------------- Virginity Security Advisory 2003-001 - - - -------------------------------------------------------------------- DATE : 2003-08-13 03:11 GMT TYPE : remote VERSIONS AFFECTED : == hola-cms-1.2.9-10...
Revival of the SUQ.DIQ homepage
Lots of people have requested the SUQ.DIQ package since the closing of the SUQ.DIQ website. Did you all notice how IBMs stocks dropped after the release of this "exploit" and the rather aggresive advisory released by IBM seemed only to make it worse? I can imagine it's a bit of a set back for IBM...
Catman file clobbering vulnerability Solaris 2.x
Solaris 2.7/2.8 catman temp file vulnerability. Larry W. Cashdollar Vapid Labs Date Published: 12/18/2000 Advisory ID: 11242000-02 Risk: Low Title: catman temp file vulnerability. Class: insecure temp file handling. Remotely Exploitable: no Locally Exploitable: Yes Vulnerability Description:...
ICQLite executable trojaning
bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messenger...
DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® EasyDnnGallery Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.easydnnsolutions.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue
MajorSecurity Advisory 33ShopSystems - SQL Injection Issue Details ======= Product: ShopSystems Affected Version: = 4.0 Immune Version: none Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.shopsystems.biz Vendor-Status: informed Advisory-Status: published Credits ============...
The Holy Grail: Cisco IOS shellcode And Exploitation Techniques
Michaels Lynn's presentation on Cisco routers malicious code execution possibility...
Insecure directory permissions of default installation of Kaspersky Anti-Virus for Unix/Linux File Servers will lead to local root exploit
FYI, a new version is already available and a proposed workaround is described at the end of the advisory. Peter URLs for this document: ftp://ftp.aerasec.de/pub/advisories/kav4unix/kav4unix-local-root-exploit.txt TXT P & C 2005 AERAsec Network Services and Security GmbH The information in this...
[security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04239374 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239374 Version: 1 HPSBMU02999 rev....
[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03515685 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03515685 Version: 2 HPSBHF02819...
Elgg 1.7.10 <= | Multiple Vulnerabilities
OVERVIEW The Elgg 1.7.10 and lower versions are vulnerable to Cross Site Scripting and SQL Injection. 2. BACKGROUND Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured...
AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights
AV Arcade 2.1b COOKIEavauserid Get Admin Rights Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Vurnerable code: admin/index.php: $sql = mysqlquery"SELECT FROM avausers...
[USN-2362-1] Bash vulnerability
========================================================================== Ubuntu Security Notice USN-2362-1 September 24, 2014 bash vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Microsoft Security Bulletin MS09-062 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
Microsoft Security Bulletin MS09-062 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution 957488 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These...
security advisory - OpenVMPS
security advisory - OpenVMPS What is it? ----------- OpenVMPS is a substitute implementation of Cisco Virtual Membership Policy Server on Catalyst 65500 family of switches. It is used on Cisco LAN switces to dynamically assign ports to VLANs according to Ethernet Address. Because it was developed...
CVE-2013-2504 : Matrix42 Service Desk XSS
43zsec SECURITY ADVISORY CVE ID : CVE-2013-2504 Product: Service Store 5.3 SP3 5.33.946.0 Vendor: matrix42 - member of asseco group Subject: Cross-site Scripting - XSS Classification: PCI 2.0: 6.5.7 PCI 1.2: 6.5.1 OWASP: A2 CWE: 79 CAPEC: 19 WASC: 08 Risk: High Effect: Remotely exploitable Author...
Microsoft Security Bulletin MS10-012 - Important Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Microsoft Security Bulletin MS10-012 - Important Vulnerabilities in SMB Server Could Allow Remote Code Execution 971468 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows. Th...
Oracle Critical Patch Update Advisory - July 2009
Oracle Critical Patch Update Advisory - July 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...
Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability
Faststram FTP built in server responds with the real path of directory instead of a virtual one.It is possible to get files outside of root.dir. e:crap was used as root directory 1. directory path 230 User anonymous logged in. ftp pwd 257 "/E:/crap/" is current directory. 2. getting files from...