47153 matches found
[ MDVSA-2014:057 ] mediawiki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:057 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : March 13, 2014 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix multiple vulnerabilities: MediaWik...
[security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04197764 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 1 HPSBHF02981 rev....
CVE-2013-2504 : Matrix42 Service Desk XSS
43zsec SECURITY ADVISORY CVE ID : CVE-2013-2504 Product: Service Store 5.3 SP3 5.33.946.0 Vendor: matrix42 - member of asseco group Subject: Cross-site Scripting - XSS Classification: PCI 2.0: 6.5.7 PCI 1.2: 6.5.1 OWASP: A2 CWE: 79 CAPEC: 19 WASC: 08 Risk: High Effect: Remotely exploitable Author...
F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection
OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides secure remote access to enterprise applications and data for users over any device or network while protecting your corporate. See http://www.f5.com/pdf/products/firepass-overview.pdf...
[INTREST SEC] Atlassian Confluence Wiki XSS Vulnerability
------------------------------- INTREST SEC | Security Advisory ------------------------------- Product: Confluence Wiki Vendor: Atlassian www.atlassian.com Vulnerability Type: Cross Site Scripting XSS Risk Level: High classified by vendor Discovered by: INTREST SEC - NID Public Diclosure:...
REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability
Rewterz Security Research Group Advisory ======================================================== I. Overview ======================================================== A Cross-Site Scripting XSS vulnerability has been identified in TEMENOS T24 Core Banking Solution System. This vulnerability allow...
Oracle Critical Patch Update Advisory - July 2009
Oracle Critical Patch Update Advisory - July 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...
Microsoft Security Bulletin MS09-003 - Critical Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
Microsoft Security Bulletin MS09-003 - Critical Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution 959239 Published: February 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Exchange...
[DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3
Digital Security Research Group DSecRG Advisory DSECRG-08-038 Application: ezContents CMS Versions Affected: 2.0.3 Application URL: http://www.ezcontents.org/ Vendor URL: http://www.visualshapers.com/ Bug: Multiple Local File Include Exploits: YES Reported: 05.08.2008 Second report: 18.08.2008...
CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0054 Incomplete fix for CVE-2013-4152 / CVE-2013-6429 XXE Severity: Important Vendor: Spring by Pivotal Versions Affected: - - Spring MVC 3.0.0 to 3.2.8 - - Spring MVC 4.0.0 to 4.0.1 - - Earlier unsupported versions may be affected Descriptio...
vBulletin nulled (validator.php) files/directories disclosure
Description: With this file you can see all files.sql - .tar.gz - .zip - .rar - .php - .anything / directories from the folder with vBulletin installed... Exploit: http://www.website.com/vBforum/validator.php Author: PaxNwo www.rstcenter.com...
joomla SQL Injection(com_jooget)
joomla SQL Injectioncomjooget AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl: id "comjooget" DORK 2 : allinurl: detail "comjooget" DORK 3 : allinurl: "comjooget" EXPLOIT :...
[NETRAGARD SECURITY ADVISORY][Maia Mailguard 1.0.2 Arbitrary Code Execution][NETRAGARD-20070628]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NETRAGARD ADVISORY http://www.netragard.com "We make IT Safe" Advisory Summary - ----------------------------------------------------------------------- Advisory Author : Adriel T. Desautels Advisory ID : NETRAGARD-20070628 Product Name : Maia Mailgua...
Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass
Dear Tomasz Kojm, TK That's extremely irresponsible to disclose bugs without giving the vendors TK any chance to fix them and prepare new software releases. This is a rare case I can not agree with such statement. Ability to bypass content filter is not a bug before this issues is used in-the-wil...
Mozilla personal security manager /tmp issues
Playing with /tmp a bit this morning I ran into the following issue in mozilla... with mozilla open root@linuxppc root fuser -n file /tmp/.nsmc-0-lock /tmp/.nsmc-0-lock: 3220 3223 3224 3226 3227 3228 3229 root@linuxppc root ps -ef | grep 3220 root 3220 1 0 12:42 ? 00:00:00 ./psm sh-2.05$ id...
Hyperseek 2000 Search Engine - "show directory & files" bug
--== NerF security gr0up advisory ==-- -------------------------------------------------------------------- Hyperseek 2000 Search Engine - "show directory & files" bug. -------------------------------------------------------------------- 1. Standart perl problem is in statistic module - file:...
[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2014-7810 Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.15 - - Apache Tomcat 7.0.0 to 7.0.57 - - Apache Tomcat 6.0.0 to 6.0.43 Description: Malicious web...
APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Safari 5.1 and Safari 5.0.6 are now available and address the following: CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross-...
Rosewill RXS-3211 IP camera information leakage
It's possible to retrieve administration password via UDP/13364 request...
CVE-2009-4509: TANDBERG VCS Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Authentication Bypass Release Date:...
Enthrallweb eCars 1.0 (types.asp) Remote SQL Injection Vulnerability
Title : Enthrallweb eCars 1.0 types.asp Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.enthrallweb.us $$ : 179.40 USD SQL--------------------------------------------------------- http://target/path//Types.asp?Typeid=SQL Example: Home Pass...
[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution
CVE-2013-2251: Apache Archiva Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.6 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: Apache Archiva is affected by a vulnerability in th...
Oracle Critical Patch Update Advisory - July 2010
Oracle Critical Patch Update Advisory - July 2010 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...
Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files ActiveX Controls Could Allow Remote Code Execution 932349 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves five privately reported...
Cross-browser Code Execution via XSS
Hello 3APA3A! Recently I wrote about cross-browser Code Execution via XSS attack http://websecurity.com.ua/2638/. Earlier I wrote you about Code Execution via XSS in Internet Explorer http://securityvulns.ru/Udocument911.html. In this article I told about Code Execution attack via IE via Cross-Si...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey
SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...
BBcode XSS in CLANSPHERE
Vulnerability ID: HTB22691 Reference: http://www.htbridge.ch/advisory/bbcodexssinclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: BBcode XSS Status: Fixed by Vendor Risk level:...
Explay CMS <= 2.1 SQL Injection Vulnerabilities
=============================================== Explay CMS = 2.1 SQL Injection Vulnerabilities =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 ...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: local file include, directory traversal, files modification and information leak...
Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability
.-""""""""-. / Dj7xpl | | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / / @ +Iranian Are The Best In World+ Portal.......: Flexphpnews version 0.0.5 Download.....: http://www.china-on-site.com/flexphpsite/other.php Author.......: Dj7xpl |...
Confixx 3.1.2 <= SQL Injection
// Confixx 3.1.2 = SQL Injection // ----------------------------------------------------------------- Advisory by: LoK-Crew Snake23 - Exploit: http://www.victim.com/user/index.php?SID=SQL - Googledork: inurl:confixx inurl:login|anmeldung + Greetz to: Bluegeek and Team.Rootbox + Visit:...
Microsoft Windows multiple security vulnerabilities
Memory corruption in graphics library, signature check bypass, use-after-free in scripting, multiple privilege escalations...
ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability
ZDI-10-231: Juniper Secure Access Series meetingtestjava.cgi XSS Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-231 November 7, 2010 -- CVSS: 6.4, AV:N/AC:L/Au:N/C:P/I:P/A:N -- Affected Vendors: Juniper -- Affected Products: Juniper Secure Access Series -- TippingPointTM IPS...
Многочисленные уязвимости в NetCat CMS <= 3.12
Многочисленные уязвимости в NetCat CMS = 3.12 Описание: Были обнаружены многочисленные уязвимости в CMS NetCat 3.12. Некоторым уязвимостям, перечисленным ниже, также подвержена версия NetCat 3.0. 1. Множественные уязвимости типа "Чтение произвольных файлов" File Including Уязвимость существует по...
[MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution
MSA01110707: Flash Player/Plugin Video file parsing Remote Code Execution Date: July 13, 2007 Tested OS: Windows xp sp2 Italian, Windows xp sp2 English Linux Ubuntu 6.10 Tested Flash Versions: Flash Plugin 9.0.28.0 Windows Flash Player 9.0.28.0 Windows Flash Plugin 9.0.31.0 Linux Flash Player...
Active Photo Gallery Remote SQL Injection Vulnerability
Title : Active Photo Gallery Remote SQL Injection Vulnerability Author : CyberGhost My Web Site : http://aspspider.org/cgsecurity Demo Page : http://www.activewebsoftwares.com/demoactivephotogallery Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=11 Vuln. Username :...
[SYSS-2015-031] sysPass - SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solutio...
HP iLO DoS
Device crashes on request with Hearbleed exploitation demonstration...
SUBMISSION - multiple vulnerabilities in Prospero 1.3.5 CGI
= Warped Force Advisory = Author: darkyoda [email protected] Subject: Multiple vulnerabilities in Prospero 1.3.5 CGI Discovered: 12.15.00 Announced: 2.1.01 Vendor Status: Maintainer notified 12.27.00. New version released. Current version is 1.3.7 Platforms: Any web server capable of running...
3KITS CMS - SQL Injection Vulnerability
========================================================= + Title :- 3KITS CMS - SQL Injection Vulnerability + Date :- 23 - July - 2015 + Vendor Homepage :- http://www.3kits.com/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :- webapps + Google Dorks...
[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution
CVE-2013-2251: Apache Continuum affected by Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Continuum 1.3.1 to Continuum 1.4.1 Description: Apache Continuum is affected by a vulnerability in the version of the Struts library being used, whi...
TconZERO (prodotto.php?idprodotto) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability TconZERO prodotto.php?idprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.tconzero.net/ Persian Gulf 4 Ever! Dork : "Design By TconZERO"...
PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability
=================================================================== PHP-Fusion = 6.01.15.4 downloads.php SQL Injection Vulnerability =================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /,...
[Fwd: RE: XSS via IE MOTW feature. [sd]]
Hello MustLive / 3APA3A, I read your Vulnerabilities digest reported to BT today. Last year I noticed issue 3 during an assessment also. I've contacted MS during that time see below. They replied with: -- Hi David Thank you for submitting your email regarding XSS via IE MOTW feature. We have...
MERCURY/Templates mercury.ASP SQL Injection
MERCURY/Templates mercury.ASP SQL Injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam 1- example.com/patch/mercury.asp?pageid=1&newsid=sql methot 1- example.com/templates/mercury.asp?pageid=1&newsid=sql methot...
FreeBSD Security Advisory FreeBSD-SA-14:28.file
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:28.file Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in file1 and libmagic3 Category: contrib Module: file Announced: 2014-12-10...
[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04240206 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04240206 Version: 1 HPSBST03001 rev....
Multiple HTTP servers DoS
Range: header processing can lead to memory exhaustion...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...