47153 matches found
Oracle Critical Patch Update Advisory - July 2009
Oracle Critical Patch Update Advisory - July 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...
CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0054 Incomplete fix for CVE-2013-4152 / CVE-2013-6429 XXE Severity: Important Vendor: Spring by Pivotal Versions Affected: - - Spring MVC 3.0.0 to 3.2.8 - - Spring MVC 4.0.0 to 4.0.1 - - Earlier unsupported versions may be affected Descriptio...
[security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04197764 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 1 HPSBHF02981 rev....
[INTREST SEC] Atlassian Confluence Wiki XSS Vulnerability
------------------------------- INTREST SEC | Security Advisory ------------------------------- Product: Confluence Wiki Vendor: Atlassian www.atlassian.com Vulnerability Type: Cross Site Scripting XSS Risk Level: High classified by vendor Discovered by: INTREST SEC - NID Public Diclosure:...
REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability
Rewterz Security Research Group Advisory ======================================================== I. Overview ======================================================== A Cross-Site Scripting XSS vulnerability has been identified in TEMENOS T24 Core Banking Solution System. This vulnerability allow...
Microsoft Security Bulletin MS09-003 - Critical Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
Microsoft Security Bulletin MS09-003 - Critical Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution 959239 Published: February 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Exchange...
[DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3
Digital Security Research Group DSecRG Advisory DSECRG-08-038 Application: ezContents CMS Versions Affected: 2.0.3 Application URL: http://www.ezcontents.org/ Vendor URL: http://www.visualshapers.com/ Bug: Multiple Local File Include Exploits: YES Reported: 05.08.2008 Second report: 18.08.2008...
joomla SQL Injection(com_jooget)
joomla SQL Injectioncomjooget AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl: id "comjooget" DORK 2 : allinurl: detail "comjooget" DORK 3 : allinurl: "comjooget" EXPLOIT :...
Mozilla personal security manager /tmp issues
Playing with /tmp a bit this morning I ran into the following issue in mozilla... with mozilla open root@linuxppc root fuser -n file /tmp/.nsmc-0-lock /tmp/.nsmc-0-lock: 3220 3223 3224 3226 3227 3228 3229 root@linuxppc root ps -ef | grep 3220 root 3220 1 0 12:42 ? 00:00:00 ./psm sh-2.05$ id...
Hyperseek 2000 Search Engine - "show directory & files" bug
--== NerF security gr0up advisory ==-- -------------------------------------------------------------------- Hyperseek 2000 Search Engine - "show directory & files" bug. -------------------------------------------------------------------- 1. Standart perl problem is in statistic module - file:...
F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection
OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides secure remote access to enterprise applications and data for users over any device or network while protecting your corporate. See http://www.f5.com/pdf/products/firepass-overview.pdf...
Rosewill RXS-3211 IP camera information leakage
It's possible to retrieve administration password via UDP/13364 request...
[NETRAGARD SECURITY ADVISORY][Maia Mailguard 1.0.2 Arbitrary Code Execution][NETRAGARD-20070628]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NETRAGARD ADVISORY http://www.netragard.com "We make IT Safe" Advisory Summary - ----------------------------------------------------------------------- Advisory Author : Adriel T. Desautels Advisory ID : NETRAGARD-20070628 Product Name : Maia Mailgua...
Enthrallweb eCars 1.0 (types.asp) Remote SQL Injection Vulnerability
Title : Enthrallweb eCars 1.0 types.asp Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.enthrallweb.us $$ : 179.40 USD SQL--------------------------------------------------------- http://target/path//Types.asp?Typeid=SQL Example: Home Pass...
Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass
Dear Tomasz Kojm, TK That's extremely irresponsible to disclose bugs without giving the vendors TK any chance to fix them and prepare new software releases. This is a rare case I can not agree with such statement. Ability to bypass content filter is not a bug before this issues is used in-the-wil...
CVE-2009-4509: TANDBERG VCS Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Authentication Bypass Release Date:...
vBulletin nulled (validator.php) files/directories disclosure
Description: With this file you can see all files.sql - .tar.gz - .zip - .rar - .php - .anything / directories from the folder with vBulletin installed... Exploit: http://www.website.com/vBforum/validator.php Author: PaxNwo www.rstcenter.com...
[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2014-7810 Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.15 - - Apache Tomcat 7.0.0 to 7.0.57 - - Apache Tomcat 6.0.0 to 6.0.43 Description: Malicious web...
[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution
CVE-2013-2251: Apache Archiva Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.6 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: Apache Archiva is affected by a vulnerability in th...
APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Safari 5.1 and Safari 5.0.6 are now available and address the following: CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross-...
Oracle Critical Patch Update Advisory - July 2010
Oracle Critical Patch Update Advisory - July 2010 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...
Cross-browser Code Execution via XSS
Hello 3APA3A! Recently I wrote about cross-browser Code Execution via XSS attack http://websecurity.com.ua/2638/. Earlier I wrote you about Code Execution via XSS in Internet Explorer http://securityvulns.ru/Udocument911.html. In this article I told about Code Execution attack via IE via Cross-Si...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey
SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...
Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability
.-""""""""-. / Dj7xpl | | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / / @ +Iranian Are The Best In World+ Portal.......: Flexphpnews version 0.0.5 Download.....: http://www.china-on-site.com/flexphpsite/other.php Author.......: Dj7xpl |...
Confixx 3.1.2 <= SQL Injection
// Confixx 3.1.2 = SQL Injection // ----------------------------------------------------------------- Advisory by: LoK-Crew Snake23 - Exploit: http://www.victim.com/user/index.php?SID=SQL - Googledork: inurl:confixx inurl:login|anmeldung + Greetz to: Bluegeek and Team.Rootbox + Visit:...
BBcode XSS in CLANSPHERE
Vulnerability ID: HTB22691 Reference: http://www.htbridge.ch/advisory/bbcodexssinclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: BBcode XSS Status: Fixed by Vendor Risk level:...
Многочисленные уязвимости в NetCat CMS <= 3.12
Многочисленные уязвимости в NetCat CMS = 3.12 Описание: Были обнаружены многочисленные уязвимости в CMS NetCat 3.12. Некоторым уязвимостям, перечисленным ниже, также подвержена версия NetCat 3.0. 1. Множественные уязвимости типа "Чтение произвольных файлов" File Including Уязвимость существует по...
ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability
ZDI-10-231: Juniper Secure Access Series meetingtestjava.cgi XSS Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-231 November 7, 2010 -- CVSS: 6.4, AV:N/AC:L/Au:N/C:P/I:P/A:N -- Affected Vendors: Juniper -- Affected Products: Juniper Secure Access Series -- TippingPointTM IPS...
Explay CMS <= 2.1 SQL Injection Vulnerabilities
=============================================== Explay CMS = 2.1 SQL Injection Vulnerabilities =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 ...
Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files ActiveX Controls Could Allow Remote Code Execution 932349 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves five privately reported...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: local file include, directory traversal, files modification and information leak...
[MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution
MSA01110707: Flash Player/Plugin Video file parsing Remote Code Execution Date: July 13, 2007 Tested OS: Windows xp sp2 Italian, Windows xp sp2 English Linux Ubuntu 6.10 Tested Flash Versions: Flash Plugin 9.0.28.0 Windows Flash Player 9.0.28.0 Windows Flash Plugin 9.0.31.0 Linux Flash Player...
Active Photo Gallery Remote SQL Injection Vulnerability
Title : Active Photo Gallery Remote SQL Injection Vulnerability Author : CyberGhost My Web Site : http://aspspider.org/cgsecurity Demo Page : http://www.activewebsoftwares.com/demoactivephotogallery Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=11 Vuln. Username :...
[SYSS-2015-031] sysPass - SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solutio...
[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution
CVE-2013-2251: Apache Continuum affected by Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Continuum 1.3.1 to Continuum 1.4.1 Description: Apache Continuum is affected by a vulnerability in the version of the Struts library being used, whi...
TconZERO (prodotto.php?idprodotto) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability TconZERO prodotto.php?idprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.tconzero.net/ Persian Gulf 4 Ever! Dork : "Design By TconZERO"...
PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability
=================================================================== PHP-Fusion = 6.01.15.4 downloads.php SQL Injection Vulnerability =================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /,...
[Fwd: RE: XSS via IE MOTW feature. [sd]]
Hello MustLive / 3APA3A, I read your Vulnerabilities digest reported to BT today. Last year I noticed issue 3 during an assessment also. I've contacted MS during that time see below. They replied with: -- Hi David Thank you for submitting your email regarding XSS via IE MOTW feature. We have...
MERCURY/Templates mercury.ASP SQL Injection
MERCURY/Templates mercury.ASP SQL Injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam 1- example.com/patch/mercury.asp?pageid=1&newsid=sql methot 1- example.com/templates/mercury.asp?pageid=1&newsid=sql methot...
SUBMISSION - multiple vulnerabilities in Prospero 1.3.5 CGI
= Warped Force Advisory = Author: darkyoda [email protected] Subject: Multiple vulnerabilities in Prospero 1.3.5 CGI Discovered: 12.15.00 Announced: 2.1.01 Vendor Status: Maintainer notified 12.27.00. New version released. Current version is 1.3.7 Platforms: Any web server capable of running...
3KITS CMS - SQL Injection Vulnerability
========================================================= + Title :- 3KITS CMS - SQL Injection Vulnerability + Date :- 23 - July - 2015 + Vendor Homepage :- http://www.3kits.com/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :- webapps + Google Dorks...
[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04240206 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04240206 Version: 1 HPSBST03001 rev....
Multiple HTTP servers DoS
Range: header processing can lead to memory exhaustion...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
FreeBSD Security Advisory FreeBSD-SA-14:28.file
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:28.file Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in file1 and libmagic3 Category: contrib Module: file Announced: 2014-12-10...
Cross-site scripting vulnerability in Invision Power Board version 3.2.3
Information -------------------- Name : Cross-site scripting vulnerability in Invision Power Board version 3.2.3 Software : Invision Power Board version 3.2.3 Vendor Homepage : http://www.invisionpower.com Vulnerability Type : Cross-site scripting Severity : High Researcher : Vasil A. [email protected]...
Aardvark Topsite XSS vulnerability
Hi, I found XSS on Aardvark Topsites PHP system. Dork: "Powered by Aardvark Topsites" "SQL Queries" XSS: sitepath/index.php?a=search&q=2220onmouseover3dalertString.fromCharCode88,83,8320par3d22 Can use POST to effect the "email", "title", "u" and "url" parameters either on the same way. Tested...
SiteMinder Agent: Cross Site Scripting
Exploit in XSS: https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=XSS Cross Site Scripting Code: https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1alertdocument.cookie;function+dropif0 In this way we can inject the alert code without brackets i...
Microsoft Security Bulletin MS04-011
Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows 835732 Issued: April 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation:...