47153 matches found
Microsoft Windows Media Player directory traversal
Directory traversal during .wmz files download allows to uploading any file to any location...
LG Electronics LG3100p router
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue: ----------------------------------------------------------------| LG Electronics LR3100p is a small WAN router, with two WAN interfaces and one Ethernet. It comes with no access lists defined, which enables administrator to connect to port 23/t...
The Bat! version 1.49
We would like to inform you that version 1.49 is now released. It contains some important security fixes so we recommend you to download it as soon as you can if you use The Bat! as your primary e-mail client. What's new in The Bat! 1.49? Legend: since 1.48 + Added feature Improved/changed featur...
Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne
English: Multiple vulnerabilities in Basware Banking/Maksuliikenne software that were reported already 08/2012 may still enable undetectable economic crimes against user organizations companies Finnish: Basware Banking/Maksuliikenne -ohjelmiston haavoittuvuudet, joista raportoitiin jo 08/2012,...
CVE-2012-6451 Authentication Bypass in LOREX IP Cameras
Product: Lorex LNC116 and LNC104 IP Cameras Vendor: LOREX Technology Inc. Vulnerability Type: Authentication Bypass Vulnerable Firmware Versions: 030312 and earlier Tested Firmware Version: 030312 Fixed Firmware Version: 030405 Solution Status: Fixed by Vendor Vendor Notification: December 22, 20...
PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
?php www.bugreport.ir Title: PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version Vendor: http://www.php.net Vulnerable Version: PHP up to version 5.3.12 and 5.4.2 Exploitation: Remote Original Advisory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ Original Exploit URL:...
[waraxe-2004-SA#006 - Multiple vulnerabilities in 4nalbum module for PhpNuke]
================================================================================ waraxe-2004-SA006 ================================================================================ Multiple vulnerabilities in 4nalbum module for PhpNuke...
iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability
Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID:...
[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04467807 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04467807 Version: 1 HPSBGN03117 rev....
HP iLO DoS
Device crashes on request with Hearbleed exploitation demonstration...
Croogo CMS 1.2 Cross Site Scripting Vulnerabilities
Croogo CMS 1.2 Cross Site Scripting Vulnerabilities ========================================== Vulnerable Software: 1.2 and prior Release Date: 2010-03-06 Last Update: 2010-02-01 Critical: Low Impact: Session hijack Denial of service Code execution Solution Status: Webvuln has informed and...
Comersus Shop Cart 7.07 SQL Injection & XSS
--- Comersus Shop Cart 7.07 SQL Injection & XSS Comersus is an active server pages asp software for running shopping stores, integrated with the rest of your web site. Comersus ASP Cart is free and IT CAN BE used for commercial purposes. An attacker may leverage this issue to have arbitrary scrip...
[SA16949] SEO-Board admin.php SQL Injection Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
Barracuda Spam Firewall <= 3.1.10 acts as open relay for whitelisted senders.
Description www.barracudanetworks.com: The Barracuda Spam Firewall is an integrated hardware and software solution for complete protection of your e-mail server. It provides a powerful, easy to use, and affordable solution to eliminate spam and viruses from your organization. Synopsis: Under norm...
[SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Configuration File Disclosure Vulnerability
---------------------------------------------------------------------- SNS Advisory No.44 Trend Micro OfficeScan Corporate EditionVirus Buster Corporate Edition Configuration File Disclosure Vulnerability Problem first discovered: Wed, 29 Aug 2001 Published: Tue, 16 Oct 2001...
ecurity Advisory: FreeBSD-SA-00:21.ssh [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:21 Security Advisory FreeBSD, Inc. Topic: ssh port listens on extra network port REVISED Category: ports Module: ssh Announced: 2000-06-07 Credits: Jan Koum [email protected]...
Elasticsearch vulnerability CVE-2015-1427
Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been assigne...
Microsoft Windows multiple security vulnerabilities
Memory corruption in graphics library, signature check bypass, use-after-free in scripting, multiple privilege escalations...
Multiple vulnerabilities in PHPShop CMS Free
Vulnerability ID: HTB23058 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinphpshopcmsfree.html Product: PHPShop CMS Free Vendor: PHPShop Software http://www.phpshopcms.ru/ Vulnerable Version: 3.4 and probably prior Tested Version: 3.4 Vendor Notification: 23 November 2011...
NTSOFT BBS E-Market Professional = XSS / Remote Execution Code
+================================================================================================+ + NTSOFT BBS E-Market Professional & XSS and Remote Execution Evil code + +================================================================================================+ Authors: Ivan Sanchez...
[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Update 2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Update 2 Severity: Important Vendor: Multiple was The Apache Software Foundation Versions Affected: Various Description new information: This vulnerability was originally reported to...
Fantastic Guestbook v2.0.1 Advisory
.:. Fantastic Guestbook v2.0.1 Advisory .:. Date of written Advisory: ------------------------- July, 11 2006 Product: -------- Fantastic Guestbook v2.0.1 Vendor: ------- http://fscripts.com/ Description: ------------ Fantastic GuestBook version 2.0.1 is simple GuestBook; where remote user withou...
SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)
DownBload Security Research Lab Advisory ------------------------------------------------------------------------- Advisory name: SSI & CSS execution in E-Guest 1.1 & ZAP Book v1.0.3 Advisory number: 6 Application: E-Guest 1.1 & ZAP Book v1.0.3 CGI scripts --- E-Guest Author: Leung Eric E-mail:...
[ MDVSA-2014:014 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:014 http://www.mandriva.com/en/support/security/ Package : php Date : January 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: Th...
[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 1 HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should b...
Microsoft VISTA TCP/IP stack buffer overflow
phion Security Advisory 21/10/2008 Microsoft VISTA TCP/IP stack buffer overflow Summary ----------------------------- Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory...
Shbablek Mail Vulnerablitiy - Cross-Site Scripting
Shbablek Mail Vulnerablitiy - Cross-Site Scripting by n0m3rcy Copyright c 2006 n0m3rcy [email protected] Exploit: i in the Already have an account? ia Account name: scriptalert1/script ib Password: scriptalert1/script Shoutz: cijfer , dag , devil-00 , q-ex and all my friends have phun!...
Full path disclosure and sql injection on CubeCart 2.0.1
-------------------------------------------------------- Full path disclosure and sql injection on CubeCart 2.0.1 -------------------------------------------------------- 1Introduction 2The Problem 3The Solution 4Timeline 5Feddback 1Introduction "CubeCart is an eCommerce script written with PHP &...
Microsoft Security Bulletin MS10-042 - Critical Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
Microsoft Security Bulletin MS10-042 - Critical Vulnerability in Help and Support Center Could Allow Remote Code Execution 2229593 Published: July 13, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Windows Help and...
[ECHO_ADV_99$2008] Relative Real Estate Systems <= 3.0 (listing_id) Sql Injection Vulnerability
ECHOADV99$2008 ----------------------------------------------------------------------------------------- ECHOADV99$2008 Relative Real Estate Systems = 3.0 listingid Sql Injection Vulnerability ----------------------------------------------------------------------------------------- Author :...
iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability
iDefense Security Advisory 01.22.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 22, 2008 I. BACKGROUND IBM Corp.'s Tivoli Provisioning Manager for OS Deployment is a network boot server that facilitates central management of networked workstations. It implements Preboot Execution...
Steganos Encrypted Safe NOT so safe
Sometimes greed can be the downfall of the greatest people and nations but in this case it's software. Steganos Encrypted File safe for Windows is one of the most commonly used file security systems in the world. They boast how excellent their encryption and how uncrackable they are. This is...
Xbox 360 Hypervisor Privilege Escalation Vulnerability
Security Advisory Xbox 360 Hypervisor Privilege Escalation Vulnerability Release Date: February 28, 2007 Author: Anonymous Hacker [email protected] Timeline: Oct 31, 2006 - release of 4532 kernel, which is the first version containing the bug Nov 16, 2006 - proof of concept completed; unsigned...
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 OS X El Capitan 10.11 is now available and addresses the following: Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issu...
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Drupal - pre-auth SQL Injection Vulnerability Release Date: 2014/10/15 Last Modified: 2014/10/15 Author: Stefan Horst stefan.horstatsektioneins.de Application: Drupal = 7.0 = 7.31 Severity: Full SQL injection, which results in...
[ MDVSA-2013:221 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:221 http://www.mandriva.com/en/support/security/ Package : php Date : August 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and correct...
ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-032 February 22, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people...
B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability B-Keen communication dettaglionews.php&id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.b-keen.it/ Persian Gulf 4 Ever! Dork : "Powered by B-Keen communication"...
Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities CVE: CVE-2009-3960 Adobe PSIRT: APSB10-05 -...
readfile() Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4
SecurityRisk : DEN Remote Exploit : No Local Exploit : Yes Exploit Given : Yes Credit : The-WolF-kSA Date : 24.3.2007 Affected Software : PHP 5.2.1/ 5.1.6 / 4.4.4 readfile Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 Author: ThE-WoLf-KsA Date: - -Written: 24.3.2007 - --- 0.Description --- - --- 1...
RealVNC DoS
DoS on large number of established connections...
[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04463322 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04463322 Version: 1 HPSBMU03112 rev....
Arte Dude (collections.php?id) (property.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Arte Dude collections.php?id property.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.artdudegraphics.com/ Persian Gulf 4 Ever! Dork : "inurl:property.php?id=" "an...
HTB22962: Multiple XSS in YaPiG
Vulnerability ID: HTB22962 Reference: http://www.htbridge.ch/advisory/multiplexssinyapig.html Product: YaPiG Yet Another PHP Image Gallery Vendor: http://yapig.sourceforge.net/ http://yapig.sourceforge.net/ Vulnerable Version: 0.95 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cross...
Arab Portal v2.1 Remote File Disclosure (Win32)
Arab Portal v2.1 Remote File Disclosure Win32 AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : www.arabportal.net DORK : Powered by: Arab Portal...
[badroot security] Community link pro web editor: Remote command Execution
BADROOT SECURITY GROUP Security Advisory 2005-0x05 http://www.badroot.org irc.us.azzurra.org badroot - - - - - - - - - - - - - - - - - - - - - - - - - Authors ....... spher3 spher3 at fatalimpulse dot net mozako admin at fatalimpulse dot net Date...
[security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02735910 Version: 1 HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service DoS NOTICE:...
Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution 971055 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in implementations of Active...
MegaBBS ASP Forum Cross-Site Scripting
HSC MegaBBS ASP Forum Cross-Site Scripting MegaBBS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of t...