47153 matches found
iDefense Security Advisory 05.14.07: Samba SAMR Change Password Remote Command Injection Vulnerability
Samba SAMR Change Password Remote Command Injection Vulnerability iDefense Security Advisory 05.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ May 14, 2007 I. BACKGROUND Samba is a Unix server application used to implement Windows file sharing and domain controlling functionality...
CollabNet Subversion Edge Password Hash Leak
Vuln Title: The CollabNet Subversion Edge Management frontend user credential hash leak Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Credential leak Risk: Medium Status: public/fixed Fixed...
[ MDVSA-2015:181 ] drupal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:181 http://www.mandriva.com/en/support/security/ Package : drupal Date : March 30, 2015 Affected: Business Server 1.0 Problem Description: Updated drupal packages fix security vulnerabilities: An information...
[RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution
Advisory: nostromo nhttpd directory traversal leading to arbitrary command execution During a penetration test, RedTeam Pentesting discovered a directory traversal vulnerability leading to arbitrary command execution in the nostromo HTTP server. Details ======= Product: nostromo nhttpd Affected...
XSS vulnerability in Spitfire
Vulnerability ID: HTB22485 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire2.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Site...
Adult Script Unauthorized Administrative Access Exploit
Adult Script Unauthorized Administrative Access Exploit Exploit Coded By Liz0ziM From BiyoSecurityTeam Greetz My all friend and BiyoSecurityTeam User.. Software site: http://www.adultscript.net/ Demo: http://www.adultscript.net/demo/ Vulnerable code in admin/administrator.php near lines 5-8...
Aspee Ziyareti Defteri (tr) Sql injection Vuln.
LiderHack.Org Script name : Aspee Ziyaretзi Defteri tr Script Download : http://aspindir.com/goster/4575 Risk : High Found By : ShaFuck31 Thanks : Dekolax , DesquneR , ST@ReXT , SaboTaqe Vulnerable file : giris.asp Manual connect : Go to Admin Panel Login ----- http://victim.com/path to...
[USN-1677-1] Linux kernel vulnerability
========================================================================== Ubuntu Security Notice USN-1677-1 December 20, 2012 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities
Title: ====== DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=507 VL-ID: ===== 507 Introduction: ============= To demonstrate the rich possibilities of DHTMLX controls and to show how they work...
SEO New York (prod.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability SEO New York prod.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.eyesonnet.com/ Persian Gulf 4 Ever! Dork : "Powered by:SEO New York" "inurl:prod.php?id" Exploite...
[security bulletin] HPSBMA02428 SSRT090048 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01745065 Version: 1 HPSBMA02428 SSRT090048 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin shoul...
Safenet Sentinel Protection Server directory traversal
Web interface directory traversal...
Snitz Forums 2000 v3.4.06
ENGLISH Title : Snitz Forums 3.4.06 XSS Vulnerability Author : ajann HomePage : http://forum.snitz.com CODE http://target.com/path/forum.asp?FORUMID=1&ARCHIVE=true&sortfield=lastpost&sortorder="scriptfunction20xssbaslatalert"Xss20Here";/scriptbody20onload="xssbaslat" etc...
Security Bulletin (MS00-056)
Microsoft Security Bulletin MS00-056 - -------------------------------------- Patch Available for "Microsoft Office HTML Object Tag" Vulnerability Originally posted: August 09, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in certain Microsoftr Offic...
[SECURITY] CVE-2014-0230: Apache Tomcat DoS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2014-0230 Denial of Service Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.43 Description: When a response for a reque...
[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev....
Security Bypass Vulnerabilities AXESSTEL
Bboyhacks bboyhacksatgmail.com AXESS.TEL CDMA 1xEV-DO FIXED WIRELESS MODEN AXW-D800 S/W Version:D2ETH10901VEBR Jun-14-2006 Default LAN IP: 192.168.0.1 http thttpd 2.25b Security Bypass Vulnerabilities basic setup http://192.168.0.1/etc/config/System.html Network...
Carbon Communities forum Multiple Vulnerabilities.
www.BugReport.ir AmnPardaz Security Research Team Title: Multiple Vulnerabilities in Carbon Communities forum. Vendor: www.carboncommunities.com Vulnerable Version: 2.4 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/35 1. Description:...
Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability
----------------------------------------------------------------------- Aktueldownload Haber scripti id Remote SQL Injection Vulnerability ----------------------------------------------------------------------- Bulan: xoron xoron.info - xoron.biz...
[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials
ERPSCAN Research Advisory ERPSCAN-15-015 SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date ...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
VaM Shop v1.69 - Multiple Web Vulnerabilities
Title: ====== VaM Shop v1.69 - Multiple Web Vulnerabilities Date: ===== 2012-10-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=730 VL-ID: ===== 730 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= Vendor...
VamCart v0.9 CMS - Multiple Web Vulnerabilities
Title: ====== VamCart v0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=622 VL-ID: ===== 622 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= VamCart is a...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Phpclanwebsite: multiple directory traversals, multiple SQL injections, multiple crossite scriptings,...
XSS and Data Manipulation attacks found in CMS PHPCart.
. . | / | | | / / | |/ // / / / |/ / // | / | | / / / // / |/| || /| / / / / / / / / | | / / / | // est.2007 / / forum.darkc0de.com -d3hydr8 - sinner01 - baltazar - P47r1ck - C1c4Tr1Z - beenu -rsauron - letsgorun - K1u - DON - OutLawz - MAGE -JeTFyrE -r45c4l -Bond Author: h4x0r Home :...
SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS
SEC Consult Security Advisory 20070722-0 ======================================================================= title: Remote command execution in Joomla! CMS program: Joomla! vulnerable version: 1.5 beta 2 Earlier 1.5 versions may be vulnerable too! impact: critical homepage:...
Alert: IIS ism.dll exposes file contents
Cerberus Information Security Advisory CISADV000327 http://www.cerberus-infosec.co.uk/advisories.html Released : 27th March 2000 Name : IIS ISM.DLL buffer truncation exposes files Affected Systems : Windows NT running IIS Issue : Remote attackers can gain access to files' contents they should not...
SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Cross Site Flashing Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908647 0 Abstract: -------------...
Synology DSM multiple vulnerabilities
Title: Synology DSM multiple vulnerabilities Version affected: = 4.3-3776 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Synology DiskStation Manager DSM it's a Linux based operating system, use...
APPLE-SA-2012-09-19-3 Safari 6.0.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-3 Safari 6.0.1 Safari 6.0.1 is now available and addresses the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1 Impact: Opening a maliciously crafted downloaded HTML...
Ganesha Digital Library 4.0 Multiple Vulnerabilities
===================================================== Ganesha Digital Library 4.0 Multiple Vulnerabilities ===================================================== :---------------------------------------------------------------------------------------------------------------------------------------...
Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability
Advanced Electron Forums AEF 1.0.9 = Cross Site Request Forgery CSRF Vulnerability 1. OVERVIEW The Advanced Electron Forums AEF 1.0.9 = versions are vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND AEF has a very simple and easy to use Administration Panel and installing this software...
Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability
Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: SQL Injection Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 20 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta e-mail:...
OpenSSH privilege escalation
Local user can hijack X-session of different user because of invalid DISPLAY variable initialization...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Hijacking Bluetooth Headsets for Fun and Profit?
Hijacking Bluetooth Headsets for Fun and Profit? kfatdigitalmunitiondotcom http://www.digitalmunition.com/HijackHeadSet.txt A few years ago when I worked for SNOSoft my business partner 'Simon' was one of those guys who rocked out a Bluetooth Headset just about every time I talked to him on his...
e107 website system Vulnerability
Informations : Advisory Name: e107 website system Vulnerability Author: hiruvim [email protected] Discover by: hiruvim [email protected] Website vendor : http://e107.org Affected Systems: All versions Severity: High Platforms: Windows and Unix Issue: Security holes enable attackers to get MySQL...
Security Advisory: FreeBSD-SA-00:42.linux
============================================================================= FreeBSD-SA-00:42 Security Advisory FreeBSD, Inc. Topic: Linux binary compatability mode can cause system compromise Category: core Module: kernel Announced: 2000-08-28 Credits: Boris Nikolaus [email protected]...
Any LAN user can crash Sygate
This is just a nuisance to some, as I do not know of many corporate networks that rely on a product such as Sygate. In fact I hope no corporate network relies on Sybergen software considering the way they treat security issues. They were contacted about this hole a while ago. They pretty much did...
Multiple vulnerabilities in Sharetronix
Advisory ID: HTB23214 Product: Sharetronix Vendor: Blogtronix, LLC Vulnerable Versions: 3.3 and probably prior Tested Version: 3.3 Advisory Publication: May 7, 2014 without technical details Vendor Notification: May 7, 2014 Vendor Patch: May 27, 2014 Public Disclosure: May 28, 2014 Vulnerability...
[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03315912 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03315912 Version: 1 HPSBMU02776...
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (by ERPScan)
DSECRG-11-033 SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability XSS vulnerability found in pubDBLogon.jsp page of SAP Crystal Report Server 2008. Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked...
Microsoft fixed SMB NTLM relay attacks
Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness...
Moodle 1.9.3 Remote Code Execution
Moodle 1.9.3 Remote Code Execution Name Remote Code Execution in Moodle Systems Affected Moodle 1.9.3 and possibly earlier versions Severity High Impact CVSSv2 High 7.3/10, vector: AV:N/AC:L/Au:M/C:P/I:P/A:C Vendor http://moodle.org/ Advisory http://www.ush.it/team/ush/hack-moodle193/moodle193.tx...
Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6
Address Bar Spoofing Attacks against Microsoft Internet Explorer 6 Amit Klein, Trusteer Summary ======= IE6 is the second most popular web browser after IE7, with market share of around 25 according to recent surveys e.g. http://marketshare.hitslink.com/report.aspx?qprid=2. This write-up presents...
FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability
! /usr/bin/perl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- FOSS Gallery Admin Version = 1.0 / Remote Arbitrary Upload Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Program: FOSS Gallery Admin Version Version: = 1.0 File...
[scip_Advisory 3809] Pro2col StingRay FTS login username cross site scripting
Pro2col StingRay FTS login username cross site scripting scip AG Vulnerability ID 3809 09/12/2008 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809 I. INTRODUCTION StingRay FTS is a file transfer server for Internet communications. Customers are able to transfer files or to send emails via the...
[Full-disclosure] [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-2450: Apache Tomcat XSS vulnerabilities in Manager Severity: low cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.24 Tomcat...
[Full-disclosure] Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account
n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.001 8-Feb-2007 Vendor: Aruba Networks, http://www.arubanetworks.com Affected Products: Aruba Mobility Controllers 200, 600, 2400, 6000 Alcatel-Lucent OmniAccess Wireless 43xx and 6000 Vulnerability: Unauthorized Administrative a...
Multiples vulnerability in ZeroBoard,
".,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,- '^'-,.." ".,-- ,. -.,--,." ".,--,. ALBANIA SECURITY CLAN -.,--,." ".,-- ,. -.,--,." ".,-- ,. ...::www.albanianhaxorz.org::... -.,--,." ".,--,.- -.,--,." ".,--,.- PROUD TO BE ALBANIAN -.,--,." ".,-- ,. -.,--,." ".,--,. Long Live Ethnic Albania...