47153 matches found
Security Advisory: FreeBSD-SA-00:19.semconfig
============================================================================= FreeBSD-SA-00:19 Security Advisory FreeBSD, Inc. Topic: local users can prevent all processes from exiting Category: core Module: kernel Announced: 2000-05-26 Credits: Peter Wemm [email protected] Affects: 386BSD-derive...
CollabNet Subversion Edge Password Hash Leak
Vuln Title: The CollabNet Subversion Edge Management frontend user credential hash leak Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Credential leak Risk: Medium Status: public/fixed Fixed...
[ MDVSA-2015:181 ] drupal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:181 http://www.mandriva.com/en/support/security/ Package : drupal Date : March 30, 2015 Affected: Business Server 1.0 Problem Description: Updated drupal packages fix security vulnerabilities: An information...
[USN-2299-1] Apache HTTP Server vulnerabilities
========================================================================== Ubuntu Security Notice USN-2299-1 July 23, 2014 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[security bulletin] HPSBMU02785 SSRT100526 rev.2 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03216705 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03216705 Version: 2 HPSBMU02785...
[RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution
Advisory: nostromo nhttpd directory traversal leading to arbitrary command execution During a penetration test, RedTeam Pentesting discovered a directory traversal vulnerability leading to arbitrary command execution in the nostromo HTTP server. Details ======= Product: nostromo nhttpd Affected...
Microsoft Security Bulletin MS08-001 – Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
Microsoft Security Bulletin MS08-001 – Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution 941644 Published: January 8, 2008 Version: 1.0 General Information Executive Summary This critical security update resolves two privately reported vulnerabilities in Transmission...
Adult Script Unauthorized Administrative Access Exploit
Adult Script Unauthorized Administrative Access Exploit Exploit Coded By Liz0ziM From BiyoSecurityTeam Greetz My all friend and BiyoSecurityTeam User.. Software site: http://www.adultscript.net/ Demo: http://www.adultscript.net/demo/ Vulnerable code in admin/administrator.php near lines 5-8...
iDefense Security Advisory 05.14.07: Samba SAMR Change Password Remote Command Injection Vulnerability
Samba SAMR Change Password Remote Command Injection Vulnerability iDefense Security Advisory 05.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ May 14, 2007 I. BACKGROUND Samba is a Unix server application used to implement Windows file sharing and domain controlling functionality...
[USN-1677-1] Linux kernel vulnerability
========================================================================== Ubuntu Security Notice USN-1677-1 December 20, 2012 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities
Title: ====== DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=507 VL-ID: ===== 507 Introduction: ============= To demonstrate the rich possibilities of DHTMLX controls and to show how they work...
XSS vulnerability in Spitfire
Vulnerability ID: HTB22485 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire2.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Site...
[security bulletin] HPSBMA02428 SSRT090048 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01745065 Version: 1 HPSBMA02428 SSRT090048 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin shoul...
Safenet Sentinel Protection Server directory traversal
Web interface directory traversal...
Snitz Forums 2000 v3.4.06
ENGLISH Title : Snitz Forums 3.4.06 XSS Vulnerability Author : ajann HomePage : http://forum.snitz.com CODE http://target.com/path/forum.asp?FORUMID=1&ARCHIVE=true&sortfield=lastpost&sortorder="scriptfunction20xssbaslatalert"Xss20Here";/scriptbody20onload="xssbaslat" etc...
Security Bulletin (MS00-056)
Microsoft Security Bulletin MS00-056 - -------------------------------------- Patch Available for "Microsoft Office HTML Object Tag" Vulnerability Originally posted: August 09, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in certain Microsoftr Offic...
[SECURITY] CVE-2014-0230: Apache Tomcat DoS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2014-0230 Denial of Service Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.43 Description: When a response for a reque...
[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev....
VamCart v0.9 CMS - Multiple Web Vulnerabilities
Title: ====== VamCart v0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=622 VL-ID: ===== 622 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= VamCart is a...
SEO New York (prod.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability SEO New York prod.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.eyesonnet.com/ Persian Gulf 4 Ever! Dork : "Powered by:SEO New York" "inurl:prod.php?id" Exploite...
Oracle multiple security vulnerabilities
Quarterly update fixes nearly 50 different security vulnerabilities...
Carbon Communities forum Multiple Vulnerabilities.
www.BugReport.ir AmnPardaz Security Research Team Title: Multiple Vulnerabilities in Carbon Communities forum. Vendor: www.carboncommunities.com Vulnerable Version: 2.4 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/35 1. Description:...
Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability
----------------------------------------------------------------------- Aktueldownload Haber scripti id Remote SQL Injection Vulnerability ----------------------------------------------------------------------- Bulan: xoron xoron.info - xoron.biz...
VaM Shop v1.69 - Multiple Web Vulnerabilities
Title: ====== VaM Shop v1.69 - Multiple Web Vulnerabilities Date: ===== 2012-10-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=730 VL-ID: ===== 730 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= Vendor...
APPLE-SA-2012-09-19-3 Safari 6.0.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-3 Safari 6.0.1 Safari 6.0.1 is now available and addresses the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1 Impact: Opening a maliciously crafted downloaded HTML...
Ganesha Digital Library 4.0 Multiple Vulnerabilities
===================================================== Ganesha Digital Library 4.0 Multiple Vulnerabilities ===================================================== :---------------------------------------------------------------------------------------------------------------------------------------...
Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
Quarterly security update closes nearly 70 different vulnerabilities in all applications...
XSS and Data Manipulation attacks found in CMS PHPCart.
. . | / | | | / / | |/ // / / / |/ / // | / | | / / / // / |/| || /| / / / / / / / / | | / / / | // est.2007 / / forum.darkc0de.com -d3hydr8 - sinner01 - baltazar - P47r1ck - C1c4Tr1Z - beenu -rsauron - letsgorun - K1u - DON - OutLawz - MAGE -JeTFyrE -r45c4l -Bond Author: h4x0r Home :...
Security Bypass Vulnerabilities AXESSTEL
Bboyhacks bboyhacksatgmail.com AXESS.TEL CDMA 1xEV-DO FIXED WIRELESS MODEN AXW-D800 S/W Version:D2ETH10901VEBR Jun-14-2006 Default LAN IP: 192.168.0.1 http thttpd 2.25b Security Bypass Vulnerabilities basic setup http://192.168.0.1/etc/config/System.html Network...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Alert: IIS ism.dll exposes file contents
Cerberus Information Security Advisory CISADV000327 http://www.cerberus-infosec.co.uk/advisories.html Released : 27th March 2000 Name : IIS ISM.DLL buffer truncation exposes files Affected Systems : Windows NT running IIS Issue : Remote attackers can gain access to files' contents they should not...
[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials
ERPSCAN Research Advisory ERPSCAN-15-015 SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date ...
SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Cross Site Flashing Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908647 0 Abstract: -------------...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability
Advanced Electron Forums AEF 1.0.9 = Cross Site Request Forgery CSRF Vulnerability 1. OVERVIEW The Advanced Electron Forums AEF 1.0.9 = versions are vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND AEF has a very simple and easy to use Administration Panel and installing this software...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Phpclanwebsite: multiple directory traversals, multiple SQL injections, multiple crossite scriptings,...
[scip_Advisory 3809] Pro2col StingRay FTS login username cross site scripting
Pro2col StingRay FTS login username cross site scripting scip AG Vulnerability ID 3809 09/12/2008 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809 I. INTRODUCTION StingRay FTS is a file transfer server for Internet communications. Customers are able to transfer files or to send emails via the...
SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS
SEC Consult Security Advisory 20070722-0 ======================================================================= title: Remote command execution in Joomla! CMS program: Joomla! vulnerable version: 1.5 beta 2 Earlier 1.5 versions may be vulnerable too! impact: critical homepage:...
Hijacking Bluetooth Headsets for Fun and Profit?
Hijacking Bluetooth Headsets for Fun and Profit? kfatdigitalmunitiondotcom http://www.digitalmunition.com/HijackHeadSet.txt A few years ago when I worked for SNOSoft my business partner 'Simon' was one of those guys who rocked out a Bluetooth Headset just about every time I talked to him on his...
Security Advisory: FreeBSD-SA-00:42.linux
============================================================================= FreeBSD-SA-00:42 Security Advisory FreeBSD, Inc. Topic: Linux binary compatability mode can cause system compromise Category: core Module: kernel Announced: 2000-08-28 Credits: Boris Nikolaus [email protected]...
EMC Documentum multiple security vulnerabilities
Code injection, privilege escalation...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Synology DSM multiple vulnerabilities
Title: Synology DSM multiple vulnerabilities Version affected: = 4.3-3776 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Synology DiskStation Manager DSM it's a Linux based operating system, use...
[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03315912 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03315912 Version: 1 HPSBMU02776...
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (by ERPScan)
DSECRG-11-033 SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability XSS vulnerability found in pubDBLogon.jsp page of SAP Crystal Report Server 2008. Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked...
Microsoft fixed SMB NTLM relay attacks
Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness...
Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability
Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: SQL Injection Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 20 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta e-mail:...
[Full-disclosure] CVE-2008-5557 - PHP mbstring buffer overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-5557 - PHP mbstring buffer overflow vulnerability CVE Number: CVE-2008-5557 Author: Moriyoshi Koizumi [email protected] Release Date: 2008-12-21 Type: heap buffer overflow Affected Versions: 4.3.0 and later versions including PHP 5 Not Affected: a...
Moodle 1.9.3 Remote Code Execution
Moodle 1.9.3 Remote Code Execution Name Remote Code Execution in Moodle Systems Affected Moodle 1.9.3 and possibly earlier versions Severity High Impact CVSSv2 High 7.3/10, vector: AV:N/AC:L/Au:M/C:P/I:P/A:C Vendor http://moodle.org/ Advisory http://www.ush.it/team/ush/hack-moodle193/moodle193.tx...
OpenSSH privilege escalation
Local user can hijack X-session of different user because of invalid DISPLAY variable initialization...