47153 matches found
HttpFileServer 2.3.x Remote Command Execution
Affected software: http://sourceforge.net/projects/hfs/ Version : 2.3x Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link:...
SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server
SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Information leakage, multiple memory corruptions, crossite scripting, etc...
Microsoft Windows WinHTTP servive multiple security vulnerabilities
Integer overflow, certificate spoofing, NTLM relaying...
WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability
WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / / / / / / / // / GIVE ME A CARROT OR I WILL O O/ BLOW UP YOUR HOUSE / / ^ / / / // / // /// Vulnerability 1: Advantage: works...
[Full-disclosure] Some 0day Pocs
Mati Aharoni muts .@. offensive-security.com mailto:[email protected] http://www.offensive-security.com My 7 line python fuzzer found several file format bugs in 3 hours. Quite alarming. No deep analysis was done, I leave that to the community. These are some of the results: file789-1.d...
ASPTicker 1.0 (admin.asp) Remote Login ByPass SQL Injection Vulnerability
Title : ASPTicker 1.0 admin.asp Remote Login ByPass SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.aspapps.com $$ : $ 17.00 SQL--------------------------------------------------------- http://target/path//admin.aspByPass Example: //Password 'union select 0,0,0 from...
[waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]
================================================================================ waraxe-2004-SA031 ================================================================================ Multiple vulnerabilities in e107 version 0.615...
Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities
Document Title: =============== Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 37 - Filter Bypass & Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1103 Barracuda Networks Security ID BNSEC: BNSEC-1263...
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability
ESA-2013-094.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability EMC Identifier: ESA-2013-094 CVE Identifier: CVE-2012-0874 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: • A...
Insecure CHIASMUS encryption in GSTOOL
== Insecure CHIASMUS encryption in GSTOOL == GSTOOL versions 3.0 to 4.7 inclusive contain an insecure encryption feature using the non-public CHIASMUS block cipher. Due to the use of an insecure PRNG for key generation, files encrypted using the encryption feature of this tool can be decrypted...
[security bulletin] HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 3 HPSBMU02900 rev....
BF and IA vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about Brute Force and Insufficient Authentication vulnerabilities in IBM Lotus Domino. These are vulnerabilities in Domino, which I've found at 03.05.2012 together with other holes. Last year I've announced multiple vulnerabilities in IBM software and after IBM...
FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities
Title: ====== FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: ===== 2012-12-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 2.1 Introduction: =============...
[security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02512995 Version: 1 HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS, HTTP Response Splitting, and Other Vulnerabilities...
Backdoor in com_rsgallery2 gallery extension for joomla
Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...
[ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:050 http://www.mandriva.com/security/ Package : cups Date : February 26, 2008 Affected: Corporate 3.0 Problem Description: Dave Camp at Critical Path Software discovered a buffer overflow in CUPS 1.1.23 and...
iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Race Condition Vulnerabilities
IBM DB2 Universal Database Multiple Race Condition Vulnerabilities iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end...
WoltLab Burning Board 2.3.5(WBB) in XSS
Hi WBB in XSS We aren't able to bite from the Avatar ,But attachment.php With xss code are able to bite. HEX editor With GIF picture Open , JS code are writing. GIF89ajscode Js Code:Hex:...
Remote IIS 5.x and IIS 6.0 Server Name Spoof
Remote IIS 5.x and IIS 6.0 Server Name Spoof It is possible to remotely spoof the "SERVERNAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof...
icecast DoS
NULL pointer dereference on authentication by URL...
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability
Document Title: =============== Barracuda Networks Spam&Virus Firewall v6.0.2 600 & Vx - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=890 Barracuda Networks Security ID BNSEC: BNSEC-1176...
ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-038 February 22, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...
Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress the-welcomizer plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Iran Hack Security Team & Islamic Republic Of Iran Security Team http://IranHack.Org & http://irist.ir/forum/ Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities...
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...
Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Avant-Garde Technologies display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.agtsindia.com/ Persian Gulf 4 Ever! Dork : "Powered by Avant-Garde...
Microsoft Windows Schannel memory corruption
Memory corruption on TLS/SSL certificate parsing, certificate spoofing, connection hijacking...
VUPEN Security - Microsoft Office Word Document Parsing Buffer Overflow Vulnerability
VUPEN Security Research Advisory - VUPEN-SR-2008-06 Advisory URL: http://www.vupen.com/english/advisories/2009/1546 June 9, 2009 I. BACKGROUND ----------------------- Microsoft Office Word, included in the Microsoft Office system, is a powerful authoring program that gives you the ability to crea...
Oracle Application Server Portal 10g Cross Site Scripting Vulnerability
OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. A vulnerability has been identified in Oracle Application Server 10g, This could b...
Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714)
Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer 960714 Published: December 17, 2008 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a...
[Full-disclosure] Cisco VPN Concentrator Groupname Enumeration Vulnerability
Cisco VPN Concentrator Groupname Enumeration Vulnerability 1. Overview: NTA Monitor has discovered a groupname enumeration vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer. The vulnerability affects remote access VPNs with...
[ARL03-A16] Multiple Security Issues in phPay
+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL03-A16 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Multiple Security Issues in...
Information leakage in Quake2
It's possible to retrieve any server variables vaules including $rconpassword by using modified client without $-variables expanding...
Arbitrary File Disclosure and Open Redirect in Bonita BPM
Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...
Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability
============================================= - Original release date: 15 September, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio pinn gmail ============================================= VULNERABILITY ---------------------- Moodle CMS version 2.5.0...
SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2
SIP Witch 0.7.4 w/libosip2-4.0.0 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 DoS by the NULL pointer derefence in libosip2. True, found in the ancient version of sipwitch default in BT5 but the problem lies in the library used by it and may...
Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption.
httpMakeVaryMark header value 'value' http.cc:603 line Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.2.5 It takes combination of a 5x requests and responses in less than 10 seconds to crash the parent: Request -- cut -- !/usr/bin/env...
Cisco IOS SNMP Message Processing Denial Of Service Vulnerability
Cisco IOS SNMP Message Processing Denial Of Service Vulnerability ------------------------------------------------------------------ I. Summary Cisco Internetwork Operating System IOS 15.0 attempts to process SNMP solicited operations on improper ports UDP 161,162, which allows remote attackers t...
Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
Maybe this is related to http://bugs.proftpd.org/showbug.cgi?id=3173 ? That bug only applies to 1.3.1, so 1.3.0 is not affected. 1.3.2 is supposed to fix this bug. Sergio Aguayo ----- Original Message ----- From: [email protected] To: [email protected] Sent: Tuesday, February 10, 2009...
MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow
Summary The Month of PHP Bugs started with one of the possible ways to exploit the 16bit reference counter of PHP 4. It was only exploitable with local access. However because PHP does not protect against these overflows anywhere there are other exploit vectors. With unserialize it is triggerable...
[SA23643] FirePass Cross-Site Scripting Vulnerabilities
TITLE: FirePass Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA23643 VERIFY ADVISORY: http://secunia.com/advisories/23643/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote OPERATING SYSTEM: FirePass 6.x http://secunia.com/product/13146/ FirePass 5.x...
ADP Forum 2.0,* script İnjection
http://biyosecurity.be/bugs/adpforum2.html ADP Forum 2.0, script njection ---------------------------------------------------- site:http://www.linux.it/fedro/ demo:http://www.adp.host.sk/Forum203/ -------------------------------------------------- Post This Code: scriptalert/Liz0ziM//script...
Advisory 12/2005: UseBB Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: UseBB Multiple Vulnerabilities Release Date: 2005/07/28 Last Modified: 2005/07/28 Author: Stefan Esser [email protected] Application: UseBB = 0.5.1 Severity: Multiple S...
Security Advisory: BiTBOARD xss
Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior...
[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007
--------------------------------------------------------------------------- SUMMARY : Windows XP ntdll.dll Buffer Overflow Vulnerability PRODUCT : Windows XP ntdll.dll VERSIONS : 5.1.2600.1106 VENDOR : Microsoft Corporation http://www.microsoft.com/ SEVERITY : Critical. Code Execution, Privilege...
Microsoft Windows multiple security vulnerabilities
Internet Explorer / Edge multiple security vulnerabilities, VBScript / Jscript code execution, Windows Shell code execution, kernel privilege escsalation...
[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-023: HTTP verb tampering issue in SAPJTECHS This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04369484 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04369484 Version: 1 HPSBHF02913 rev....
Cross-Site Scripting (XSS) in Ilch CMS
Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...
[security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Local Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03599086 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03599086 Version: 1 HPSBOV02834...