47153 matches found
Aryanic HighCMS and HighPortal multiple Vulnerabilities
================= IUT-CERT ================= Title: Aryanic HighPortal, HighCMS Multiple Vulnerabilities Vendor: www.aryanic.com Vulnerable Version: 10 and priors Type: Input.Validation.Vulnerability URI Injection, Frame Injection, XSS Fix: N/A ================== nsec.ir =================...
PHP APC vulnerable to local attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this a...
iDefense Security Advisory 11.03.08: Multiple Vendor CUPS SGI imagetops Heap Overflow Vulnerability
iDefense Security Advisory 10.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 09, 2008 I. BACKGROUND The Common UNIX Printing System, more commonly referred to as CUPS, provides a standard printer interface for various Unix based operating systems. "imagetops" is a part of CUPS...
iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow
iDefense Security Advisory 10.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 09, 2008 I. BACKGROUND Sun Microsystems Inc's Java System is a collection of server applications bundled together. One such server application included is the Web Proxy Server. This software implements...
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Buffer Overflow Vulnerability
iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...
[SA23643] FirePass Cross-Site Scripting Vulnerabilities
TITLE: FirePass Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA23643 VERIFY ADVISORY: http://secunia.com/advisories/23643/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote OPERATING SYSTEM: FirePass 6.x http://secunia.com/product/13146/ FirePass 5.x...
ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability
ScozNews Final-Php =1.1 Remote File Inclusion Vulnerability ------------------------------------------ Discoverd By: XORON ------------------------------------------ cont@ct: x0r0nathotmaildotcom ------------------------------------------ script site: www.scoznet.com...
CVE-2014-8487: Kony EMM insecurity Direct Object Reference
------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...
CVE-2013-6955 Synology DSM remote code execution
Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4286 Incomplete fix for CVE-2005-2090 Information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 - - Apache Tomcat 7.0.0 to 7.0.42 - - Apache Tomcat 6.0.0 to 6.0.37...
Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability
============================================= - Original release date: 15 September, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio pinn gmail ============================================= VULNERABILITY ---------------------- Moodle CMS version 2.5.0...
[waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1
waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html Description of vulnerable software...
Javamail login username and password same email problem
Javamail login username and password same email problem By Thet Aung Min Latt Yangon Myanmar 16 November 2007 1. First logon to examplemail.com http://examplemail.com/login.jsp And login with [email protected] in username and password box. User name: [email protected]...
infinicart [ multiples injection sql & xss (post) ]
vendor site: http://www.ecommercemax.com/ product : infinicart bug: multiples injection sql & xss language : asp risk : high injection sql get: /infinicart-demo/browsegroup.asp?groupid=sql /infinicart-demo/addedtocart.asp?productid=sql /infinicart-demo/browsesubcat.asp?catid=sql...
Netauth: Web Based Email Management System
This is just a quick note of a simple hole in the Netauth system. What is Netauth? Netauth is a web based eMail management system for Windows NT and most Unix platforms. What is the hole? The nethauth.cgi file http://server/cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../.. /etc/passwd...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple buffer overflows, memory corruptions, information disclosures, restriction bypass...
TA14-013A: NTP Amplification Attacks Using CVE-2013-5211
NCCIC / US-CERT National Cyber Awareness System: TA14-013A: NTP Amplification Attacks Using CVE-2013-5211 01/13/2014 05:51 PM EST Original release date: January 13, 2014 | Last revised: January 14, 2014 Systems Affected NTP servers Overview A Network Time Protocol NTP Amplification attack is an...
Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access
Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500 using lighttpd 1.4.28 and Utopia on Linux 2.6.22 Firmware Version: 1.0.14 EA2700 Firmware Version: 1.0.30 EA3500 Firmware Version: 2.0.36 E4200 Firmware Version: 2.0.36 EA4500 Impact: - Major Timeline: - Still awaiting word back from...
MitM-vulnerability in Palo Alto Networks GlobalProtect
--------------------------------------------------------------------- SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect --------------------------------------------------------------------- Problem discovered: July 12th 2012 Vendor contacted: July 13th 2012 Advisory published:...
ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-146 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novell - -...
freeciv unauthorized access
It's possible to access files and execute commands via scenario...
Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )
============================== Muitiple XSS - Glassfish Web Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 14 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...
Coppermine <=1.4.16 [Content-type] SQL-injection Exploit
Coppermine =1.4.16 Content-type SQL-injection Exploit 1 Дата: Найдена: April 9, 2008 Пропатчена: April 11, 2008 http://forum.coppermine-gallery.net/index.php/topic,51787.0.html 2 Продукт: Coppermine Photo Gallery =1.4.16 3 Уязвимость: SQL-injection в Content-type при загрузке удаленных файлов...
Netjuke 1.0-rc2 - sql injection & XSS
The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all the MP3, Ogg Vorbis and other format files that constitute your digital music collection. Supports images, language packs, multi-level security, random playlists, etc http://sourceforge.net/projects/netjuke...
[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability
Title: Kil13r-SA-20060622-1 NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/21 - Discovery 2006/06/21 - Vendor notification 2006/06/22 - Release Affected version: NetSoft SmartNet 2.0 Not affected version:...
Multiple Vulnerabilities in Draytek Vigor 2130
VIGOR 2130 firmware 1.5.4.9 1.1. Command injection in traceroute functionality A user can execute arbitrary commands RCE on the router by abusing the traceroute functionality. The interface expects an IP address as input, but does not validate the input. Just provide the input: ; id The above...
ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability
ESA-2014-005.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-005: EMC Documentum Foundation Services DFS Content Access Vulnerability EMC Identifier: ESA-2014-005 CVE Identifier: CVE-2014-0622 Severity Rating: CVSS v2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC DF...
[security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04255796 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04255796 Version: 1 HPSBMU03012 rev....
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following: Apache Available for: Mac OS X...
OSI Security: CheckPoint Firewall VPN - Information Disclosure
CheckPoint Firewall VPN1 - Information Disclosure Vulnerability http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure Note: this is essentially a feature, but thought it may be useful for pen testers when deciding which system to attack. Release...
Multiple vulnerabilities in Pretty Link WordPress Plugin
Vulnerability ID: HTB23049 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinprettylinkwordpressplugin.html Product: Pretty Link WordPress Plugin Vendor: Caseproof http://blairwilliams.com/ Vulnerable Version: 1.4.56 and probably prior Tested Version: 1.4.56 Vendor Notification...
CWM (dettaglio-prodotto.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability CWM dettaglio-prodotto.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.cynaskyweb.it/ Persian Gulf 4 Ever! Dork : "Powered by CWM" "inurl:dettaglio-prodotto.asp?id...
[advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
Vulnerability; httpd Timeout detection flaw modproxyhttp CVE-2010-2068 Classification; important Description; A timeout detection flaw in the httpd modproxyhttp module causes proxied response to be sent as the response to a different request, and potentially served to a different client, from the...
Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)
Title: Crypto backdoor in Qnap storage devices Date: 18 September 2009 URL: http://www.baseline-security.de/downloads/BSC-QnapCryptoBackdoor-CVE-2009-3200.txt Vendor: QNAP Systems Products verified: TS-239 Pro, TS-639 Pro Products unverified: SS-439 Pro, TS-439 Pro, TS-439U-SP/RP, TS-509 Pro,...
Mozilla Foundation Security Advisory 2009-42
Mozilla Foundation Security Advisory 2009-42 Title: Compromise of SSL-protected communication Impact: Critical Announced: August 1, 2009 Reporter: Dan Kaminsky Products: Firefox, Thunderbird, SeaMonkey, NSS Fixed in: Firefox 3.5 NSS 3.12.3 Description IOActive security researcher Dan Kaminsky...
[waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0
waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.html Description of vulnerable softwar...
Comersus Shopping Cart <= v6 Remote User Pass Exploit
Title : Comersus Shopping Cart = v6 Remote User Pass Exploit Author : "ajann" from Turkey Contact : : S.Page : http://www.comersus.com/ $$ : Free Dork : Powered by Comersus v6 Shopping Cart DorkEx : http://www.google.com.tr/search?hl=tr&q=Powered+by+Comersus+v6+Shopping+Cart&btnG=Ara&meta=...
[Full-disclosure] Cross Site Cooking
Why, yes, I came up with the name, and had to find some bugs to be able to post this. Summary ------- There are three fairly interesting flaws in how HTTP cookies were designed and later implemented in various browsers; these shortcomings make it possible and alarmingly easy for malicious sites t...
AutoLinks Pro 2.1
NewAngels Advisory 1 AutoLinks Pro 2.1 - Remote File Include Vulnerability ============================================================================= Software: AutoLinks Pro Version: 2.1 Type: Remote PHP File Include Vulnerability Risc: High Date: 16.08.05 Vendor: ScriptsCenter Page:...
OpenSSH resreictions bypass
It's possible to bypass MaxAuthTries restrictions...
[security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04264271 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04264271 Version: 1 HPSBMU03023 rev....
Code Execution vulnerability in Contact Form 7 for WordPress
Hello 3APA3A! I want to inform you about vulnerability in Contact Form 7 plugin for WordPress. This is Code Execution via Arbitrary File Uploading vulnerability. ------------------------- Affected products: ------------------------- Vulnerable are Contact Form 7 3.5.2 and previous versions. After...
Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows
Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows ActiveX settings: Binary path: C:Program Files x86BorlandCaliberRMemsmtp.dll Version: 5.0.0.11 ProgID: EasyMail.SMTP.5 CLSID: 4610E7BF-710F-11D3-813D-00C04F6B92D0 Safe for Scripting: True Safe for Initialization: True...
Authentication bypass on Netgear WNR1000
Authentication bypass on Netgear WNR1000 ======================================== ADVISORY INFORMATION Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari [email protected], twitter: @rpaleari VULNERABILITY INFORMATION...
NetCat CMS v5.0.1 - Multiple Web Vulnerabilities
Title: ====== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=738 VL-ID: ===== 738 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============= Vendor...
SMF Board v2.0.2 - Multiple Web Vulnerabilities
Title: ====== SMF Board v2.0.2 - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=596 VL-ID: ===== 624 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: ============= Simple...
RedTeam Pentesting GmbH
Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes The Owl Intranet Engine uses no salting in the password hashing procedure. Furthermore, users in the "Administrators" group are able to see the MD5 password hashes of every user using the web interface. Details...
www.eVuln.com : HTTP Response Splitting in WWWThreads (php version)
www.eVuln.com advisory: HTTP Response Splitting in WWWThreads php version Summary: http://evuln.com/vulns/156/summary.html Details: http://evuln.com/vulns/156/description.html -----------Summary----------- eVuln ID: EV0156 Software: n/a Vendor: WWWThreads Version: 2006.11.25 Critical Level: low...
Microsoft Security Bulletin MS10-040 - Important Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Microsoft Security Bulletin MS10-040 - Important Vulnerability in Internet Information Services Could Allow Remote Code Execution 982666 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Internet...
Microsoft Windows DNS server and DNS client DNS reply spoofing
Weak pseudo-random generator is used to generate DNS request ID...