47153 matches found
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following: Apache Available for: Mac OS X...
SMF Board v2.0.2 - Multiple Web Vulnerabilities
Title: ====== SMF Board v2.0.2 - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=596 VL-ID: ===== 624 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: ============= Simple...
OSI Security: CheckPoint Firewall VPN - Information Disclosure
CheckPoint Firewall VPN1 - Information Disclosure Vulnerability http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure Note: this is essentially a feature, but thought it may be useful for pen testers when deciding which system to attack. Release...
Multiple vulnerabilities in Pretty Link WordPress Plugin
Vulnerability ID: HTB23049 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinprettylinkwordpressplugin.html Product: Pretty Link WordPress Plugin Vendor: Caseproof http://blairwilliams.com/ Vulnerable Version: 1.4.56 and probably prior Tested Version: 1.4.56 Vendor Notification...
Aruba Mobility Controller - multiple advisories: DoS and authentication bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ADVISORY NUMBER 013111 Advisory 1: TITLE Malformed 802.11 Probe Request frame causes Denial of Service condition on an Access Point. SUMMARY A Denial of Service DoS vulnerability was discovered during standard bug reporting procedures. A malformed...
[advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
Vulnerability; httpd Timeout detection flaw modproxyhttp CVE-2010-2068 Classification; important Description; A timeout detection flaw in the httpd modproxyhttp module causes proxied response to be sent as the response to a different request, and potentially served to a different client, from the...
Microsoft Security Bulletin MS10-040 - Important Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Microsoft Security Bulletin MS10-040 - Important Vulnerability in Internet Information Services Could Allow Remote Code Execution 982666 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Internet...
Mozilla Foundation Security Advisory 2009-42
Mozilla Foundation Security Advisory 2009-42 Title: Compromise of SSL-protected communication Impact: Critical Announced: August 1, 2009 Reporter: Dan Kaminsky Products: Firefox, Thunderbird, SeaMonkey, NSS Fixed in: Firefox 3.5 NSS 3.12.3 Description IOActive security researcher Dan Kaminsky...
[Full-disclosure] Cross Site Cooking
Why, yes, I came up with the name, and had to find some bugs to be able to post this. Summary ------- There are three fairly interesting flaws in how HTTP cookies were designed and later implemented in various browsers; these shortcomings make it possible and alarmingly easy for malicious sites t...
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability
----------------------------------------------------------------------------- Mantis Bug Tracker = 1.2.17 ImportXml.php PHP Code Injection Vulnerability ----------------------------------------------------------------------------- - Software Link: http://www.mantisbt.org/ - Affected Versions: All...
ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability
ESA-2014-005.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-005: EMC Documentum Foundation Services DFS Content Access Vulnerability EMC Identifier: ESA-2014-005 CVE Identifier: CVE-2014-0622 Severity Rating: CVSS v2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC DF...
SQL Injection in AdRotate
Advisory ID: HTB23201 Product: AdRotate Vendor: AJdG Solutions Vulnerable Versions: 3.9.4 and probably prior Tested Version: 3.9.4 Advisory Publication: January 30, 2014 without technical details Vendor Notification: January 30, 2014 Vendor Patch: January 31, 2014 Public Disclosure: February 20,...
[security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04264271 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04264271 Version: 1 HPSBMU03023 rev....
Code Execution vulnerability in Contact Form 7 for WordPress
Hello 3APA3A! I want to inform you about vulnerability in Contact Form 7 plugin for WordPress. This is Code Execution via Arbitrary File Uploading vulnerability. ------------------------- Affected products: ------------------------- Vulnerable are Contact Form 7 3.5.2 and previous versions. After...
Exploit for stealing admin's account in Question2Answer
Hello! Here is exploit for stealing admin's account in Question2Answer. This exploit uses Cross-Site Request Forgery vulnerability at http://site/account and Insufficient Anti-automation vulnerabilities at http://site/forgot and http://site/reset, which I've described in the second advisory about...
CWM (dettaglio-prodotto.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability CWM dettaglio-prodotto.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.cynaskyweb.it/ Persian Gulf 4 Ever! Dork : "Powered by CWM" "inurl:dettaglio-prodotto.asp?id...
Aztech ADSL2/2+ 4 Port remote root
http://www.aztech.com cat versions VERSION=3.7.0 BUILD=070426 BOARD=AR7RD FSSTAMP=20070426171252 Example: $ lynx "http://192.168.0.5/cgi-bin/script?system20&20whoami" --source root $ lynx "http://192.168.0.5/cgi-bin/script?system20&20ls /" --source bin dev etc lib proc sbin usr var var.tar $...
AutoLinks Pro 2.1
NewAngels Advisory 1 AutoLinks Pro 2.1 - Remote File Include Vulnerability ============================================================================= Software: AutoLinks Pro Version: 2.1 Type: Remote PHP File Include Vulnerability Risc: High Date: 16.08.05 Vendor: ScriptsCenter Page:...
[Full-Disclosure] XSS in 12Planet Chat Server 2.9
Donato Ferrante Application: 12Planet Chat Server http://www.12planet.com Version: 2.9 Bug: cross site scripting Date: 05-Jul-2004 Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1...
Apple watchOS security vulnerabilities
Information disclosure, memory corruptions, multiple vulnerabilities in different libraries...
OpenSSH resreictions bypass
It's possible to bypass MaxAuthTries restrictions...
Microsoft Windows multiple security vulnerabilities
OLE code execution, Internet Explorer multiple vulnerabilities, Schannel code execution, XML Core Services code execution, TCP/IP privilege escalation, Windows Audio Service privilege escalation, .NET Framework privilege escalation, RDP restrictions bypass, IIS restrictions bypass, IME privilege...
libmagic / file / fileinfo / PHP security vulnerabilities
Vulnerabilities in ELF parsing...
VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability
VUPEN Security Research - Oracle Java Applet Preloader Click-2-Play Warning Bypass Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global standa...
Authentication bypass on Netgear WNR1000
Authentication bypass on Netgear WNR1000 ======================================== ADVISORY INFORMATION Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari [email protected], twitter: @rpaleari VULNERABILITY INFORMATION...
[security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03179046 Version: 1 HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as...
www.eVuln.com : HTTP Response Splitting in WWWThreads (php version)
www.eVuln.com advisory: HTTP Response Splitting in WWWThreads php version Summary: http://evuln.com/vulns/156/summary.html Details: http://evuln.com/vulns/156/description.html -----------Summary----------- eVuln ID: EV0156 Software: n/a Vendor: WWWThreads Version: 2006.11.25 Critical Level: low...
Aria-Security.net: CoolShot E-Lite POS 1.0
Aria-Security Team http://aria-security.net ------------------------------------- CoolShot E-Lite POS 1.0 http://coolshot.net/index.php/works/49-e-lite-pos Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108post1108 Published on November 24 2007 users.userid users.username...
Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities
Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities Author : ajann Contact : : S.Page : http://www.vpasp.com $$ : $49.00 - $350.00 - $495.00 SQL--------------------------------------------------------- http://target/path//shopgiftregsearch.asp?LoginLastname=SQL Example:...
Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit
==================================================================== Pie Cart Pro = HomePath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.doodlebabies.com/...
PhpwCMS 1.2.6 <= Multiple Remote file inclusion vulnerabilities
PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities Discovered by : |/| . .. | || ||| | | Vuln In : include $spawroot.'class/lang.class.php'; Affected Files : include/incext/spaw/dialogs/table.php include/incext/spaw/dialogs/a.php include/incext/spaw/dialogs/colorpicker.php...
SQL Injection in Oracle Forms
SQL Injection in Oracle Forms V1.00 © 2005 by Red-Database-Security GmbH 1/5 Summary: All Oracle Forms applications are vulnerable against SQL Injection by default. Oracle Applications =11.5.9 is not affected due to the default setting value “FORMSxxRESTRICTENTERQUERY = TRUE”. About Oracle Forms:...
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004 OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following: Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain...
Open-Xchange Security Advisory 2013-04-17
Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...
TEMENOS T24 R07.03 Reflected Cross-Site Scripting
TEMENOS T24 R07.03 reflected cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to a reflected cross-site scripting vulnerability because it...
Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Muzedon dettaglio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered By Muzedon.com" "inurl:dettaglio.php?id=" Exploite:...
Web Fusion Nepal (tour.php?category) XSS Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD XSS Vulnerability Web Fusion Nepal tour.php?category AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://webfusion.com.np/ Persian Gulf 4 Ever! Dork : "Powered by: Web Fusion Nepal" "inurl:tour.php?category="...
PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability
PhotoCart 3.9 adminprint.php Remote File Include Vulnerability Script site: http://www.picturespro.com/store/programs/129-photocart.html Dork : inurl :/PhotoCart/ Bug Found By : irvian GreetZ: jipank,kacung,trangkil,ibnusina,cah|gemblunkz,zoid Special greetz: patihack hitamputih nyubicrew bug fou...
UBB.threads Multiple input validation error
Hello,, UBB.threads Multiple input validation error Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on Version 6 6.5.1.1 and other versions maybe affected Remote File including :...
wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities
Westpoint Security Advisory --------------------------- Title: Multiple Browser Cookie Injection Vulnerabilities Risk Rating: Low Software: Multiple Web Browsers Platforms: Unix and Windows Author: Paul Johnston [email protected] assisted by Richard Moore [email protected] Date: 15...
audiofile memory corruption
Crash on audiofiles processing...
Cosmoshop - XSS on Admin-Login Mask
author: l0om page: l0om.org date: 14.02.2015 Cosmoshop is a simple webshop designed for the german market. There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi This page wi...
[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper
Hello, Cross Site Scripting XSS vulnerability exists in videowhisper module for Drupal 7. Vendor Notification: 22, Oct 2014 Vulnerable file: drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php POC:...
[security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04268240 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04268240 Version: 1 HPSBMU03029 rev....
[SECURITY] [DSA 2797-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2797-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 16, 2013 http://www.debian.org/security/faq -...
security advisory: AirDroid 1.0.4 beta
Dear Sir or Madam, we'd like to publish the following advisory. Thanks in advance. TC-SA-2012-02: Several weaknesses in implementation of security features in AirDroid 1.0.4 beta Published: 2012/07/12 Advisory-Version: 1.0 Affected products: AirDroid 1.0.4 beta References: TC-SA-2012-02...
Cross-Site Scripting vulnerabilities in SimpGB
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting persistent XSS уязвимостях в SimpGB. Ранее я уже сообщал о других уязвимостях в SimpGB http://securityvulns.ru/news/CGI/2009.11.19.html. XSS: Это Persistent XSS в трёх функционалах веб приложения. POST запрос на страницах:...
MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->
---------------------------------------------------------------------------------- MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -- ---------------------------------------------------------------------------------- CMS INFORMATION: --WEB: http://www.onlinegrades.org...
MODx CMS Source code disclosure, local file inclusion
WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: quote...
phpBB Module Forum picture and META tags 1.7 File Include Vulnerability
Exploitname: phpBB Module Forum picture and META tags 1.7 File Include Vulnerability Vendor: http://www.rfnnet.nl/downloads/phpbb/MODForumpictureandMETAtags.zip Founder: bd0rk Contact: bd0rkathackermail.com Greetings: str0ke, TheJT, Lu7k, CodeR Vulnerable in MODforumfieldsparse.php:...