47153 matches found
[CVE-2011-3645] Multiple vulnerability in "Omnidocs"
Hi All, I would like to inform about multiple vulnerability in NewGen's Omnidocs application. Exploit Title: Multiple Vulnerability in "Omnidocs" Author: Sohil Garg CVE : CVE-2011-3645 Product Description: OmniDocs is an Enterprise Document Management EDM platform for creating, capturing,...
BSD-based systems (FreeBSD, NetBSD, OpenBSD) index array overflow
Index array overflow in libc gdtoa function used by printf...
CVE-2009-3586: CoreHTTP web server off-by-one buffer overflow vulnerability
census ID: census-2009-0003 URL: http://census-labs.com/news/2009/12/02/corehttp-web-server/ CVE ID: CVE-2009-3586 Affected Products: CoreHTTP web server versions = 0.5.3.1. Class: Improper Input Validation CWE-20, Failure to Constrain Operations within the Bounds of a Memory Buffer CWE-119 Remot...
[USN-612-2] OpenSSH vulnerability
=========================================================== Ubuntu Security Notice USN-612-2 May 13, 2008 openssh vulnerability CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1 =========================================================== A weakness has been discovered in the random number...
phpTournois <= G4 Remote File Upload/Code Execution Exploit
?php / Name: phpTournois = G4 Remote File Upload/Code Execution Exploit Credits: Charles "real" F. charlesfolathotmail.fr Date: 04-06-08 - Remote Code Execution - Remote File Upload When testing if we are admin, phpTournois checks if $grade'a'=='a'. But when we are not loggued in, this var is not...
[Full-disclosure] Utopia News Pro version 1.4.0 XSS Attack Vulnerability
netVigilance Security Advisory 34 Utopia News Pro version 1.4.0 XSS Attack Vulnerability Description: Utopia News Pro is a powerful and scalable news management system for any web site. News Pro, written in PHP and backed by the renowned MySQL database system, Utopia Software's News Pro is an ide...
MiniBB Forum <= 1.5a Remote File Include (news.php)
Title : MiniBB Forum = 1.5a Remote File Include news.php Discovered By AG-Spider ----------------------------------------------------------------------------- Affected software description : Application : MiniBB Forum 1.5a news.phpversion : version 1.5 exploit :Remote File Include...
[Full-Disclosure] Emulex FibreChannel Hub Vulnerable to SNMP DoS Attack
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Emulex FibreChannel Hub Vulnerable to SNMP DoS Attack Number : 20030703-01-I Date : July 25, 2003 Reference : CERT CA-2002-03 Reference : CVE CAN-2002-0013 Reference : SGI BUG 882516 Fixed in : See Workaround SGI provides this...
Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
Hi all : 1 PHP Image View 1.0 http://www.onlinetools.org Problems : - XSS - phpinfo; Exploits : - /phpimageview.php?pw=show - /phpimageview.php?pic=javascript:alertdocument.domain 2 NewsPro 1.01 http://www.aspbin.co.uk Problem : - Admin access Exploit : - Set cookie "logged,true" on the...
Insecure input balidation in YaBB Search.pl
Hi Everybody, Kosak reported this problem to vuln-dev last night. I downloaded the script and did some testing. There is an input validation problem with the 'catsearch' field, which gets interpolated in an open statement: openFILE, "$boardsdir/$cattosearch" || &fatalerror"$txt'23'...
SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-033 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Missing Function Leve...
SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home
SEC Consult Vulnerability Lab Security Advisory 20150227-0 ======================================================================= title: Multiple vulnerabilities product: Loxone Smart Home vulnerable version: Firmware: 5.49; Android-App: 3.4.1 fixed version: 6.3 impact: High homepage:...
CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2025 =================== "Remote Code Execution RCE via Unrestricted File Upload" CWE-434 vulnerability in "Intrexx Professional" product Vendor =================== United Planet GmbH Product =================== "Intrexx is an integrated...
APPLE-SA-2013-09-12-2 Safari 5.1.10
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-12-2 Safari 5.1.10 Safari 5.1.10 is now available and addresses the following: JavaScriptCore Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Visiting a maliciously crafted website may lead to an unexpected applicatio...
Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability
Wordpress Zingiri Web Shop Plugin = 2.2.3 Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://wordpress.org/extend/plugins/zingiri-web-shop/ affected versions....: from 0.9.12 to 2.2.3 -...
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTPD Security ADVISORY ============================== UPDATE 2 Title: Range header DoS vulnerability Apache HTTPD 1.3/2.x CVE: CVE-2011-3192 Last Change: 20110826 1030Z Date: 20110824 1600Z Product: Apache HTTPD Web Server Versions: Apache 1.3...
prestashop vuln: sql injection
Vulnerable software and vendor Prestashop verion: 1.3.3 - 0.246s Vulnerable File Vulnerable Field category.php idcategory cart.php idproduct product.php idproduct 2. Vulnerability classification Sql Injection 3. Vulnerability details and reproduction steps, if you want to disclosure it. just...
XSS vulnerability in CMSimple
Vulnerability ID: HTB22558 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg http://www.cmsimple.org/ Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: XSS Cross Site...
DCP-Portal Multiple XSS Vulnerabilities
Title: DCP-Portal Multiple XSS Vulnerabilities Vendor: Worxware Product: DCP-Portal Tested Version: 7.0beta Threat Class: XSS Severity: High Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== Multiple XSS vulnerabilities found in the DCP-Portal. 1...
SmartCMS v.2 SQL injection vulnerability
============ Ariko-Security - Advisory 1/5/2010 ============= SQL injection vulnerability in SmartCMS v.2 Vendor's Description of Software: http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en Dork: n/a Application Info: Name: SmartCMS Versions: V.2 Vulnerability Info: Type: SQL injection...
Team SHATTER Security Advisory: Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter August 27, 2009 Risk Level: Medium Affected versions: Oracle Database Server version 9iR1 and 9iR2 Remote exploitable: Yes Authentication to...
Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100
Cross Site Scripting XSS in Owl =0.95, CVE-2008-3100 References: https://vulners.com/cve/CVE-2008-3100 http://owl.sourceforge.net/ http://www.datensalat.eu/fabian/cve/CVE-2008-3100-Owl.html Description: Owl is a multi user document repository knowledgebase system for publishing files/documents on...
ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage
ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage http://www.zerodayinitiative.com/advisories/ZDI-07-053.html September 20, 2007 -- CVE ID: CVE-2007-4991 -- Affected Vendor: Microsoft -- Affected Products: ISA Server 2004 SP1 ISA Server 2004 SP2 -- TippingPointTM IPS Customer...
Cisco 7940 SIP IPPhones DoS
A sequence of malformed SIP requests causes device to crash...
Cisco multiple devices DoS
Denial of service on ASN.1 parsing due to vulnerability in cryptographics library...
Уязвимость в Денвере-2: XSS
Здравствуйте, vuln. Найдена уязвимость типа XSS в пакете для web-разработчика Денвер-2 http://www.denwer.ru/ Пример: www.site.ru/scriptalert'XSS!'/script появится страница с сообщением об ошибке 403 и выполнится скрипт Уязвимость возможна из-за ошибки в файле, появляющемся при ошибке 403. Его...
TOPo 1.43 and prior - Path Disclosure (in.php, out.php)
Poduct: TOPo. TOPo is a free TOP system written in PHP that works without MySQL database. TOPo is specially designed for web sites hosted in web servers that not offer a quality MySQL support. More info: http://ej3scripts.loadedweb.com/modules.php?name=InfoScripts&file=index&func=topo + Web Site:...
Progress Database vulnerabilities
strcpy and pstcopy dbutpstcopy are BAD!@@!$! you need to make use of strncpy or invent pstncopy This is straight from the unix man pages for strcpy NAME strcpy, strncpy - copy a string SYNOPSIS include string.h char strcpychar dest, const char src; BUGS If the destination string of a strcpy is no...
Sqlbuddy Path Traversal Vulnerability
Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.sqlbuddy.com Version: 1.3.3 SQL Buddy is an open source web based MySQL administration application. Advisory Information: ================== sqlbuddy suffers from directory traversal whereby a user can mov...
CUPS privilege escalation
Weak permissions for configuration files...
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities
Title: ====== Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=443 VL-ID: ===== 443 Introduction: ============= The Enterasys C5 is a scalable, high-performance Gigabit Ethernet switch...
Security update available for Adobe Shockwave Player
Security update available for Adobe Shockwave Player Release date: February 14, 2012 Vulnerability identifier: APSB12-02 CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766 Platform: Windows and Macintos...
[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure
CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.20 - Tomcat 6.0.0 to 6.0.33 - Tomcat 5.5.0 to 5.5.33 - Earlier, unsupported versions may also be affected Description:...
Core FTP mini-sftp-server Several DoS and Directory Traversal Vulnerabilities
Date of Discovery: 7-Jun-2010 Credits: leinakesiatgmail.com Vendor: Core FTP mini-sftp-server http://www.coreftp.com/server/index.html Affected: Core FTP mini-sftp-server version 1.19. Earlier versions may also be affected. Overview: "Core FTP Server" and "Core FTP mini-core sftp server" are both...
GeekLog <= 2. (BaseView.php) Remote File Include Vulnerabilities
GeekLog = 2. BaseView.php Remote File Include Vulnerabilities Discovered by GolDMMahmnoodali & & Contact: [email protected] URL: http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz V.CODE: In : path/system/libraries/Geeklog/MVCnPHP/BaseView.php require $glConf'pathlibraries'...
[eVuln] E-Blah Platinum 'Referer' XSS Vulnerability
New eVuln Advisory: E-Blah Platinum 'Referer' XSS Vulnerability http://evuln.com/vulns/83/summary.html --------------------Summary---------------- eVuln ID: EV0083 CVE: CVE-2006-0829 Software: E-Blah Platinum Sowtware's Web Site: http://www.eblah.com Versions: 9.7 Critical Level: Moderate Type:...
PeopleSoft (Oracle) PSCipher Encryption Weakness
Vendor: PeopleSoft Product: People Tools Version: 8.4x Platform: Multi-platform Title: Weak Encryption Description: PeopleSoft uses PSCipher for encryption/hashing purposes. Based on observations from the output of PSCipher and on our familiarity with the cryptographic library objects and methods...
Metasploit Framework Defanged mode protection bypass
It's possible to overwrite Defanged environment variable with StateToOptions function...
Gamespy cd-key validation system: "Cd-key in use" DoS versus many games
Luigi Auriemma Application: Gamespy cd-key validation system http://www.gamespy.net Games: The amount of games that use this system is really huge, a small list maintained by me is available here: http://aluigi.altervista.org/papers/gshlist.txt An official list of games that use the Gamespy stuff...
Etherleak information leak in Windows Server 2003 drivers
NGSSoftware Insight Security Research Advisory Name: Etherleak information leak in Windows Server 2003 drivers Systems Affected: Windows Server 2003 all versions Severity: Low/Medium Risk Vendor URL: http://www.microsoft.com/windowsserver2003/ Author: Chris Paget [email protected] Date: 9th...
Mod_gzip Debug Mode Vulnerabilities
Multiple Vulnerabilities in modgzip Debugging Routines I. Synopsis Affected Systems: modgzip 1.3.26.1a and prior Risk: Development: High Production: Minimal Developer URL: http://www.sourceforge.net/projects/mod-gzip Status: Vendor is not supporting project at this time. II. Product Description...
AnalogX Proxy DoS
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory AnalogX Proxy DoS ---------------------------------------------------------------------- FS Advisory ID: FS-072500-7-ANA.txt Release Date: July 25, 2000 Product: Proxy Vendor: AnalogX http://www.analogx.com...
APPLE-SA-2015-09-16-1 iOS 9
APPLE-SA-2015-09-16-1 iOS 9 iOS 9 is now available and addresses the following: Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log...
[SECURITY] [DSA 3109-1] firebird2.5 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq -...
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
Quarterly update covers 138 different vulnerabilities...
CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS
Vulnerability title: Unauthenticated Blind SQL Injection in BSS Continuity CMS CVE: CVE-2014-3446 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: he following URL and parameters have been confirmed to suffer from Blind SQL...
[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure
CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define at multiple leve...
[RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW
Advisory: Metadata Information Disclosure in OrbiTeam BSCW RedTeam Pentesting discovered an information disclosure vulnerability in OrbiTeam's BSCW collaboration software. An unauthenticated attacker can disclose metadata about internal objects which are stored in BSCW. Details ======= Product:...
appRain CMF v0.1.5 - Multiple Web Vulnerabilities
Title: ====== appRain CMF v0.1.5 - Multiple Web Vulnerabilities Date: ===== 2011-12-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=362 VL-ID: ===== 362 Introduction: ============= appRain is one of the first officially released Opensource Content Management Framewor...
HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB
Vulnerability ID: HTB22913 Reference: http://www.htbridge.ch/advisory/multiplecsrfcrosssiterequestforgeryinusebb.html Product: UseBB Vendor: UseBB http://www.usebb.net/ Vulnerable Version: 1.0.11 Vendor Notification: 22 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Lo...