47153 matches found
Apache 2.0 vulnerability affects non-Unix platforms
-----BEGIN PGP SIGNED MESSAGE----- For Immediate Disclosure =============== SUMMARY ================ Title: Apache 2.0 vulnerability affects non-Unix platforms Date: 9th August 2002 Revision: 2 Product Name: Apache HTTP server 2.0 OS/Platform: Windows, OS2, Netware Permanent URL:...
BizDB Search Script Enables Shell Command Execution at the Server
BizDB Search Script Enables Shell Command Execution at the Server Perfecto's Black Watch Labs Security Advisory 00-04 April 7th, 2000 Name: BizDB Search Script Enables Shell Command Execution at the Server Black Watch Labs ID: BWL-00-04 Date Released: April 7th, 2000 Category: ApplicationHTML:...
APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002
APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 Mac EFI Security Update 2015-002 is now available and addresses the following: EFI Available for: OS X Mavericks v10.9.5 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was...
Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: 9.2, 10.5.2, 11.0.1. Severity: Low to medium Vendor notified: Yes Reported: Oct...
[ MDVSA-2015:186 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:186 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : March 31, 2015 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in phpmyadmin:...
Сross-Site Request Forgery (CSRF) in TAO
Advisory ID: HTB23211 Product: TAO Vendor: Open Assessment Technologies S.A. Vulnerable Versions: 2.5.6 and probably prior Tested Version: 2.5.6 Advisory Publication: April 16, 2014 without technical details Vendor Notification: April 16, 2014 Public Disclosure: May 7, 2014 Vulnerability Type:...
[SECURITY] CVE-2014-0111 Apache Syncope
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0111: Remote code execution by an authenticated administrator Severity: Important Vendor: The Apache Software Foundation Versions Affected: Syncope 1.0.0 to 1.0.8 Syncope 1.1.0 to 1.1.6 Description: In the various places in which Apache Commo...
[ MDVSA-2013:212 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:212 http://www.mandriva.com/en/support/security/ Package : otrs Date : August 13, 2013 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerability: It was discovered...
[PSA-2013-0813-1] Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0813-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...
[SECURITY] [DSA 2504-1] libspring-2.5-java security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2504-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...
wordpress Lanoba Social Plugin Xss Vulnerabilities
a bug in wordpress Lanoba Social Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir wordpress Lanoba Social Plugin Xss Vulnerabilities Download......: wordpress.org/extend/plugins/lanoba-social-plugin/...
OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Scripting Vulnerabilities
The OWASP Academy-Portal is proud to announce the first free online OWASP TOP 10 security lab based on Hacking-Lab.com! Hacking-Lab is supporting the OWASP mission and made their online training environment available for OWASP on free-to-use basis! The Hacking-Lab is not just a common "hackme"...
eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities
---------------------------------------------------------------- eFront = 3.6.10 build 11944 Multiple Security Vulnerabilities ---------------------------------------------------------------- author.............: EgiX mail...............: n0b0d13satgmaildotcom software link......:...
[SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 2206-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2011 http://www.debian.org/security/faq -...
ZDI-10-132: Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability
ZDI-10-132: Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-132 July 20, 2010 -- CVE ID: CVE-2010-1214 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected...
Mozilla Foundation Security Advisory 2010-31
Mozilla Foundation Security Advisory 2010-31 Title: focus behavior can be used to inject or steal keystrokes Impact: Moderate Announced: June 22, 2010 Reporter: Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 SeaMonkey 2.0.5 Description Google security research...
Unauthenticated Filesystem Access in iomega Home Media Network Hard Drive
----------------------------- Advisory ----------------------------- Unauthenticated File-system Access in iomega Home Media Network Hard Drive ----------------------------- Affected products ----------------------------- iomega Home Media Network Hard Drive Firmware versions 2.038 - 2.061...
CVE-2009-4510: TANDBERG VCS Static SSH Host Keys
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Static SSH Host Keys Release Date:...
MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS <= 3.10.7/3.9.9-->
-------------------------------------------------------------------------------------- MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS = 3.10.7/3.9.9-- -------------------------------------------------------------------------------------- CMS INFORMATION: --WEB:...
[DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability
Digital Security Research Group DSecRG Advisory DSECRG-09-025 http://dsecrg.com/pages/vul/show.php?id=125 Application: Oracle Secure Enterprise Search SES Versions Affected: Oracle Secure Enterprise Search SES version 10.1.8.2.0 Vendor URL: http://www.oracle.com Bugs: XSS Exploits: YES Reported:...
FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability
Apple Safari Remote Memory Corruption Vulnerability 2009.June.09 Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Apple Safari. Summary: ======== A memory corruption vulnerability exists in Apple Safari which allows a remote attacker to execute arbitrary code through...
Exjune Guestbook v2 Remote Database Disclosure Exploit
!/usr/bin/perl By AlpHaNiX NullArea.Net alphaathacker.bz Made in Tunisia script : Exjune Guestbook v2 download : http://www.exjune.com/downloads/downloads/exJuneguestbook.asp Vulnerable : database path : /admin/exdb.mdb Real Life Example : OOO OOO OO OO OO OO O O O O O O O OO OO O O O O OO OOO OO...
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-003
Digital Security Research Group DSecRG Advisory DSECRG-09-003 Application: Oracle database 11G Versions Affected: Oracle 11.1.0.6 and 10.2.0.1 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 17.11.2008 Vendor response: 18.11.2008 Last response: 24.11.2008 Date of...
joomla SQL Injection(com_most)secid
joomla SQL Injectioncommostsecid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"commost"secid DORK 2 : allinurl: EXPLOIT :...
claroline <= Multiple Remote File Include Vulnerablitiy
claroline = Multiple Remote File Include Vulnerablitiy D.Script: http://www.e-learningone.it/softwarefree/e-learning/claroline175.zip Discovered by: MoHaNdKo-=-=- [email protected] Homepage: http://www.MoHaNdKo.cOm Exploit:Path/claroline/inc/lib/rootSys=Shell Greetz To: Tryag-Team & AsbMay's Gro...
PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting
Informations : °°°°°°°°°°°°°° Product : PHP-Nuke Version : 6.0 Website : http://www.phpnuke.org Problems : - Path Disclosure - XSS Developpement : °°°°°°°°°°°°°°° The majority of the PHPNuke's files are includes in modules.php or index.php. To prevent the direct access, PHPNuke made two kinds of...
Flood ACK packets cause AIX DoS
--------------------------------------------------------------------------- Title: Flood ACK packets cause AIX DoS. Released: 9th Oct 2002 --------------------------------------------------------------------------- Vulnerable: =========== - AIX version 4.3.3 with any ML - AIX 5 Overview: ========...
[USN-2757-1] Oxide vulnerabilities
========================================================================== Ubuntu Security Notice USN-2757-1 October 05, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
Adobe Flash Player multiple security vulnerabilities
Multiple memory corruptions, buffer overflows, information disclosure...
[USN-2276-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2276-1 July 09, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® ASPSlideshow Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...
US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System TA13-064A: Oracle Java Contains Multiple Vulnerabilities Original release date: March 05, 2013 Systems Affected Any system using Oracle Java 7, 6, 5 1.7, 1.6, 1.5 including Java Platform Standard Edition 7 Java SE 7 Jav...
[CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability
Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ Answer my question plugin description This plugi...
Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites
Title: ====== Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites Date: ===== 2012-10-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=710 VL-ID: ===== 710 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...
Apple iPhone multiple security vulnerabilities
Multiple vulnerabilities in different system components and applications...
python security vulnerabilities
Source code leakage in CGIHTTPServer, local files acces in urllib...
HTB22968: XSS in PHP Directory Listing Script
Vulnerability ID: HTB22968 Reference: http://www.htbridge.ch/advisory/xssinphpdirectorylistingscript.html Product: PHP Directory Listing Script Vendor: http://www.evoluted.net http://www.evoluted.net Vulnerable Version: 3.1 Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...
R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities
R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities February 7, 2011 -- Vulnerability Details: The Accellion File Transfer Appliance, prior to version FTA80562, suffers from a number of security flaws that can lead to a remote root compromise. 1. Message Routing Daemon Default...
[security bulletin] HPSBMA02585 SSRT100256 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02521481 Version: 1 HPSBMA02585 SSRT100256 rev.1 - HP OpenView Network Node Manager OV NNM, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as...
Remote access vulnerability using File Thingie v2.5.4
============================================================ !vuln File Thingie v2.5.4 Previous versions may also be affected. ============================================================ ============================================================ !risk Low There are currently just a few website...
Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120
Cross Site Scripting XSS Vulnerabilitiy in flatpress 0.804, CVE-2008-4120 References http://www.datensalat.eu/fabian/cve/CVE-2008-4120-flatpress.html https://vulners.com/cve/CVE-2008-4120 http://www.flatpress.org/ Description FlatPress is an open-source standard-compliant multi-lingual extensible...
Mozilla Foundation Security Advisory 2008-31
Mozilla Foundation Security Advisory 2008-31 Title: Peer-trusted certs can use alt names to spoof Impact: Moderate Announced: July 1, 2008 Reporter: John G. Myers Products: Firefox 2, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.15 SeaMonkey 1.1.10 Description Mozilla developer John G. Myers...
Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow Document ID: 100345 Advisory ID: cisco-sa-20080116-cucmctl http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml Revision 1.0 For Public Release 20...
Mozilla Foundation Security Advisory 2007-37
Mozilla Foundation Security Advisory 2007-37 Title: jar: URI scheme XSS hazard Impact: High Announced: November 26, 2007 Reporter: Jesse Ruderman, Petko D. Petkov, beford.org Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.10 SeaMonkey 1.1.7 Description The jar: URI scheme was introduced as ...
Microsoft Security Bulletin MS07-033 - Critical Cumulative Security Update for Internet Explorer (933566)
Microsoft Security Bulletin MS07-033 - Critical Cumulative Security Update for Internet Explorer 933566 Published: June 12, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves five privately reported vulnerabilities and one publicly disclosed...
[Full-disclosure] MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities
netVigilance Security Advisory 17 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities Description: MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. Full control over your discussion system is presented right at the tip of your fingers, from multiple styles...
MOPB-39-2007:PHP str_replace() Memory Allocation Integer Overflow Vulnerability
Summary When strreplace is called in a way that a single char is replaced by a long string and the single char occurs very often in the subject this will result in an integer overflow when the size of the memory buffer is calculated. The allocation of a too small buffer will result in a buffer...
SaphpLesson v3.0 SQL Injection Exploit
//////////////////2007///////////////////// //SaphpLesson v3.0 SQL Injection Exploit// ////////////////////////////////////////// Found by:SwEET-DeViL&HaCKeR sUn TeaM AL-GaRNi------------------ Application : SaphpLesson------ version : v3.0----------------- URL : No-----------------------...
[SA19098] DVguestbook "dv_gbook.php" Cross-Site Scripting Vulnerability
TITLE: DVguestbook "dvgbook.php" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19098 VERIFY ADVISORY: http://secunia.com/advisories/19098/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: DVguestbook 1.x http://secunia.com/product/8572/ DESCRIPTION:...
Sakki's guestbook V.1.01 script injection vulnerability.
This advisory can be found at www.blacktigerz.org. Description: Easy to manage and configure asp powered guestbook. Works with MS Access database or without it. Vendor: http://www.sakki.net Vulnerability: gb.asp neglects filtering user input allowing for script injection to the guestbook via "nam...