47153 matches found
XMB Forums Multiple Vulnerabilities
GulfTech Security Research February 12, 2006 Vendor : XMB Software URL : http://www.xmbforum.com/ Version : XMB Forums = 1.9.3 Risk : Multiple Vulnerabilities Description: XMB Forums is a popular forum software written in php and mysql that allows you to open up your own online community or...
Apache 2.0 vulnerability affects non-Unix platforms
-----BEGIN PGP SIGNED MESSAGE----- For Immediate Disclosure =============== SUMMARY ================ Title: Apache 2.0 vulnerability affects non-Unix platforms Date: 9th August 2002 Revision: 2 Product Name: Apache HTTP server 2.0 OS/Platform: Windows, OS2, Netware Permanent URL:...
WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS
WFTPD 32-bit X86 3.00 R5 Directory Traversal / Buffer Overflow / DoS AFFECTED SYSTEMS WFTPD 32-bit X86 version 3.00 R5 on Windows 95 / 98 / SE / ME is vulnerable to a directory traversal, all versions of windows are likely to be vulnerable to the buffer overflow / DoS DESCRIPTION 1 Directory...
[USN-2757-1] Oxide vulnerabilities
========================================================================== Ubuntu Security Notice USN-2757-1 October 05, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: 9.2, 10.5.2, 11.0.1. Severity: Low to medium Vendor notified: Yes Reported: Oct...
Adobe Flash Player multiple security vulnerabilities
Multiple memory corruptions, buffer overflows, information disclosure...
[ MDVSA-2015:186 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:186 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : March 31, 2015 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in phpmyadmin:...
[USN-2276-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2276-1 July 09, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® ASPSlideshow Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...
Сross-Site Request Forgery (CSRF) in TAO
Advisory ID: HTB23211 Product: TAO Vendor: Open Assessment Technologies S.A. Vulnerable Versions: 2.5.6 and probably prior Tested Version: 2.5.6 Advisory Publication: April 16, 2014 without technical details Vendor Notification: April 16, 2014 Public Disclosure: May 7, 2014 Vulnerability Type:...
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk
Deutsche Telekom CERT Advisory DTC-A-20140324-002 update140328 Summary: Several vulnerabilities were found in checkmk version 1.2.2p2. Update to original advisory: Corrected: vulnerability 5 and 6 not 4 and 5 are currently not fixed. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS...
[ MDVSA-2013:212 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:212 http://www.mandriva.com/en/support/security/ Package : otrs Date : August 13, 2013 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerability: It was discovered...
[PSA-2013-0813-1] Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0813-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...
[SECURITY] [DSA 2504-1] libspring-2.5-java security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2504-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...
OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Scripting Vulnerabilities
The OWASP Academy-Portal is proud to announce the first free online OWASP TOP 10 security lab based on Hacking-Lab.com! Hacking-Lab is supporting the OWASP mission and made their online training environment available for OWASP on free-to-use basis! The Hacking-Lab is not just a common "hackme"...
eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities
---------------------------------------------------------------- eFront = 3.6.10 build 11944 Multiple Security Vulnerabilities ---------------------------------------------------------------- author.............: EgiX mail...............: n0b0d13satgmaildotcom software link......:...
python security vulnerabilities
Source code leakage in CGIHTTPServer, local files acces in urllib...
HTB22968: XSS in PHP Directory Listing Script
Vulnerability ID: HTB22968 Reference: http://www.htbridge.ch/advisory/xssinphpdirectorylistingscript.html Product: PHP Directory Listing Script Vendor: http://www.evoluted.net http://www.evoluted.net Vulnerable Version: 3.1 Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...
[SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 2206-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2011 http://www.debian.org/security/faq -...
MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS <= 3.10.7/3.9.9-->
-------------------------------------------------------------------------------------- MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS = 3.10.7/3.9.9-- -------------------------------------------------------------------------------------- CMS INFORMATION: --WEB:...
Mozilla Foundation Security Advisory 2008-31
Mozilla Foundation Security Advisory 2008-31 Title: Peer-trusted certs can use alt names to spoof Impact: Moderate Announced: July 1, 2008 Reporter: John G. Myers Products: Firefox 2, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.15 SeaMonkey 1.1.10 Description Mozilla developer John G. Myers...
claroline <= Multiple Remote File Include Vulnerablitiy
claroline = Multiple Remote File Include Vulnerablitiy D.Script: http://www.e-learningone.it/softwarefree/e-learning/claroline175.zip Discovered by: MoHaNdKo-=-=- [email protected] Homepage: http://www.MoHaNdKo.cOm Exploit:Path/claroline/inc/lib/rootSys=Shell Greetz To: Tryag-Team & AsbMay's Gro...
Few unreported vulnerabilities by SehaTo
Hello lists, SehaTo sehato at yandex ru reported few vulnerabilities in different Windows applications. Original messages in Russian may be found at http://securityvulns.com/source16446.html 1. Microsoft Windows Explorer corrupted WMF vulnerability...
[SA19098] DVguestbook "dv_gbook.php" Cross-Site Scripting Vulnerability
TITLE: DVguestbook "dvgbook.php" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19098 VERIFY ADVISORY: http://secunia.com/advisories/19098/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: DVguestbook 1.x http://secunia.com/product/8572/ DESCRIPTION:...
Sakki's guestbook V.1.01 script injection vulnerability.
This advisory can be found at www.blacktigerz.org. Description: Easy to manage and configure asp powered guestbook. Works with MS Access database or without it. Vendor: http://www.sakki.net Vulnerability: gb.asp neglects filtering user input allowing for script injection to the guestbook via "nam...
PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting
Informations : °°°°°°°°°°°°°° Product : PHP-Nuke Version : 6.0 Website : http://www.phpnuke.org Problems : - Path Disclosure - XSS Developpement : °°°°°°°°°°°°°°° The majority of the PHPNuke's files are includes in modules.php or index.php. To prevent the direct access, PHPNuke made two kinds of...
Flood ACK packets cause AIX DoS
--------------------------------------------------------------------------- Title: Flood ACK packets cause AIX DoS. Released: 9th Oct 2002 --------------------------------------------------------------------------- Vulnerable: =========== - AIX version 4.3.3 with any ML - AIX 5 Overview: ========...
ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities CVE Identifier: CVE-2015-0235, CVE-2015-0524, CVE-2015-0525 Severity Rating: CVSSv2 Base Score: See below for individual scores for each CVE Affected...
[security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04271396 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04271396 Version: 1 HPSBMU03030 rev....
Path Traversal in DeWeS Web Server (Twilight CMS)
Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...
DoS and XSS vulnerabilities in Googlemaps plugin for Joomla
Hello 3APA3A! Earlier I wrote about multiple vulnerabilities in Googlemaps plugin for Joomla http://securityvulns.ru/docs29645.html. After my informing, the developer fixed these vulnerabilities in versions 2.19 and 3.1 of the plugin - by removing proxy functionality. And in version 3.2 of the...
[security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 2 HPSBMU02900 rev....
Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites
Title: ====== Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites Date: ===== 2012-10-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=710 VL-ID: ===== 710 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...
wordpress Lanoba Social Plugin Xss Vulnerabilities
a bug in wordpress Lanoba Social Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir wordpress Lanoba Social Plugin Xss Vulnerabilities Download......: wordpress.org/extend/plugins/lanoba-social-plugin/...
R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities
R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities February 7, 2011 -- Vulnerability Details: The Accellion File Transfer Appliance, prior to version FTA80562, suffers from a number of security flaws that can lead to a remote root compromise. 1. Message Routing Daemon Default...
python security vulnerabilities
Buffer overflow in audioop.lin2lin, memory corruption in audioop.reverse...
[DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability
Digital Security Research Group DSecRG Advisory DSECRG-09-025 http://dsecrg.com/pages/vul/show.php?id=125 Application: Oracle Secure Enterprise Search SES Versions Affected: Oracle Secure Enterprise Search SES version 10.1.8.2.0 Vendor URL: http://www.oracle.com Bugs: XSS Exploits: YES Reported:...
Exjune Guestbook v2 Remote Database Disclosure Exploit
!/usr/bin/perl By AlpHaNiX NullArea.Net alphaathacker.bz Made in Tunisia script : Exjune Guestbook v2 download : http://www.exjune.com/downloads/downloads/exJuneguestbook.asp Vulnerable : database path : /admin/exdb.mdb Real Life Example : OOO OOO OO OO OO OO O O O O O O O OO OO O O O O OO OOO OO...
Remote access vulnerability using File Thingie v2.5.4
============================================================ !vuln File Thingie v2.5.4 Previous versions may also be affected. ============================================================ ============================================================ !risk Low There are currently just a few website...
[ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability
ECHOADV107$2009 ----------------------------------------------------------------------------------------- ECHOADV107$2009 FubarForum = 1.6 Critical File Disclosure Vulnerability ----------------------------------------------------------------------------------------- Author : K-159 Date : March, ...
Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120
Cross Site Scripting XSS Vulnerabilitiy in flatpress 0.804, CVE-2008-4120 References http://www.datensalat.eu/fabian/cve/CVE-2008-4120-flatpress.html https://vulners.com/cve/CVE-2008-4120 http://www.flatpress.org/ Description FlatPress is an open-source standard-compliant multi-lingual extensible...
Mozilla Foundation Security Advisory 2007-37
Mozilla Foundation Security Advisory 2007-37 Title: jar: URI scheme XSS hazard Impact: High Announced: November 26, 2007 Reporter: Jesse Ruderman, Petko D. Petkov, beford.org Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.10 SeaMonkey 1.1.7 Description The jar: URI scheme was introduced as ...
Microsoft Security Bulletin MS07-033 - Critical Cumulative Security Update for Internet Explorer (933566)
Microsoft Security Bulletin MS07-033 - Critical Cumulative Security Update for Internet Explorer 933566 Published: June 12, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves five privately reported vulnerabilities and one publicly disclosed...
[COVERT-2000-10] Windows NetBIOS Unsolicited Cache Corruption
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Network Associates, Inc. COVERT Labs Security Advisory August 29, 2000 Windows NetBIOS Unsolicited Cache Corruption COVERT-2000-10 o Synopsis The Microsoft Windows implementation of the NetBIOS cache allows a remote attacker to insert and flush dynami...
APPLE-SA-2015-09-16-1 iOS 9
APPLE-SA-2015-09-16-1 iOS 9 iOS 9 is now available and addresses the following: Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log...
[SYSS-2015-041] XSS in OpenText Secure MFT
Advisory ID: SYSS-2015-041 Product: Secure MFT Vendor: OpenText Affected Versions: 2013 R1, 2014 R1, 2014 R2 Tested Versions: 2014 R2 SP4 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification: 2015-08-05 Solution Date: 2015-08-14 Public...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-019 Product: BullGuard Antivirus Vendor: BullGuard Ltd. Affected Versions: 15.0.297 Tested Versions: 15.0.297 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...
BookFresh - Persistent Clients Invite Vulnerability
Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...
[SECURITY] [DSA 2832-1] memcached security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2832-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq -...