47153 matches found
Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln
Exploit : centerbWordpress allinonecarousel Plugin Xss & Csrf Vulnerability /centerbrbr html head titleWordpress allinonecarousel Plugin Xss & Csrf Vulnerability IeDb TeaM/title /headbody form action="http://YourTarget.Com" id="formid" method="post" input name="name"...
[USN-2000-1] Nova vulnerabilities
========================================================================== Ubuntu Security Notice USN-2000-1 October 23, 2013 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2
DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...
Vulnerabilities in multiple plugins for WordPress with VideoJS
Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites...
APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 OS X Mountain Lion v10.8.3 and Security Update 2013-001 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lio...
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. ...
SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure
SEC Consult Vulnerability Lab Security Advisory 20120618-0 ======================================================================= title: WD ShareSpace WEB GUI Sensitive Data Disclosure product: WD ShareSpace network storage system vulnerable version: WD ShareSpace = v2.3.02 D and E series fixed...
[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x Apache Wicket 1.3.x and 1.5.x are not affected Description: A Cross Site Scripting XSS attack is possible by manipulating the value of 'wicket:pageMapName' request parameter. Mitigation: Upgrade to...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Advisory ID: cisco-sa-20100804-fwsm Revision 1.0 For Public Release 2010 August 04 1600 UTC GMT +---------------------------------------------------------------------...
[CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS
|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...
[DSECRG-08-027] Multiple RFI-LFI in 1024 CMS 1.4.3, 1.4.4 RFC
Digital Security Research Group DSecRG Advisory DSECRG-08-027 Application: 1024 CMS Versions Affected: 1.4.3, 1.4.4 RFC Vendor URL: http://www.1024cms.com/ Bug: Multiple Remote/Local File Include Exploits: YES Reported: 18.06.2008 Second report: 27.06.2008 Vendor Response: NONE Solution: NONE Dat...
PHP-Nuke SQL injection Module "Hadith" [cat]
R B T - 4 C R E W www.rbt-4.net ----------------------------------------------- AUTHOR : Lovebug PHP-Nuke Module "Hadith" cat Sql injection Original Advisory: http://www.rbt-4.net/forum/viewthread.php?forumid=51&threadid=3078 Exploit...
iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability
iDefense Security Advisory 02.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2008 I. BACKGROUND Adobe Reader is a program for viewing Portable Document Format PDF documents. More information is available at the following URLs. http://www.adobe.com/products/reader/ II...
PhpBB Xs 2 profile.php Permanent Xss Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PhpBB Xs 2 profile.php Permanent Xss Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Found By Seph1roth +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ POST METHOD Corrupted page:...
Oracle Critical Patch Update - April 2007
Oracle Critical Patch Update - April 2007 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Due to the threat posed by a successful...
Multiple PHP bugs
Buffer overflows, integer overflows, DoS conditions, crossite scripting...
PHP 4.4.4 and PHP 5.1.5 Released
PHP 4.4.4 and PHP 5.1.5 Released 17-Aug-2006 The PHP development team would like to announce the immediate availability of PHP 5.1.5 and 4.4.4. These two releases address a series of security problems that were discovered since the release of PHP 5.1.4 and 4.4.3. The new releases include the...
[Full-disclosure] TP-Book <= 1.00 Cross Site Scripting Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: TP-Book = 1.00 Cross Site Scripting Vulnerabilities Release Date: 2006/07/25 Last Modified: 2006/07/25 Author: Tamriel tamriel at gmx dot net Application: TP-Book = 1.00 Risk: Low Vendor Status: not contacted Vendor Site:...
Confixx 3.1.2 <= Code Injection
// Confixx 3.1.2 = Code Injection // ----------------------------------------------------------------- Advisory by: LoK-Crew - Exploit: http://www.example.com/ftplogin/?login="XSSdiv style= - Googledork: inurl:confixx inurl:login|anmeldung + Greetz to: Bluegeek + Visit: www.LoK-Crew.de...
PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure
PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure site: http://www.php-fusion.co.uk - if magicquotes off - SQL Injection, poc: http://target/pathtoPhpFusion/messages.php?msgsend=' UNION SELECT userpassword FROM fusionusers WHERE username='adminusername'/ now hash is showed i...
[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure
Hello All, I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6. Authors Site: http://www.cubecart.com CubeCart is described by its authors as: 'What is CubeCart? CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as lo...
SonicWALL SOHO/10 - XSS vulnerability
SonicWALL SOHO/10 - XSS and Code Injection vulnerability ======================================================== Product: ======== SonicWall SOHO/10 is the 2nd generation Internet Security Appliance from Sonicwall, with firewall-, vpn-, contentfiltering- and other capabilities. Vulnerability:...
VMWare virtual machine privilege escalation
Dynamic libraries are searched in world writable directory...
Buffer overflow in explorer.exe
Buffer overflow on desktop.ini parsing...
ReBB javascripts vulnerability
Hi! Another php - board named ReBB http://www.rebb.net has a img vulnerability. Exploit: Use this string my favorite : - imgjavascript:alert'test'/img Possible decision: All urls in img tag should start with http:// SliderGod...
IBM DB2 default account and password Vulnerability
1.Description The DB2 Universal Database builds upon the stability and performance of DB2 on the mainframe and provides the features required in a distributed database product. DB2 Universal Database UDB is IBM's relational database server solution for the UNIX, OS/2 and Windows NT/2000 operating...
cURL security vulnerabilitiies
Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS...
[USN-2769-1] Apache Commons HttpClient
========================================================================== Ubuntu Security Notice USN-2769-1 October 14, 2015 commons-httpclient vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...
Cross-Site Scripting (XSS) in Offiria
Advisory ID: HTB23210 Product: Offiria Vendor: Slashes Dots Sdn Bhd. Vulnerable Versions: 2.1.0 and probably prior Tested Version: 2.1.0 Advisory Publication: April 2, 2014 without technical details Vendor Notification: April 2, 2014 Public Disclosure: May 7, 2014 Vulnerability Type: Cross-Site...
ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities
ESA-2013-089.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities EMC Identifier: ESA-2013-089 CVE Identifier: CVE-2013-6810 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C...
Samsung DVR authentication bypass
Title: Samsung DVR authentication bypass Version affected: firmware version = 1.10 Vendor: Samsung - www.samsung-security.com Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Samsung provides a wide range of DVR...
[MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7
We don't release 0days... except when vendors show no interest in fixing their their bugs. http://umbraco.com/umbraco/dashboard/FeedProxy.aspx?url=http://en.wikipedia.org/wiki/Openproxy Have fun. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory...
XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3
Information -------------------- Name : XSS and SQL Injection Vulnerabilities on Symphony CMS Software : Symphony CMS 2.2.3 and possibly below Vendor Homepage : http://symphony-cms.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Mesut Timur mesut a...
[ MDVSA-2011:144 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:144 http://www.mandriva.com/security/ Package : apache Date : September 8, 2011 Affected: 2009.0, 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected i...
[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?Onapsis Security Advisory 2011-014: SAP WebAS Remote Denial of Service 1. Impact on Business ========================= By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This...
Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints Advisory ID: cisco-sa-20110202-tandberg Revision 1.0 For Public Release 2011 February 2 1600 UTC GMT...
Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege 2028554 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and two privately reported...
CVE-2009-4511: TANDBERG VCS Arbitrary File Retrieval
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Arbitrary File Retrieval Release Date:...
[SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0033: Apache Tomcat denial of service vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 The unsupported Tomcat 3.x, 4.0.x and 5.0.x...
ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities
=============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...
[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise
HSC Multiple CSRF in Joomla all versions - Complete compromise Hackers Center Security Group http://www.hackerscenter.com Credit: Armando Romeo aka Zinho Class: CSRF Remote: Yes Risk: HIGH Product: Joomla Version: All 1.0.13 and 1.5 rc3 tested Vendor: http://www.joomla.com Patch: Joomla 1.5 RC4...
America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution
Sorry for the brief post but Im still able to bypass filters that aol has put in place. So again with frustration I come to FD to imply pressure on a company to patch correct. From reading feedback from AOL they feel the vulnerability is put to bed and requires no more attention. I am not posting...
Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection
--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)
http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs The following vulns were found on 24 June 2007 and were tested against firmware V1.00.06. The specific persistent XSS holes mentioned in this advisory were fixed by Cisco on firmware versio...
Wordpress Cookie Authentication Vulnerability
Wordpress Cookie Authentication Vulnerability Original release date: 2007-11-19 Last revised: 2007-11-19 Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-auth.txt CVE ID: pending Source: Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/ Systems Affected:...
Mozilla Foundation Security Advisory 2007-22
Mozilla Foundation Security Advisory 2007-22 Title: File type confusion due to 00 in name Impact: Low Announced: July 17, 2007 Reporter: Ronald van den Heetkamp Products: Firefox Fixed in: Firefox 2.0.0.5 Description Ronald van den Heetkamp reported that a filename URL containing 00 encoded null...
iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability
SquirrelMail G/PGP Plugin deleteKey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...
PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability
Title : PHP Event Calendar 1.5.1 index.php Remote File Include Vulnerability Discovered By :::: ThE-LoRd-Of-CrAcKiNg MeHdi ------------------------------------------------------------------------ Sorce Code: http://www.scriptdungeon.com/jump.php?ScriptID=633 Affected software description : Title:...
уязвимости скриптов с www.wr-script.ru (wr-board 1.4Lite)
1 DoS. Не проверяется значение параметра page в index.php http://wr-script.host/board/index.php?event=list&id=112420973596&page=-10000000000000000 2 Открытая почтовая форма. Адрес по которому будет отправлено сообщение с доски передается в поле uemail hidden. Пример использования:...