47153 matches found
Critical Security Advisory #005: ioFTPd User account enumeration vulnerability
Inicom networks ioFTPd 0.5.84u User account enumeration vulnerability Critical Security research: http://www.critical.lt Original Advisory may be found: http://www.critical.lt/?vulnerabilities/119 Vulnerable product: ioFTPd 0.5.84u maybe prior versions affected too Vulnerability type: User accoun...
JPORTAL Multiple SQL Injection
DATE: ========= 3/11/2005 AFFECTED PRODUCTS ================= JPORTAL all version OVERVIEW ======== JpoRtaL is a simple portal system written in PHP using MySQL on backend. It includes article posting with comments, topics, links manager with section, download manager with section, short news...
[SmartFTP] Two Buffer Overflow Vulnerabilities
---------------------------------------------------------------------- SUMMARY : SmartFTP Two Buffer Overflow Vulnerabilities PRODUCT : SmartFTP VERSIONS : 1.0.973 VENDOR : SmartFTP http://www.smartftp.com/ SEVERITY : Critical. Code Execution. DISCOVERED BY : nesumin AUTHOR : :: Operash :: REPORT...
Windows DoS code (jolt2.c) (fwd)
This is code for the new DoS discovered by Razor a few days ago. It forces cpu utilization to 100, making everything move really really slow. Tested against Win98, WinNT4/sp5,6, Win2K. An interesting side note is that minor changes to this packet cause NT4/Win2k maybe others, not tested memory us...
Microsoft Windows memory corruption
CSRSS memory corruption on MessageBox with MBSERVICENOTIFICATION beginning with "??"...
Ошибка переполнения буффера в aGsm версии 2.35c и в последней developer-версии (beta)...
Доброго времени суток! Мною обнаружена ошибка переполнения буффера и вероятно возможность удалённого исполнения вредоносного кода в последних версиях aGsm. Заключается она в следующем: При обработке ответа от Half-Life серверов, aGsm, как выяснилось, не проверяет длинну строки hostname, а копируе...
Mathcad Area Lock Vulnerability
Description of Vulnerability ============================ One of the features of Mathcad www.mathsoft.com is allowing the user to define ‘Areas’. Mathsoft say that ‘You can use areas to protect, lock, or hide information or equations in your worksheets’ and that ‘You can also protect the contents...
XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3
Vulnerability Type: XSS Cross-Site Scripting - Original release date: November 11th, 2013 - Last revised: November 11th, 2013 - Discovered by: Andrea Bodei - A2SECURE - Severity: 4.3/10 CVSSv2 Base Scored Products and affected versions: JUNOS up to 11.4 probably 12.1 and 12.3 vulnerable...
Cross-Site Scripting vulnerability in Mango
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Mango. XSS: http://site/archives.cfm/search/?term=3Cbody20onload=alertdocument.cookie3E Уязвимы Mango 1.4.1 и предыдущие версии. Дополнительная информация о данной уязвимости у меня на сайте:...
VMWare Tools privilege escalations
Privilege escalation via mount.vmhgfs and vmware-user-suid-wrapper suid utilities...
Powered by phpBB 2001, 2006 (SQL)
Powered by phpBB © 2001, 2006 phpBB Group Modified by Fully Modded phpBB © 2002, 2006 AUTHOR : TurkishWarriorr HOME : http://www.1923turk.org DORKS 1 : allinurl :kb.php?mode=article&k DORKS 2 : article&k= DORKS 3 : "Powered by phpBB © 2001, 2006 phpBB Group" "Modified by Fully Modded phpBB © 2002...
HIOX GUEST BOOK (HGB) 4.0 Remote Code Execution Vulnerability
+========================I=R=A=N============================+ HGB Version 4.0 =========================I=R=A=N============================= +========================I=R=A=N============================+ Author : Dj7xpl / Dj7xplatYahoodotcom...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Yahoo Messenger instant messenger agent DoS
Application crashes on message with malformed link. Vulnerability is known to be used in-the-wild...
Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability
Advanced Guestbook =- 2.4.2 includepath Remote File Include Vulnerability Script: Advanced Guestbook Version: 2.4.2 URL: http://proxy2.de/js/dl86d7a2.php Found By : BorN To K!LL Bug in : index.php , addentry.php , picture.php code :. requireonce $includepath."/admin/config.inc.php"; requireonce...
XSS in CLANSPHERE
Vulnerability ID: HTB22693 Reference: http://www.htbridge.ch/advisory/xssinclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk...
Synchrony Infotech (product_details.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Synchrony Infotech productdetails.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.synchrony.co.in/ Persian Gulf 4 Ever! Dork : "Designed by synchrony infotech."...
ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability
ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-233 July 7, 2011 -- CVE ID: CVE-2011-0549 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Symantec -- Affected Products: Symantec Web Gateway -- TippingPointTM...
Unauthorized access to PowerChute shared folder
During programm installation Program FilesPwrchute shared with full access allowing to trojan program executables...
Brocade Firmware SNMP Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Brocade Firmware SNMP Vulnerability Number : 20030405-01-I Date : April 11, 2003 Reference: SGI BUG 876762 Reference: CERT CA-2002-03 Reference: CVE CAN-2002-0013 Reference: CVE CAN-2002-0017 Fixed in : Brocade Firmware v2.6.0d or...
Neox (categoria.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Neox categoria.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.neox.es/ Persian Gulf 4 Ever! Dork : "inurl:categoria.php?id=" "Diseсo web - Mбlaga" Exploite:...
IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell
Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...
[Aria-Security Team] DuWare DuClassMate SQL Injection Vuln
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=59 ----------------------------------------------------------- Software: DuClassmate Method: SQL Injection Vendor:...
Terminal Emulator Security Issues
TERMINAL EMULATOR SECURITY ISSUES Copyright © 2003 Digital Defense Incorporated All Rights Reserved Table of Contents -- Summary -- Disclaimer -- Escape Sequences -- Remote Exploitation -- Screen Dumping -- Window Title Reporting -- Miscellaneous Issues -- Terminal Defense -- Tested Emulator...
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in...
Security advisory for Adobe Reader, Acrobat and Flash Player
Security advisory for Adobe Reader, Acrobat and Flash Player Release date: July 22, 2009 Last Updated: July 23, 2009 Vulnerability identifier: APSA09-03 CVE number: CVE-2009-1862 Platform: All Platforms Summary A critical vulnerability exists in the current versions of Flash Player v9.0.159.0 and...
Slider Revolution/Showbiz Pro shell upload exploit
!/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published: 25 November 2014 MorXploit Research http://www.MorXploit.com Vendor: ThemePunch...
[Full-Disclosure] Multiples vulnerabilities in JAWS
check this... ///////////////////////////////////////////////////// //// Vulnerable Program: JAWS //// //// Version : 0.3 ; it's BETA probably ; //// //// Url: http://www.jaws.com.mx //// //// The Bug: Multiples vulnerabilities //// //// Date: Today, July 5 off 2004 //// //// Author: Fernando...
BvCom (dettaglio.php?idnews) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability BvCom dettaglio.php?idnews AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.bvcom.it/ Persian Gulf 4 Ever! Dork : "Powered by: bvcom.it" "inurl:dettaglio.php?idnews="...
Apple Mac OS X / OS X Server multiple security vulnerabilities
Over 150 different vulnerabilities in system components and libraries...
BBcode XSS in MiniBB
Vulnerability ID: HTB22670 Reference: http://www.htbridge.ch/advisory/bbcodexssinminibb.html Product: MiniBB Vendor: MiniBB.com http://www.minibb.com/ Vulnerable Version: 2.5 Vendor Notification: 21 October 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor Alerted,...
Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities
netVigilance Security Advisory 11 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , htm...
Videolan vlc multiple security vulnerabilities
Buffer overflows on different video formats parsing...
[UNIX] YaPiG add_comment.php PHP Code Injection
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x00.txt.asc Date published: 2015-04-17 Vendors contacted:...
[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04471546 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04471546 Version: 1 HPSBHF03124 rev....
Vulnerability in EMURL-based e-mail providers
Affected Product: Emurl 2.0 For Windows NT 4.0 possibly others Product information: Emurl is web-based email host developped by SeattleLab. http://www1.seattlelab.com/emurl/ Impact: Users can access the mailbox's content of anybody on the system. They can also steal their POP passwords since Emur...
Apple Keynote, Pages, Numbers, iWork multiple security vulnerabilities
Restrictions bypass, memory corruptions...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CERT Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol SNMP Original release date: February 12, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file...
Pligg XSS and SQL Injection
Credit: Michael Brooks Bug Fix in 1.1.2: http://www.pligg.com/blog/1174/pligg-cms-1-1-2-release/ Special thanks to Eric Heikkinen for patching these quickly. Blind SQL Injection http://host/pligg1.1.2/search.php?adv=1&status= 'and+sleep9or+sleep9or+13D' &search=on&advancesearch= Search...
[Full-disclosure] ICMP Security Vulnerabilities - NEW (cough)
I know this is now even older news than it was when the recent flurry of discussion started last week, but I'm just getting around to sharing a bit of additional information on the subject. Regarding those three 3 "vulnerabilities" discussed by Fernando can't recall his last name, no offense mean...
deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability
========================================================== deV!Lz Clanportal 1.5.2 Remote File Include Vulnerability ========================================================== + deV!Lz Clanportal 1.5.2 Remote File Include Vulnerability...
[SEC] Hole in PHPLib 7.2 prepend.php3
The PHPLib Team announces phplib-7.2d, availible now. This release fixes the recently discovered hole in prepend.php3 that can allow a remote attacker to inject non-local code into any phplib based script. Please note that this affects all applications that depend on PHPLib. Some apps have decide...
smcFanControl for Mac OS X buffer overflow
Stack buffer overflow on -k command line option parsing...
[security bulletin] HPSBMU02994 rev.3 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04236062 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236062 Version: 3 HPSBMU02994 rev....
Multiple OpenSSH security vulnerabilities
Multiple different DoS conditions...
Zikula CMS v1.3.5 - Multiple Web Vulnerabilities
Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID: ==================================== 1114 Comm...
Skype DoS
Crash on parsing message with http://: URL from older application version...
[SA16337] Jax Guestbook Cross-Site Scripting and Information Disclosure
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...