47153 matches found
CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities
CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities Severity: Critical Versions Affected: Spring Framework: 3.0.0 to 3.0.5 Spring Security: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Several issues have been report...
ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability
ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-182 June 8, 2011 -- CVE ID: CVE-2011-0817 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracl...
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)
Multiple Vendors libc/fnmatch3 DoS incl apache poc Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 29.01.2011 - Pub.: 13.05.2011 CVE: CVE-2011-0419 CWE: CWE-399 Affected Software verified: - Apache 2.2.17 - NetBSD 5.1 - OpenBS...
cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977
Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ cforms WordPress Plugin Cross Site Scripting Vulnerability CVE-2010-3977...
[security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02518794 Version: 1 HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote URL Redirection NOTICE: The information in this Security Bulletin should be acte...
vBulletin - Critical Information Disclosure
Versions Affected: 3.8.6 Only! Info: Content publishing, search, security, and more—vBulletin has it all. Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money. Learn more about what makes vBulletin the choice for people who are serious about creating...
[security bulletin] HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager (SAM), Unintended Remote Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01367453 Version: 1 HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager SAM, Unintended Remote Access NOTICE: The information in this Security Bulletin should be acted upon...
mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability
hi mcGuestbook 1.2 lang Remote File Inclusion Vulnerability Found : Ghost Hacker R-H TeaM |, .-. .-. ,| HOME : www.Real-Hack.net | o/ o | Email : [email protected] |/ / | Script : mcGuestbook 1.2 Download Script : http://www.phpbank.net/admin/download.php?id=155 I love the Messenger of Allah...
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability
iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...
NULL pointer in Remotely Anywhere 8.0.668
Luigi Auriemma Application: Remotely Anywhere Server and Workstation http://www.remotelyanywhere.com Versions: = 8.0.668 Platforms: Windows Bug: NULL pointer Exploitation: remote Date: 08 Mar 2008 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code ...
INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT
---- INVISION POWER BOARD 2.1.7 EXPLOIT ... ITDefence.ru Antichat.ru INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION Eugene Minaev [email protected] / / . / /// // / / // / / / /// / / / / / // / / / / / / / / / / / / / / / / / // / / / / // / // / / / // 2007 //// // // // // / . -...
Powered By Dvbbs Version 7.1.0 Sp1 By Pass
By : Hasadya Raed Contact : [email protected] Israel -------------------------- Script : Dvbbs Version 7.1.0 Sp1 Dork : "Powered By Dvbbs Version 7.1.0 Sp1" -------------------------- Exploit : http://www.victim.com/Data/Dvbbs7.mdb...
Microsoft Security Bulletin MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Microsoft Security Bulletin MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution 925902 Published: April 3, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
XXS in script Phorum
======================================================================= title: XXS in script Phorum homepage: www.phorum.org found: 2007-02-25 by: Crackman ================================================= exemple: http://www.site.com/path/admin.php?upgradefile="scriptalertdocument.cookie;/script...
Cartweaver ColdFusion vuln.
Cartweaver ColdFusion vuln. Vuln. discovered by : r0t Date: 25 april 2006 vendorlink:www.cartweaver.com affected versions:2.16.11 and previous orginal advisory:http://pridels.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html Vuln. Description: 1. SQL Injection vuln. Cartweaver ColdFusion...
Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282)
Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer 867282 Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 200501-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Outlook Express and SPA (Secure Password Authentication)
Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A [email protected] Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user...
Minor bug in Pagelog.cgi
There is a small bug in PAGELOG.cgi by Metertek [email protected] which allows users to create and view files. Any file on the system with a '.log' extension readable by the uid/gid of the webserver can be viewed. In addition, two files with extensions of '.txt' and '.log' can be created in any...
Linux news 5.09.00
Linux 2.2.17 Вышло новое ядро из стабильной серии - 2.2.17 Подробнее: http://www.linux.org.uk/VERSION/relnotes.2217.html Linux 2.2.18pre3 Alan Cox выпустил 1-ю pre-версию "после-следующего" стабильного ядра Linux - 2.2.18. Работа над следующим стабильным ядром Linux, 2.2.17, закончилась на pre20,...
Redhat Linux 6.x remote root exploit
Hi, Included below is an exploit for the recently exposed linux rpc.statd format string vulnerability0. I have tailored it towards current Redhat Linux 6.x installations. It can easily be incorporated into attacks against the other vulnerable Linux distributions. I am not a security expert, but...
OS Command Injection in Vesta Control Panel
Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...
Kibana vulnerability CVE-2015-4093
Summary: Kibana versions 4.0.0, 4.0.1 and 4.0.2 are vulnerable to a cross-site scripting XSS attack. The attack allows execution of arbitrary JavaScript in the context of the user’s browser. We have been assigned CVE-2015-4093 for this issue. Fixed versions: Versions 4.0.3 and 4.1.0 have addresse...
[ MDVSA-2015:226 ] fcgi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:226 http://www.mandriva.com/en/support/security/ Package : fcgi Date : May 4, 2015 Affected: Business Server 1.0 Problem Description: Updated fcgi packages fix security vulnerability: FCGI does not perform...
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability
------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.1 restore.php OS Command Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: http://www.symantec.com/web-gateway/ - Affecte...
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability
Document Title: =============== Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1385 Release Date: ============= 2014-12-19 Vulnerability Laboratory ID VL-ID:...
python integer overflow
Integer overflow in buffer...
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7032 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...
ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities
ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...
[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() Signed Integer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...
Basic Forum by JM LLC - Multiple Vulnerabilities
Dear all, I have discovered some vulnerabilities in Basic Forum, developed by JM LLC. Cheers, Sp3ctrecore ADVISORY ================================================ Basic Forum by JM LLC - Multiple Vulnerabilities ================================================ Software................: Basic For...
APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 o...
Multiple Vulnerabilities in Linksys WAG200G
Device Name: Linksys WAG200G Vendor: Linksys/Cisco ============ Device Description: ============ The WAG200G is a Linksys Wireless-G ADSL Home Gateway which has a high-speed ADSL2+ modem that gives you a fast connection to the Internet. Source:...
Re: The history of a -probably- 13 years old Oracle bug: TNS Poison
I wanted to comment on the workarounds for this problem: 1 Setting SQLNET.ENCRYPTIONSERVER=REQUIRED on the server is not enough to protect you. To avoid "man in the middle" attacks, you need to have an SSL certificate on the server and SSLSERVERDNMATCH=TRUE in the client's sqlnet.ora. 2 Another w...
Novell Sentinel Log Manager <=1.2.0.1 Path Traversal
Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...
Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications
Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is...
PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability
------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...
Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Chrome Password Manager Cross Origin Weakness Release Date: 2010-02-15 Application: Google Chrome Web Browser Versions:...
[security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02000727 Version: 1 HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin shoul...
Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325)
Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer 976325 Published: December 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in...
Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others
Hi! I've just released the working exploit for CTXSYS.DRVXTABC.CREATETABLES injection on Oracle DB 9i/10g CVE-2009-1991 You can find the code on my site, http://rawlab.mindcreations.com In particular, Classic SQL injection:...
Microsoft Security Bulletin MS09-048 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
Microsoft Security Bulletin MS09-048 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution 967723 Published: September 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Transmission...
Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007
Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 Release Date. 17-Aug-2009 Last Update. - Vendor Notification Date. 15-Jun-2009 Product. Piwigo Platform. Independent Affected versions. 2.0.0 verified, possibly others Severity Rating. Medium Impact. Manipulation of data Attack...
cross site scripting the browser google "chrome"
autor : bikolinux Vuln: cross site scripting the browser google "chrome" Download: http://www.google.com/chrome error local EMAIL [email protected] [email protected] vercion test 2.0.172.37 cross site scripting the browser google "chrome" The error is when making a request to record path =...
XSS with mod_perl perl_status utility
Vulnerability found: 28th February 2009 Vendor informed: 1st March 2009 Advisory last updated: 1st March 2009 Severity: Medium/High Credits: Richard Brain of ProCheckUp Ltd www.procheckup.com CVE reference: CVE-2009-0796 BID: 34383 Many thanks to Torsten Foertsch for his kind assistance in fixing...
SASPCMS Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Content Management System . SASPCMS witc...
Re: Nokia N95-8 browser denial of service
Hi, Also crashes Firefox 3.06 latest, Stack overflow. to not be confused with stack buffer overflow Thu Feb 5 18:46:13.828 2009 GMT+1: 15d8.17ec: Stack overflow - code c00000fd first chance eax=077e4b80 ebx=00000000 ecx=077e4b60 edx=00000000 esi=00000000 edi=077e4b60 eip=604fcc8f esp=00032fa0...
Joomla Component mydyngallery
Joomla Component mydyngallery AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://mydyngallery.mon-cottenchy.fr DORK : inurl:option=commydyngallery Bug...
Maran PHP Blog Xss By Khashayar Fereidani
---------------------------------------------------------------- Script : Maran PHP Blog Type : XSS Pasive Method : GET Alert : Medium ---------------------------------------------------------------- Discovered by : Khashayar Fereidani a.k.a. Dr.Crash My Offical Website : HTTP://FEREIDANI.IR...
PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script
Update: To exploit this in both firefox and IE requires an extra char "=" in the end. Using the same PoC URL we get: https://target.tld/my.logon.php3?"/scripttextareaHTMLinjectiontest/textarea!--= Client environment: firefox 2.0.0.11 and IE 6.0.2900.2180 Ricardo Martins, CISA Security Consultant...