Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/08/01 12:0 a.m.901 views

Solutiontech (product.php?cat_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Solutiontech product.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.solutiontechindia.com/ Persian Gulf 4 Ever! Dork : "Powered by Solutiontech"...

3.7AI score
Exploits0
securityvulns
securityvulns
added 2003/12/27 12:0 a.m.892 views

CGI bugs

No description provided...

1.4AI score
Exploits0References14Affected Software7
securityvulns
securityvulns
added 2015/10/11 12:0 a.m.879 views

ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage Author: Jerzy Patraszewski Date: 10 July 2015 Affected software : =================== ZTE GPON: F427 Version: V3.0 Firmware Image:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2014/07/21 12:0 a.m.874 views

transmission memory corruption

Memory corruption on bittorrent packets parsing...

6.8CVSS4AI score0.05406EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2010/10/11 12:0 a.m.874 views

XSS vulnerability in Expression CMS

Vulnerability ID: HTB22617 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinexpressioncms.html Product: Expression Vendor: Backbone Technology http://www.backbonetechnology.com Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 22 September 2010...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/11/18 12:0 a.m.862 views

Dahua DVR Authentication Bypass - CVE-2013-6117

Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd. http://www.dahuasecurity.com --Affects-- Dahua web-enabled DVRs Dahua-rebranded web-enabled...

10CVSS7.6AI score0.70713EPSS
Exploits6
securityvulns
securityvulns
added 2008/05/20 12:0 a.m.858 views

AppServ Open Project < = 2.5.10 Remote XSS Vulnerability

========================================================== AppServ Open Project = 2.5.10 Remote XSS Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 19 May 2008 SITE : www.citec.us APPLICATION : AppServ Open Project VERSION : = 2.5.10 VENDOR...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.849 views

security bulletin] HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04263038 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04263038 Version: 2 HPSBST03016 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2006/11/17 12:0 a.m.844 views

ASP Cart [multiples injection sql (post & get)]

vendor site: http://www.aspcart.com product: ASP Cart bug: multiples injection sql post & get global risk: high ! injection get : http://site.com/prodetails.asp?prodid='sql injection post : 1http://site.com/display.asp Variables: /display.asp?page='sql 2http://site.com/addcart.asp Variables:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/06/27 12:0 a.m.837 views

error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 errorlog Safe Mode Bypass PHP 5.1.4 and 4.4.2 Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 10.6.2006 - -Public: 26.06.2006 from SECURITYREASON.COM CVE-2006-3011 - --- 0.Description --- PHP is an HTML-embedded scripting language. Much of i...

4.6CVSS6AI score0.01342EPSS
Exploits2
securityvulns
securityvulns
added 2003/03/22 12:0 a.m.837 views

HyperBook Guestbook

Product : HyperBook Guestbook Version : 1.12 WebSite : http://diamond-back.com Problem : phpinfo Description: ------------ phpinfo.php =========== ?php phpinfo; ? =========== Exploit: -------- http://somehost/book/phpinfo.php...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.833 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.1CVSS1.5AI score0.07506EPSS
Exploits3References8Affected Software6
securityvulns
securityvulns
added 2005/01/13 12:0 a.m.827 views

[SA13795] Guestserver "message" Script Insertion Vulnerability

TITLE: Guestserver "message" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA13795 VERIFY ADVISORY: http://secunia.com/advisories/13795/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of system information WHERE: From remote SOFTWARE: Guestserver 5.x...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/03/15 12:0 a.m.825 views

[USN-2523-1] Apache HTTP Server vulnerabilities

========================================================================== Ubuntu Security Notice USN-2523-1 March 10, 2015 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS1.2AI score0.60205EPSS
Exploits2
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.825 views

Multiple XSS in WP-Stats-Dashboard

Vulnerability ID: HTB23035 Reference: http://www.htbridge.ch/advisory/multiplexssinwpstatsdashboard.html Product: WP-Stats-Dashboard Vendor: Dave Ligthart http://www.daveligthart.com Vulnerable Version: 2.6.5.1 and probably prior Tested on: 2.6.5.1 Vendor Notification: 27 July 2011 Vulnerability...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/04/05 12:0 a.m.822 views

jevoncms (LFI/RFI) Multiple Vulnerabilities

jevoncms LFI/RFI Multiple Vulnerabilities +Title : jevoncms libdir Multiple Vulnerability +Version: - +Download: http://sourceforge.net/projects/jevoncms/files/ +Author: eidelweiss +Contact: eidelweissatcyberservicesdotcom !Thanks To: all friends -= Vuln C0de =- - jevoncms/php/main/jevoncms.php...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/11/19 12:0 a.m.820 views

FairSoft S.Mini web Busines Prelease & Calendar asp Sql injection

thnx bro FairSoft S.Mini web Busines Prelease Calendar asp Sql injection include patch...ocf,ns ocf/Calendar/ViewEvent.asp,ns/Calendar/ViewEvent.asp,aboutus/newsroom/ViewPressRelease.asp Credit : CodeXpLoder'tq Mail : codexploderathotmaildotcom Site : codexploder.biyosecurity.net,biyofrm.com Sour...

Exploits0
securityvulns
securityvulns
added 2008/01/21 12:0 a.m.815 views

boastMachine <=3.1 SQL Injection Vulnerbility

...:::::boastMachine =3.1 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/09/09 12:0 a.m.807 views

Editel (news-dettaglio.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Editel news-dettaglio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.editeltn.it/ Persian Gulf 4 Ever! Dork : "Realizzazione sito: Editel"...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2007/04/12 12:0 a.m.799 views

PunBB <= 1.2.14 Multiple Vulnerabilities (Advisory)

Title: PunBB = 1.2.14 Multiple Vulnerabilities Author: DarkFig gmdarkfig at gmail dot com Written on: 2007/04/08 Released on: 2007/04/11 Risk level: High URL: http://www.acid-root.new.fr/advisories/13070411.txt Summary: SQL Injection, Cross site scripting, Code execution Solution: A new version o...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2001/05/27 12:0 a.m.798 views

GuildFTPD v0.97 Directory Traversal / Weak password encryption

GuildFTPD v0.97 Directory Traversal / Weak password encryption AFFECTED SYSTEMS GuildFTPD v0.97 tested on Windows 9x, probably works on NT / 2k as well DESCRIPTION 1 Directory Traversal Consider the following FTP session I'm using windows' FTP.EXE proggie, and its associated commands : The...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2008/05/25 12:0 a.m.797 views

dzoic handshakes sql injection >> index.php on $fname

By :s3rv3rhack3rAli Jasbi From hackerz.ir vendro : dzoic.com version : all risk : high bug : http://Victim/dzoic/index.php?handler=search&action=perform&searchtype=members&fname=Sql...

1AI score
Exploits0
securityvulns
securityvulns
added 2008/01/25 12:0 a.m.794 views

[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure)

WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CandyPress eCommerce suite Vendor: http://www.candypress.com/ Bugs: SQL Injection + XSS + Path Disclosure in CandyPress Vulnerable Version: 4.1.1.26 Exploit: Available Fix Available: Yes!, Update to 4.1.1.27...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/04/16 12:0 a.m.781 views

Apache multiple security vulnerabilities

modheaders restrictions bypass, modcache DoS, modlua restrictions bypass and DoS, modproxyfcgi DoS, modgnutls restrictions bypass...

5CVSS2.3AI score0.60205EPSS
Exploits2References4Affected Software1
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.781 views

Mambo com_cropimage 1.0 Component Remote Include Vulnerability

C Y B E R - W A R R I O R T I M Mambo comcropimage 1.0 Component Remote Include Vulnerability Author: XORON Class: Remote cont@ct: x0r0nathotmaildotcom Code: in admin.cropcanvas.php , line 7 requireonce $cropimagedir."class.cropinterface.php"; Fix: 1-open admin.cropcanvas.php 2-add this code befo...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/08/15 12:0 a.m.765 views

Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities

C Y BE R - W A R R i O R T I M Joomla Webring Component componentdir Remote File Inclusion Vulnerabilities Author: xoron Class : Remote cont@ct: x0r0nathotmaildotcom Code: in admin.webring.docs.php, line 12 requireonce $componentdir. "mungdocs.class.php"; Google dork: inurl:comwebring Exploit:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/12/21 12:0 a.m.764 views

Real Player multiple security vulnerabilities

Buffer overflows on RA5, RealMedia, AAC etc...

9.3CVSS3.7AI score0.04432EPSS
Exploits0References10Affected Software2
securityvulns
securityvulns
added 2010/11/04 12:0 a.m.758 views

SQL injection in SweetRice CMS

Vulnerability ID: HTB22667 Reference: http://www.htbridge.ch/advisory/sqlinjectioninsweetricecms.html Product: SweetRice CMS Vendor: basic-cms.org http://www.basic-cms.org/ Vulnerable Version: 0.6.7 Vendor Notification: 21 October 2010 Vulnerability Type: SQL Injection Status: Fixed by Vendor Ris...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2009/05/15 12:0 a.m.758 views

MULTIPLE SQL INJECTION VULNERABILITIES --Shutter v-0.1.1-->

------------------------------------------------------------- MULTIPLE SQL INJECTION VULNERABILITIES --Shutter v-0.1.1-- ------------------------------------------------------------- CMS INFORMATION: --WEB: http://shutter.tenfourzero.net/ --DOWNLOAD: http://shutter.tenfourzero.net/ --DEMO:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/04/15 12:0 a.m.756 views

Web Wiz Site News realease v3.06 administration access.

Date: 14.04.2003 Subject: Web Wiz Site News realease v3.06 administration access. Description: Free asp news management system. Includes, simple intergration, short news item with link to full story, insert images, links, text formatting, user commentsoptional with email notification, anti-spam...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/12/29 12:0 a.m.749 views

BF and XSS vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Brute Force and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 IP camera. If previous Path Traversal and Full path disclosure vulnerabilities were post-auth, then these BF and XSS vulnerabilities are pre-auth. ------------------------- Affected products:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.748 views

VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own)

VUPEN Security Research - Google Chrome Clipboard Format Processing Sandbox Escape Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Google Chrome is a freeware web browser developed by Google. Chrome version 28 and beyond uses the WebK...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.747 views

McAfee Web Gateway URL Filtering Bypass

Exploit Title: McAfee Web Gateway URL Filtering Bypass Date: 16/04/2012 Author: Gabriel Menezes Nunes Version: McAfee Web Gateway Tested on: McAfee Web Gateway 7.0 CVE: CVE-2012-2212 I found a vulnerability in McAfee Web Gateway 7 that allows access to filtered sites. The appliance believes in th...

5CVSS0.01445EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.742 views

Lychee 2.7.1 remote code execution

Advisory ID: SGMA15-002 Title: Lychee remote code execution Product: Lychee Version: 2.7.1 and probably prior Vendor: lychee.electerious.com Vulnerability type: Remote Code Execution Risk level: High Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-04-12 Vendor...

1AI score
Exploits0
securityvulns
securityvulns
added 2001/05/03 12:0 a.m.742 views

Advisory CA-2001-09

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Numbers Original release date: May 01, 2001 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Systems using TCP stacks...

7.5CVSS7.9AI score0.30873EPSS
Exploits1
securityvulns
securityvulns
added 2014/10/13 12:0 a.m.738 views

CA20141001-01: Security Notice for Bash Shellshock Vulnerability

CA20141001-01: Security Notice for Bash Shellshock Vulnerability Issued: October 01, 2014 Updated: October 03, 2014 CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE...

10CVSS9.2AI score0.99999EPSS
Exploits157
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.738 views

Image_Upload Script Remote File Inclusion Exploit Free Image Hosting 2.0

Baslik :ImageUpload Script Remote File Inclusion Exploit Free Image Hosting 2.0 .ndir : http://free-php-scripts.net/scripts/ImageUpload.zip Bulan :CrackersChild Zay.flk : tddiv align="center"?php include$ADBODYTEMP;?/div/td Exploit : www.site.com/imageuploadpath/login.php?ADBODYTEMP=Shell? :...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/10/21 12:0 a.m.730 views

[Xss] IN SMF 1.1 RC2

InFo ----- Site : www.simplemachines.org Dork : Powered by SMF 1.1 RC2 File : index.php? By : b0rizQ E-Mail : TheFreEKernEl at b0rizQ dot nET email concealed -------------------------------- Xss www.traget.com/index.php?action=login2"scriptalert'xss-by-b0rizQ' /script...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/10/13 12:0 a.m.730 views

Google Earth buffer overflow

Buffer overflow on .kml and .kmz files...

3.4AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2008/02/03 12:0 a.m.724 views

ITech Classifieds Multiple Remote Vulnerabilities

Title : ITech Classifieds Multiple Remote Vulnerabilities Author : CrackersChild Bug : SQL Injection + XSS Demo : http://itechclassifieds.com/demo/ Exp : /ViewCat.php?CatID=scriptAlertdocument.cookie/script Exp : /ViewCat.php?CatID=SQL Injection / Greetz : www.aq.com www.sibersavascilar.com...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2014/10/05 12:0 a.m.723 views

the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability CVE-2014-6271, you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the...

10CVSS7.9AI score0.99999EPSS
Exploits157
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.719 views

[security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04260637 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260637 Version: 1 HPSBST03000 rev....

5CVSS0.3AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2000/09/21 12:0 a.m.719 views

RE: Re[3]: Possible Exchange 5.5 Server DoS [msrc 421]

Hello 3APA3A, Thanks again for your note. Due to the timeframe of Exchange SP4 we will including a fix for this issue in that Service Pack. If you want any future status on this issue please refer to MSRC 421. Regards, [email protected] -----Original Message----- From: 3APA3A...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2005/01/18 12:0 a.m.717 views

[Full-Disclosure] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability

Application: Gallery Vendors: http://gallery.sourceforge.net Versions: v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Platforms: Windows Bug: Cross Site Scripting Vulnerability Exploitation: Remote With Browser Date: 17 Jan 2005 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Website:...

Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.715 views

Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Dat...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/11/26 12:0 a.m.710 views

libproxy buffer overflow

Integer overflow on Content-Length parsing leads to buffer overflow, buffer overflow on proxy.pac parsing...

10CVSS5.4AI score0.03476EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2000/06/16 12:0 a.m.705 views

Linux news 16.06.00

SCO планирует выпускать свой собственный дистрибутив Linux. По-моему сейчас не делает свои дистрибутивы Linux только ленивый. Лучше бы был один, но отличный. Подробнее: http://slashdot.org/articles/00/06/13/127228.shtml Интервью с Аланом Коксом На LinuxJournal выложено интервью с одним из главных...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2006/08/15 12:0 a.m.704 views

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...

Exploits0
securityvulns
securityvulns
added 2012/11/18 12:0 a.m.703 views

XSS vulnerability in web applications with swfupload: AionWeb, Magento, Liferay Portal, SurgeMail, symfony.

Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in Dotclear, InstantCMS, AionWeb, Dolphin and that this hole is available in many other web applications. In previous letter I've wrote concerning web...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/05/12 12:0 a.m.699 views

Переполнение буфера в Outlook Express

Переполнение буфера, при длинном MIME-поле filename для прикрепленных файлов графических форматов...

0.7AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities5000