47153 matches found
iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability
iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND MobileSafari is Apple's mobile we browser for iOS devices. For more information about MobileSafari, please the visit following website:...
bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability bizConsulting prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.bizconsulting.it/ Persian Gulf 4 Ever! Dork : "Powered by: bizConsulting"...
[ MDVSA-2011:126 ] java-1.6.0-openjdk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:126 http://www.mandriva.com/security/ Package : java-1.6.0-openjdk Date : August 15, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities were discovered and...
ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability
ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-115 April 1, 2011 -- CVSS: 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM solidDB -- TippingPointTM IPS Customer...
MKPortal lenta module XSS Vulnerability
======================================= MKPortal lenta module XSS Vulnerability ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// // // // // //...
Code to mitigate IE event zero-day (CVE-2010-0249)
Here's a mitigation for the CVE-2010-0249 IE createEventObject srcElement zero-day. Quite simply, it just disables the createEventObject method by mangling its name in memory. If anyone knows an important web application that uses createEventObject, please respond to the mailing list. Use this co...
0day vulnerability Sogou input method to obtain system privileges
0day vulnerability Sogou input method to obtain system privileges Vulnerability: Do not intend to found a very serious vulnerability, and the year 3389 input loophole similar.However, no system was not being loaded does not affect input method logged in system. If the remote server installed ,...
OSCommerce Session Fixation Vulnerability
There is a flaw in the way OSCommerce handles sessions. When a client visits a OSCommerce web page, the server sends a cookie. That cookie will be the session cookie for every further requests. Thus, once logged in, the cookie will be used to authenticate the user. When logging in without cookies...
ASP-CMS v.1.0 Sql Injection/Database Disclosure
ASP-CMS v.1.0 Sql Injection/Database Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Advisory ID: cisco-sa-20081022-asa http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml Revision 1.0 For Public Release 2008 October 22 1600 UTC GMT Summary =====...
aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
Discovered By : Arsalan Emamjomehkashan aeries browser interfaceABI 3.8.3.14 Remote SQL Injection Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp...
Alkacon OpenCms tree_files.jsp resource XSS
Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...
[ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability
ECHOADV86$2007 ----------------------------------------------------------------------------------------- ECHOADV86$2007 Mambo/Joomla Component rsgallery = 2.0 beta 5 catid Remote SQL Injection Vulnerability -----------------------------------------------------------------------------------------...
Mozilla Foundation Security Advisory 2007-25
Mozilla Foundation Security Advisory 2007-25 Title: XPCNativeWrapper pollution Impact: Moderate Announced: July 17, 2007 Reporter: shutdown and mozbugra4 Products: Firefox Fixed in: Firefox 2.0.0.5 Description shutdown and mozbugra4 reported two separate ways to modify an XPCNativeWrapper such th...
SHTTPD V1.38 server source code disclosure
SHTTPD V1.38 server source code disclosure ------------------------------------ link:http://shttpd.sourceforge.net/ info: The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files...
SQL-Injection in IP-TRACKING Mod for phpBB2.0.x
Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which logs all Page hits the user of the Boards do including Referer, IP and Username. It contains a SQL-Injection on Admin-Level. You can get it from: http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&start=0 Steps t...
Back-End CMS Database Tables v0.4.7 Cross Site Scripting
""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...
Microsoft Windows animated cursors buffer overflow
Stack buffer overflow stack overrun is actively used for hidden malware installation...
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-008.html March 2, 2007 -- CVE ID: CVE-2007-0774 -- Affected Vendor: Apache -- Affected Products: Tomcat JK Web Server Connector 1.2.19 Tomcat JK Web Server...
CodeAvalanche News SQL Injection
CodeAvalanche News SQL Injection Software: CodeAvalanche News Download: http://www.aspindir.com/indir.asp?id=3315 Risk: High Found by: beks http://target/path/inclistnews.asp?CATID=17+union+select+0,0,0,0,Password+from+Params...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Jinzora <= 2.1 Remote File Inclusion
Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath. 'backend/classes.php'; exmple and...
Internet Explorer wininet.dll URL parsing memory corruption details
Vendor: Microsoft Software: Internet Explorer 6.0, 5.5, 5.01 Problem: Memory corruption, code execution Remote: Yes Risk Level: Medium to low hard to exploit Authors: Axle ICQ 755756 bug discovery 3APA3A, http://www.security.nnov.ru/ bug research Original URL:...
Multiple cups bugs
Empty packet to UDP/631 causes browsing service to fail. Foomatic printers driver code execution, information leak from log files...
US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Microsoft Products Original release date: April 13, 2004 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call RPC and Distributed Component Object Mod...
Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator
Post date: 05/22/01 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator Overview A potential security vulnerability has been discovered in Applications Desktop Integrator ADI version 7.X for Oracle E-Business Suite Release 11i. A debug version of the FNDPUB11I.DLL...
Ошибки в Cisco 600 (TCP/IP stack problems)
Различные ошибки реализации стека TCP/IP...
Cyberscheduler remote root compromise
====================================================================== Defcom Labs Advisory def-2000-18 Cyberscheduler remote root/execution compromise Author: Enrique A. Sanchez Montellano [email protected] Release Date: 2001-04-17...
Security Hole In Shareplex
Security Hole in Shareplex 2.x ------------------------------ Summary ------- Shareplex Quest Software's product for Oracle database replication contains a security hole which can allow local users to read any file on the system, effectively bypassing the permissions set at the OS level. Details...
Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability USSR Advisory Code: USSR-2000047 Release Date: June 16, 2000 Systems Affected: Small HTTP Server ver. 1.212 maybe others THE PROBLEM The Ussr Labs team has recently discovered a buffer...
[USN-2639-1] OpenSSL vulnerabilities
========================================================================== Ubuntu Security Notice USN-2639-1 June 11, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ProFTPD unauthorized files access
Unauthorized files copy via modcopy...
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL :...
TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack
NCCIC / US-CERT National Cyber Awareness System: TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack 10/17/2014 12:27 PM EDT Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer SSL 3.0 with cipher-block chaining CBC mode...
Linux kernel multiple security vulnerabilities
Memory corruptions in STCP, DCCP and CIFS, KVM and pseudo tty privilege escalations, DoS...
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...
SQL Injection in appRain
Advisory ID: HTB23177 Product: appRain Vendor: appRain Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: October 9, 2013 without technical details Vendor Notification: October 9, 2013 Public Disclosure: November 6, 2013 Vulnerability Type: SQL Injection...
[security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03996804 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03996804 Version: 1 HPSBHF02939 rev....
Drupal Node View Permissions module and Flag module Vulnerabilities
The drupal security team has released the following security advisories. https://drupal.org/node/2076315 https://drupal.org/node/2076221 Regards, Daniel http://www.itsecuritycenter.com/...
Oracle Java multiple security vulnerabilities
40 different vulnerabilities...
SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness
SEC Consult Vulnerability Lab Security Advisory 20130805-0 ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production...
Microsoft Windows multiple security vulnerabilities
Multiple vulnerabilities in .Net and Silverlight, multiple kernel components vulnerabilities, GDI+ TrueType parsing memory corruption, DirectShow memory corruption, VMW parsing memory corruption, multiple Internet Explorer memory corruption, Windows Defender privilege escalation...
Re: Cisco/Linksys E1200 N300 Reflected XSS
Mitre has assigned the following CVE for this issue: CVE-2013-2679 On Mon, Apr 29, 2013 at 12:27 AM, Carl Benedict [email protected] wrote: Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently...
Microsoft Windows multiple security vulnerabilities
Multiple privilege escalations in kernel, CSRSS and drivers...
[USN-1779-1] GNOME Online Accounts vulnerability
========================================================================== Ubuntu Security Notice USN-1779-1 March 25, 2013 gnome-online-accounts vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Stored XSS in Terillion Reviews Wordpress Plugin
CVE Assigned-CVE-2013-2501 Exploit Title : Stored XSS in Terillion Reviews Plugin Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 08/03/13 Software link: http://wordpress.org/extend/plugins/terillion-reviews/ The Terillion Reviews Plugin in Wordpress...
[SECURITY] [DSA 2620-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2620-1 [email protected] http://www.debian.org/security/ Florian Weimer February 12, 2013 http://www.debian.org/security/faq -...
CVE-2012-4534 Apache Tomcat denial of service
CVE-2012-4534 Apache Tomcat denial of service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.27 - Tomcat 6.0.0 to 6.0.35 Description: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading...
VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060)
VUPEN Security Research - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free CVE-2012-1856 / MS12-060 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems a...