47153 matches found
Metrica Service Assurance Multiple Cross Site Scripting
Metrica Service Assurance Multiple Cross Site Scripting Author: Francesco Bianchino Email: [email protected] Title: Metrica Service Assurance Multiple Cross Site Scripting Vendor: IBM Summary Metrica Service Assurance Framework implements a distributed, object-oriented, J2EE-based architectur...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Advisory ID: cisco-sa-20081022-asa http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml Revision 1.0 For Public Release 2008 October 22 1600 UTC GMT Summary =====...
[Full-disclosure] PHP 5.2.6 chdir(), ftok() (standard ext) safe_mode bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.6 chdir,ftok standard ext safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.05.2008 - - Public: 17.06.2008 SecurityReason Research SecurityAlert Id: 55 CVE: CVE-2008-2666 CWE: CWE-264 SecurityRisk...
Alkacon OpenCms tree_files.jsp resource XSS
Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...
[Full-disclosure] Cross-site Scripting in EQDKP 1.3.2c and prior
In listmembers.php, $show fails to properly sanitize user-supplied input. It's non persistent XSS :-/ Example: $path-to-eqdkp/listmembers.php?show=223E3Cplaintext3E kefka kefka at kevinbeardsucks.com Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htm...
Rezervi Generic 0.9(root)Remote File Include Vulnerablities
Rezervi Generic 0.9rootRemote File Include Vulnerablities D.Script: http://www.rezervi.com/www/german/download/rezerviGenericV09.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/templates/datumVonDatumBis.inc.php?root=Shell...
Back-End CMS Database Tables v0.4.7 Cross Site Scripting
""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...
MySpeach <= 3.0.7 Remote/Local File Inclusion Vulnerability
/======================================= | Advisory :: MySpeach = 3.0.7 | +=======================================+--------------------------------------------------------------- | | | Download link : http://www.graphiks.net/scripts-php/script-7-1-0.html | | Official website : www.graphiks.net | ...
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-008.html March 2, 2007 -- CVE ID: CVE-2007-0774 -- Affected Vendor: Apache -- Affected Products: Tomcat JK Web Server Connector 1.2.19 Tomcat JK Web Server...
Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello - Cisco has posted a Security Response in reference to this issue at the following URL: http://www.cisco.com/warp/public/707/cisco-sr-20070129-vtp.shtml Cisco Response ============== An issue has been reported to the Cisco PSIRT involving...
Selenium FTP Server / Conxint FTP directory traversal
Directory traversal in different FTP commands...
Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability
Title : Property Pro v1.0 virLogin.asp Remote Login ByPass SQL Injection Vulnerability Author : ajann Example: http://target/path/admin/ UserName: ' union select 0,0 from admin """"""""""""""""""""" ajann,Turkey ... Im not Hacker!...
Jinzora <= 2.1 Remote File Inclusion
Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath. 'backend/classes.php'; exmple and...
Netscape Flash Player Arbitrary Code Execution Vulnerability
Description: Versions Netscape Browser 8.0.3.3 and Netscape 7.2 are vulnerable due to affected, default Flash Player version included during installation process. File NPSWF32.dll Flash v7.0.19.0 is copied to C:Program FilesNetscapeNetscape Browserplugins and C:Program FilesNetscapeNetscapeplugin...
Mozilla cleartext credentials leak bug report to excuse myself (Re[2]: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein)
Dear Amit Klein AKsecurity, --Tuesday, July 19, 2005, 10:22:59 PM, you wrote to [email protected]: AKA For example, no-one expects NTLM auth to protect data in transit. Actually, it may with NTLM Session Security. AKA Few years ago Internet Explorer was patched to use NTLM authentication on...
Run any OS Command via unauthorized Oracle Forms
Name Run any OS Command via unauthorized Oracle Forms Systems Affected Oracle Web Forms 4.5, 5.0, 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 18 July 2005 V 1.00 Advisory...
Multiple cups bugs
Empty packet to UDP/631 causes browsing service to fail. Foomatic printers driver code execution, information leak from log files...
Cyberscheduler remote root compromise
====================================================================== Defcom Labs Advisory def-2000-18 Cyberscheduler remote root/execution compromise Author: Enrique A. Sanchez Montellano [email protected] Release Date: 2001-04-17...
[USN-2639-1] OpenSSL vulnerabilities
========================================================================== Ubuntu Security Notice USN-2639-1 June 11, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities
Exploit Title: Landesk Management Suite RFI and CSRF vulnerabilities Product: Landesk Management Suite Vulnerable Versions: 9.5 and possible previous versions, 9.6 Tested Version: 9.5 Advisory Publication: 16/04/2015 Latest Update: 16/04/2015 Vulnerability Type: Cross-site request forgery CWE-352...
ProFTPD unauthorized files access
Unauthorized files copy via modcopy...
Two XSS vulnerabilities in Simple Security WordPress Plugin
Advisory ID: HTB23244 Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 without technical details Vendor Notification: December 17, 2014 Public Disclosure: January 14, 2015...
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apachemodphp Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple...
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
Quarterly update fixes 144 different vulnerabilities...
Synology DiskStation Manager code execution
Code execution via web interface...
[ MDVSA-2014:065 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:065 http://www.mandriva.com/en/support/security/ Package : apache Date : March 20, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and...
SQL Injection in JV Comment Joomla Extension
Advisory ID: HTB23195 Product: JV Comment Joomla Extension Vendor: joomlavi.com Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2, 2014 Vendor Patch: January 14, 2014 Public Disclosure...
[security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03996804 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03996804 Version: 1 HPSBHF02939 rev....
HP Intelligent Management Center multiple security vulnerabilities
Code execution, authentication bypass, SQL injection, unauthorized access...
Drupal Node View Permissions module and Flag module Vulnerabilities
The drupal security team has released the following security advisories. https://drupal.org/node/2076315 https://drupal.org/node/2076221 Regards, Daniel http://www.itsecuritycenter.com/...
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
Approx. 90 of diffent vulnerabilities in different applications...
VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060)
VUPEN Security Research - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free CVE-2012-1856 / MS12-060 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems a...
b2ePMS 1.0 Authentication Bypass Vulnerability
b2ePMS 1.0 Authentication Bypass Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor Information: "b2ePMS stands for Browser to Email Phone Message System. It is intended to replace the standard paper/carbon phone message slips commonly used in offices, with the capability o...
Mozilla Foundation Security Advisory 2011-46
Mozilla Foundation Security Advisory 2011-46 Title: loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 3.6.24 Thunderbird 3.1.16 Description Mozilla security research...
Sana Net (viewpages.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Sana Net viewpages.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.sana-net.com/ Persian Gulf 4 Ever! Dork : inurl:"viewpages.php?id=" " " Exploite:...
HTB22944: Path disclousure in ZENphoto
Vulnerability ID: HTB22944 Reference: http://www.htbridge.ch/advisory/pathdisclousureinzenphoto.html Product: ZENphoto Vendor: Zenphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech...
[SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0013 Apache Tomcat Manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.5 - - Tomcat 6.0.0 to 6.0.29 - - Tomcat 5.5.0 to 5.5.31 - - Earlier, unsupported versions may also be...
BBcode XSS in eoCMS
Vulnerability ID: HTB22677 Reference: http://www.htbridge.ch/advisory/bbcodexssineocms.html Product: eoCMS Vendor: eocms.com http://eocms.com Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor Alerted, Awaiting...
[ MDVSA-2010:115 ] perl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:115 http://www.mandriva.com/security/ Package : perl Date : June 11, 2010 Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: Multiple...
GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability
======================================================== GR Board v1.8.6.1 stab page.php?theme Remote File Inclusion Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 ...
MKPortal lenta module XSS Vulnerability
======================================= MKPortal lenta module XSS Vulnerability ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// // // // // //...
Harris Stratex StarMAX subscriber station running config CSRF exploit
===================================================================== Harris Stratex StarMAX subscriber station running config CSRF exploit ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / ...
[ MDVSA-2009:284 ] gd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:284 http://www.mandriva.com/security/ Package : gd Date : October 20, 2009 Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: A...
[ MDVSA-2009:203 ] curl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:203 http://www.mandriva.com/security/ Package : curl Date : August 15, 2009 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: A...
phpList vulnerability
phpList is a feature rich newsletter application written in PHP. phpList has a local file include vulnerability. The vulnerability has already been exploited. affected versions: any version up to including 2.10.7 fixed in version 2.10.8 Related links: www.phplist.com phpList homepage...
ASP-CMS v.1.0 Sql Injection/Database Disclosure
ASP-CMS v.1.0 Sql Injection/Database Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
BosNews v4.0 Remote add user admin
-------------------------------------------------------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo ---------------------------------------------------------...
Mozilla Foundation Security Advisory 2007-18
Mozilla Foundation Security Advisory 2007-18 Title: Crashes with evidence of memory corruption Impact: Critical Announced: July 17, 2007 Reporter: Mozilla developers and community Products: Firefox, Thunderbird and Seamonkey Fixed in: Firefox 2.0.0.5, Thunderbird 2.0.0.5 Description As part of th...
HP JetDirect and HP printers buffer overflow
Buffer overflow in LIST, NLIST and RETR command of built-in FTP server...
[Full-disclosure] Multiple SQL Injection bugs in TCS website
Hello list, The website of TCS Tata Consultancy Services is prone to multiple SQL injection bugs. I already sent them an email back in December 2006. They have not fixed the bug just yet, so Iam going to disclose the details here. http://kishfellow.blogspot.com The scripts are prone to multiple...