47153 matches found
[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03684249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03684249 Version: 1 HPSBPI02851...
Multiple Vulnerabilities in Linksys E1500/E2500
Device Name: Linksys E1500 / E2500 Vendor: Linksys ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E1500 to sha...
Kohana Framework v2.3.3 - Directory Traversal Vulnerability
Title: ====== Kohana Framework v2.3.3 - Directory Traversal Vulnerability Date: ===== 2013-01-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=841 VL-ID: ===== 837 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: ============...
ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities
ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: All versio...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SE-2012-01] New security issue affecting Java SE 7 Update 7
Hello All, Yesterday, an out-of-band patch was released by Oracle 1, which among other things incorporated fixes for the issues exploited by the recent Java SE 7 attack code ClassFinder / MethodFinder bugs. One of the fixes incorporated in the released update also addressed the exploitation vecto...
[SECURITY] [DSA 2522-1] fckeditor security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2522-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez August 05, 2012 http://www.debian.org/security/faq -...
CakePHP 2.x-2.2.0-RC2 XXE Injection
Exploit title: CakePHP XXE injection Date: 01.07.2012 Software Link: http://www.cakephp.org Vulnerable version: 2.x - 2.2.0-RC2 Tested on: Windows and Linux Author: Pawel Wylecial http://h0wl.pl 1. Background Short description from the project website: "CakePHP makes building web applications...
'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
'PHP Grade Book' Unauthenticated SQL Database Export CVE-2012-1670 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by...
NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...
Microsoft Anti-XSS Library Bypass (MS12-007)
Introduction ------------- Microsoft Anti-XSS Library is used to protect applications from Cross-Site Scripting attacks, by providing methods for input sanitization. Vulnerability ------------- Microsoft Anti-XSS Library 3.0 and 4.0 are vulnerable to an attack in which an attacker is able to crea...
OpenKM 5.1.7 OS Command Execution (XSRF based)
COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...
Multiple vulnerabilities in Browser CRM
Vulnerability ID: HTB23059 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinbrowsercrm.html Product: Browser CRM Vendor: BrowserCRM Limited http://www.browsercrm.com Vulnerable Version: 5.100.01 and probably prior Tested Version: 5.100.01 Vendor Notification: 23 November 2011...
Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress 1-jquery-photo-gallery-slideshow-flash plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities...
FootBall Cms (view_table_lig.php?group) XSS Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD XSS Vulnerability FootBall Cms viewtablelig.php?group AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "inurl:viewtablelig.php?group=" Exploite: www.victim.com/viewtablelig.php?group=1&namelig=XSS...
[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Se
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02738731 Version: 1 HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager SIM for HP-UX, Linux, and Windows, Remote Cross Site Scripting XSS, Cross Site Request Forgery CSRF, Execution of...
StartSite.ir Cross-site Scripting Vulnerability
------------In The Name Of God------------ StartSite.ir Cross-site Scripting Vulnerability AUTHOR: md.r00t Mail: [email protected] Website: www.r00t.gigfa.com Forum: http://ajaxtm.com/forum Google D0rk: "Powered by StartSite.ir" xss EXPLOIT: scriptalert/0//script script...
HTB22912: Multiple SQL Injections in Eleanor CMS
Vulnerability ID: HTB22912 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsineleanorcms.html Product: Eleanor CMS Vendor: Eleanor CMS http://eleanor-cms.ru/ Vulnerable Version: rc5 Vendor Notification: 22 March 2011 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk...
Majordomo2 - Directory Traversal (SMTP/HTTP)
Original Advisory: https://sitewat.ch/en/Advisory/View/1 Credit: Michael Brooks https://sitewat.ch Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: http://www.mj2.org/ Affected Build: 20110121 and prior Special thanks to Dave Miller, Reed Loden and the rest...
Microsoft IIS 6 parsing directory “x.asp” Vulnerability
Microsoft IIS 6 parsing directory Vulnerability Discovered by: Pouya daneshmand whhiranATyahooDOTcom http://securitylab.ir/blog Introduction: Using this vulnerability you can bypass some Security filters, for example a file with “.jpg” or “.rar” extension can be executed as an asp Active Server...
vBulletin 4.0.8 - Persistent XSS via Profile Customization
vBulletin - Persistent Cross Site Scripting via Profile Customization Versions Affected: 4.0.8 3.8. is not vulnerable. Info: Content publishing, search, security, and more— vBulletin has it all. Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money...
MKPortal Recommend module XSS Vulnerability
=========================================== MKPortal Recommend module XSS Vulnerability =========================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// //...
Tinypug Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: Tinypug Multiple Vulnerabilities Vendor: http://platformassociates.com/ project hosted at http://code.google.com/p/tinypug/ Vulnerable Version: 0.9.5 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Tinypug is a...
[ISecAuditors Security Advisories] WP-Forum <= 2.3 SQL Injection vulnerabilities
============================================= INTERNET SECURITY AUDITORS ALERT 2009-010 - Original release date: September 28th, 2009 - Last revised: December 15th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3703 - Severity: 8.5/10 CVSS Base Score...
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-079 November 4, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPointTM IPS Customer Protection: TippingPoint IPS...
Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point. Aruba Advisory ID: AID-102609 Revision: 1.0 For Public Release on 10/26/2009...
net2ftp <= 0.97 Cross-Site Scripting/Request Forgery
=cicatriz [email protected]==advisories= / / / / // / / // / o / / .-/ =net2ftp = 0.97 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: net2ftp = 0.97 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-0804 Advisory URL:...
PHP pro bid v 6.04 SQL injection
Affected software: PHP pro bid v 6.04 as at 2008-09-11 Vendor description: The Leading Proffessional sic Auction Script Software available online today written in PHP/ Mysql Impact: SQL injection Description: categories.php and other pages of php pro bid accept user-supplied order-by and ASC/DESC...
ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-055 September 9, 2008 -- CVE ID: CVE-2008-3015 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows XP Microsoft Windows Server 2008 Microsoft Windows...
Mozilla Foundation Security Advisory 2008-15
Mozilla Foundation Security Advisory 2008-15 Title: Crashes with evidence of memory corruption rv:1.8.1.13 Impact: Critical Announced: March 25, 2008 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.13 Thunderbird 2.0.0.13 SeaMonkey 1.1....
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14
waraxe-2008-SA066 - Multiple Vulnerabilities in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 31. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-66.html Target software description:...
CS Guestbook Admin Name & Md5 Security Vuln
By Cr@zyKing http://ayyildiz.org Ayyildiz Team nternationel Force Cs Guestbook admin name & admin hass md5 vuln. http://xxx.com/base/usr/0.php admin name & md5 http://xxx.com/mod.php - go to admin panel Md5 Cracking : gdataonline.com & milw0rm.com Greatz : Eno7 , TamTurk , Metlak , Blackwolf ,...
Education_info/edu_view.asp sql injection
Educationinfo/eduview.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life" cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc 1-...
Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768)
Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer 931768 Published: May 8, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
Remot File Include In SLAED_CMS_2
By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...
DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25
Hi; A person on the LedgerSMB core team has found a serious arbitrary code execution issue in LedgerSMB prior to 1.1.5 and SQL-Ledger. A version of SQL-Ledger which fixes this vulnerability was released today version 2.6.25. The vulnerability allows a user to specify a custom function to run when...
phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities
WwW.Deltahacking.NeT dynasite3.2.2 Class = Remote File Inclusion ; Download = http://jaist.dl.sourceforge.net:80/sourceforge/phpdynasite/dynasite3.2.2.tar.gz Found by = Dr.Pantagon [email protected]...
phpstak <= Remote File Include Vulnerability
PerSiaNFoX DigitaL SecuritY TeaM phpsatk= Remote File Include Vulnerabilities Script...
anjel Mambo Component Remote File Include
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : anjel Mambo Component Remote File Include Vulnerabilities -------------------------------------------------------------------------------- Author: CrackersChild...
[SA18026] UStore Cross-Site Scripting and SQL Injection Vulnerabilities
TITLE: UStore Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18026 VERIFY ADVISORY: http://secunia.com/advisories/18026/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: UStore...
Run any OS Command via unauthorized Oracle Reports
Name Run any OS Command via unauthorized Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-014...
Multiple SQL Injections in MetaCart2 for PayPal
Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in...
StarOffice/OpenOffice symbolic links vulnerability
symlink problem during temporary files creation...
Ocean12 ASP Guestbook Manager v1.00
This advisory can be found at www.blacktigerz.org Subject: Ocean12 ASP Guestbook Manager v1.00. Description: Written entirely in ASP and VBScript this is a completely web-based, easy to install, ASP Guestbook Program. It stores data in an Access 2000 database and is configured 100 through the web...
Слабые разрешения в Palm Desktop (weak permissions)
При синхронизации файлы открыты на чтение...
local user can delete arbitrary files on SuSE-Linux
Hello, If MAXDAYSINTMP 0 in /etc/rc.config on a SuSE-Linux system, a local user can delete arbitrary files by doing some commands like these: mkdir -p "/tmp/hhh /somedirectory" touch -t some-early-date "/tmp/hhh /somedirectory/somefile" sleep 1d The bug is in /etc/cron.daily/aaabase for SuSE...
Timbuktu v3.0 and Public LDAP Server
Timbuktu v3.0 by Netopia, for those who don't know, is a remote control software package for Windows 9x, NT, and the Macintosh that gives you GUI console access. LDAP support was recently introduced to make it easier to find machines that have Timbuktu on them in your enterprise. This is good and...
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...
[SECURITY] [DSA 3375-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
[USN-2565-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2565-1 April 09, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...