47153 matches found
Chrome for Android - UXSS via com.android.browser.application_id Intent extra
CVE Number: CVE-2012-4905 Title: Chrome for Android - UXSS via com.android.browser.applicationid Intent extra Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: By sending a...
FileBound - Privilege Escalation Vulnerability - Security Advisory - SOS-12-010
Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact. Privilege escalation Attack Vector. From remote...
Magy cms v 2.0.1121 BETA Blind Sql injection
Hello Dear ЗАРАЗА, Please see attach. Attached file is commented and complete exploit which is written in AUTOIT. It exploits targetted cms using time based way and obtains default 5 usernames + corresponding MD5 passwords from target site. If anything unclear please let us know. TIA as always...
[SE-2012-01] New security issue affecting Java SE 7 Update 7
Hello All, Yesterday, an out-of-band patch was released by Oracle 1, which among other things incorporated fixes for the issues exploited by the recent Java SE 7 attack code ClassFinder / MethodFinder bugs. One of the fixes incorporated in the released update also addressed the exploitation vecto...
CakePHP 2.x-2.2.0-RC2 XXE Injection
Exploit title: CakePHP XXE injection Date: 01.07.2012 Software Link: http://www.cakephp.org Vulnerable version: 2.x - 2.2.0-RC2 Tested on: Windows and Linux Author: Pawel Wylecial http://h0wl.pl 1. Background Short description from the project website: "CakePHP makes building web applications...
Event Calendar PHP 1.2 - Multiple Web Vulnerabilites
Title: ====== Event Calendar PHP 1.2 - Multiple Web Vulnerabilites Date: ===== 2012-06-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=607 VL-ID: ===== 607 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: ============= Event...
CSNC-2012-004 Generic XSS in AdNovum nevisProxy
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: NevisProxy Vendor: AdNovum CVD ID: CSNC-2012-004 Subject: Cross-site scripting XSS within 302 Redirections Risk: High Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date: 02/23/2012...
vBulletin 4.1.10 Sql Injection Vulnerabilitiy
a bug in vBulletin 4.1.10 that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : vBulletin 4.1.10 Sql Injection Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir Software Link : http://vbulletin.com Security Risk : High Version : All Version Test...
NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...
OpenKM 5.1.7 OS Command Execution (XSRF based)
COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...
Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress 1-jquery-photo-gallery-slideshow-flash plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities...
FootBall Cms (view_table_lig.php?group) XSS Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD XSS Vulnerability FootBall Cms viewtablelig.php?group AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "inurl:viewtablelig.php?group=" Exploite: www.victim.com/viewtablelig.php?group=1&namelig=XSS...
[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Se
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02738731 Version: 1 HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager SIM for HP-UX, Linux, and Windows, Remote Cross Site Scripting XSS, Cross Site Request Forgery CSRF, Execution of...
StartSite.ir Cross-site Scripting Vulnerability
------------In The Name Of God------------ StartSite.ir Cross-site Scripting Vulnerability AUTHOR: md.r00t Mail: [email protected] Website: www.r00t.gigfa.com Forum: http://ajaxtm.com/forum Google D0rk: "Powered by StartSite.ir" xss EXPLOIT: scriptalert/0//script script...
[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02273751 Version: 1 HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager SIM for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities NOTICE: The informati...
ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability
ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-061 April 5, 2010 -- CVE ID: CVE-2010-0838 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details:...
Tinypug Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: Tinypug Multiple Vulnerabilities Vendor: http://platformassociates.com/ project hosted at http://code.google.com/p/tinypug/ Vulnerable Version: 0.9.5 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Tinypug is a...
[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be...
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-076 November 4, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPointTM IPS Customer Protection: TippingPoint...
net2ftp <= 0.97 Cross-Site Scripting/Request Forgery
=cicatriz [email protected]==advisories= / / / / // / / // / o / / .-/ =net2ftp = 0.97 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: net2ftp = 0.97 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-0804 Advisory URL:...
WARNING - CORRECT: BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI)
Salvatore "drosophila" Fresta + Application: BlindBlog + Version: 1.3.1 + Website: http://sourceforge.net/projects/cbblog/ + Bugs: A SQL Injection B Authentication Bypass C Local File Inclusion + Exploitation: Remote + Date: 03 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author:...
DevIL library buffer overflow
Buffer overflow in iGetHdrHeader function on Radiance RGBE files processing...
PHP pro bid v 6.04 SQL injection
Affected software: PHP pro bid v 6.04 as at 2008-09-11 Vendor description: The Leading Proffessional sic Auction Script Software available online today written in PHP/ Mysql Impact: SQL injection Description: categories.php and other pages of php pro bid accept user-supplied order-by and ASC/DESC...
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14
waraxe-2008-SA066 - Multiple Vulnerabilities in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 31. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-66.html Target software description:...
OpenBSD DHCP server buffer overflow
Integer overflow with "maximum message size" option leads to buffer overflow...
Education_info/edu_view.asp sql injection
Educationinfo/eduview.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life" cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc 1-...
[Full-disclosure] Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities
netVigilance Security Advisory 12 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags...
[Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke
SEC Consult Security Advisory 20070226-0 ======================================================================= title: File Disclosure in Pagesetter for PostNuke program: Pagesetter page creation module vulnerable version: 6.2.0 6.3.0 beta 5 impact: high homepage: http://www.elfisk.dk found:...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability
Networksecurity.fi Security Advisory 06-09-2006 Title: IBM Lotus Notes DUNZIP32.dll buffer overflow vulnerability Criticality: High 3/3 Affected software: IBM Lotus Notes versions 6.5.4, 5.0.10 and prior Author: Juha-Matti Laurio juha-matti.laurio at netti.fi Date: 6th September, 2006 Advisory ID...
anjel Mambo Component Remote File Include
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : anjel Mambo Component Remote File Include Vulnerabilities -------------------------------------------------------------------------------- Author: CrackersChild...
WBB<<---v2.0 RC2 "newthread.php" SQL Injection
======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ======================================== Example:- /newthread.php?boardid=SQL...
Microsoft Security Bulletin MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
Microsoft Security Bulletin MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution 917953 Published: June 13, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important...
US-CERT Technical Cyber Security Alert TA05-136A -- Apple Mac OS X is affected by multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA05-136A Apple Mac OS X is affected by multiple vulnerabilities Original release date: May 16, 2005 Last revised: -- Source: US-CERT Systems Affected Mac OS X version 10.3.9 Panther and Mac OS X Server version 10.3.9...
Multiple SQL Injections in MetaCart2 for PayPal
Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in...
[waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module
================================================================================ waraxe-2005-SA041 ================================================================================ Critical Sql Injection in PhpNuke 6.x-7.6 Top module...
StarOffice/OpenOffice symbolic links vulnerability
symlink problem during temporary files creation...
Ocean12 ASP Guestbook Manager v1.00
This advisory can be found at www.blacktigerz.org Subject: Ocean12 ASP Guestbook Manager v1.00. Description: Written entirely in ASP and VBScript this is a completely web-based, easy to install, ASP Guestbook Program. It stores data in an Access 2000 database and is configured 100 through the web...
Security Advisory FreeBSD-SA-02:36.nfs
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:36.nfs Security Advisory The FreeBSD Project Topic: Bug in NFS server code allows remote denial of service Category: core Module: nfs Announced: 2002-08-05 Credits: Mike...
anonymous SMBwriteX DoS
a new concept had to be invented for this one: "the BSOD". a problem that causes an nt5 server's screen to go black. here is a harmless SMB request, prepared earlier from a netmon capture: SMB C write & X, FID = 0x1801, Write 0x73 at 0x00000000 SMB: C write & X, FID = 0x1801, Write 0x73 at...
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...
[USN-2565-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2565-1 April 09, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apachemodphp Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple...
[security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Document ID: c04260456 Version: 2 HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-21 Last...
Barracuda Message Archiver 650 - Persistent Web Vulnerability
Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...
Critical vulnerabilities discovered in Gazelle and TBDEV.net
Hi guys, Gazelle and TBDEV.NET are the most popular web applications used as BitTorrent trackers. A BitTorrent tracker is an application that assists in the communication between peers using the BitTorrent protocol. BitTorrent trackers can be public/open where anybody can join or private where an...
Multiple Vulnerabilities in Piwigo
Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352, Path...
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
Advisory ID: HTB23123 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: v0.1.2 and probably prior Tested Version: v0.1.2 Vendor Notification: October 24, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: OS Command Injection CWE-78, SQL Injection...
Smf 2.0.2 Cross-Site Scripting Vulnerability
a bug in Smf 2.0.2 that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Smf 2.0.2 Cross-Site Scripting Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum/ Software Link : http://www.simplemachines.org Security Risk : High Version : A...