47153 matches found
ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability
ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-061 April 5, 2010 -- CVE ID: CVE-2010-0838 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details:...
[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be...
[InterN0T] LiveZilla - XSS Vulnerability
LiveZilla - Cross Site Scripting Vulnerability Version Affected: 3.1.8.3 newest Info: LiveZilla, the Next Generation Live Help / Live Chat and Live Support System connects you to your website visitors. Use LiveZilla to provide Live Chats and monitor your website visitors in real-time. Convert...
[ISecAuditors Security Advisories] WP-Forum <= 2.3 SQL Injection vulnerabilities
============================================= INTERNET SECURITY AUDITORS ALERT 2009-010 - Original release date: September 28th, 2009 - Last revised: December 15th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3703 - Severity: 8.5/10 CVSS Base Score...
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-079 November 4, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPointTM IPS Customer Protection: TippingPoint IPS...
[SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1724-1 [email protected] http://www.debian.org/security/ Steffen Joeris February 13th, 2009 http://www.debian.org/security/faq -...
DevIL library buffer overflow
Buffer overflow in iGetHdrHeader function on Radiance RGBE files processing...
[SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1575-1 [email protected] http://www.debian.org/security/ dann frazier May 12, 2008 http://www.debian.org/security/faq -...
Mozilla Foundation Security Advisory 2008-15
Mozilla Foundation Security Advisory 2008-15 Title: Crashes with evidence of memory corruption rv:1.8.1.13 Impact: Critical Announced: March 25, 2008 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.13 Thunderbird 2.0.0.13 SeaMonkey 1.1....
Aria-Security.net: NetAuctionHelp SQL Injection
Aria-Security Net Original Advisory @ http://aria-security.net/forum/showthread.php?p=1099 ------------------------ Vendor: http://www.netauctionhelp.com PoC: search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=SQL INJECTION...
[Full-disclosure] Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities
netVigilance Security Advisory 12 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags...
fipsCMS v2.1 Remote SQL injection Vulnerability
fipsCMS v2.1 Remote SQL injection Vulnerability // AYYILDIZ.ORG Gururla Sunar ... Script: fipsCMS v2.1 Download: http://fipsasp.com/subs/login/Download.asp?ID=60&CatID=5&AccLvl=0 Author: iLker Kandemir [email protected] ThanKs: h0tturk,Ekin0x,Gencnesil,Gencturk,Ajann Exploit:...
[Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke
SEC Consult Security Advisory 20070226-0 ======================================================================= title: File Disclosure in Pagesetter for PostNuke program: Pagesetter page creation module vulnerable version: 6.2.0 6.3.0 beta 5 impact: high homepage: http://www.elfisk.dk found:...
dvddb-0.6 media sql-inj. vuln.
Title : dvddb-0.6 media sql-inj. vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] ExpLoit : http://target/path/inc/common.php?user=sql GreetZ: BLaCKWHITE, HackerBox.Eu...
flashChat 4.7.8 Cross Site Scripting Vulnerability
/ Flashchat 4.7.8 / Date of written Advisory: February 04, 2007 Product: Flash Chat = 4.7.8 Vendor: http://tufat.com/ Description: flashChat is a highly customizable PHP/MySQL based chat room script that is easily integrated into a website and mimics IRC in it's command structure Exploits /...
[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability
-=--------------------ADVISORY-------------------=- Siteman 2.0.x2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Siteman 2.0.x2 -=+ Version: 2.0.x2 -=+ Vendor's URL: http://home.no.net/siteman/ -=+ Platform: WindowsLinuxUnix -=+ Bug type:...
IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability
Networksecurity.fi Security Advisory 06-09-2006 Title: IBM Lotus Notes DUNZIP32.dll buffer overflow vulnerability Criticality: High 3/3 Affected software: IBM Lotus Notes versions 6.5.4, 5.0.10 and prior Author: Juha-Matti Laurio juha-matti.laurio at netti.fi Date: 6th September, 2006 Advisory ID...
Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities
====================================================================== Secunia Research 29/06/2006 - phpRaid SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...
WBB<<---v2.0 RC2 "newthread.php" SQL Injection
======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ======================================== Example:- /newthread.php?boardid=SQL...
[ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV27$2006 --------------------------------------------------------------------------- ECHOADV27$2006 Indexu = 5.0.1 Remote File Inclusion --------------------------------------------------------------------------- Author : M.Hasran Addahroni...
[SA18026] UStore Cross-Site Scripting and SQL Injection Vulnerabilities
TITLE: UStore Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18026 VERIFY ADVISORY: http://secunia.com/advisories/18026/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: UStore...
US-CERT Technical Cyber Security Alert TA05-136A -- Apple Mac OS X is affected by multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA05-136A Apple Mac OS X is affected by multiple vulnerabilities Original release date: May 16, 2005 Last revised: -- Source: US-CERT Systems Affected Mac OS X version 10.3.9 Panther and Mac OS X Server version 10.3.9...
StarOffice/OpenOffice symbolic links vulnerability
symlink problem during temporary files creation...
Security Advisory FreeBSD-SA-02:36.nfs
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:36.nfs Security Advisory The FreeBSD Project Topic: Bug in NFS server code allows remote denial of service Category: core Module: nfs Announced: 2002-08-05 Credits: Mike...
Слабые разрешения в Palm Desktop (weak permissions)
При синхронизации файлы открыты на чтение...
anonymous SMBwriteX DoS
a new concept had to be invented for this one: "the BSOD". a problem that causes an nt5 server's screen to go black. here is a harmless SMB request, prepared earlier from a netmon capture: SMB C write & X, FID = 0x1801, Write 0x73 at 0x00000000 SMB: C write & X, FID = 0x1801, Write 0x73 at...
local user can delete arbitrary files on SuSE-Linux
Hello, If MAXDAYSINTMP 0 in /etc/rc.config on a SuSE-Linux system, a local user can delete arbitrary files by doing some commands like these: mkdir -p "/tmp/hhh /somedirectory" touch -t some-early-date "/tmp/hhh /somedirectory/somefile" sleep 1d The bug is in /etc/cron.daily/aaabase for SuSE...
[USN-2721-1] Subversion vulnerabilities
========================================================================== Ubuntu Security Notice USN-2721-1 August 20, 2015 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
ipTIME n104r3 vulnerable to CSRF and XSS attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: iptime n104r3 vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt Blog URL:...
[SECURITY] [DSA 3198-1] php5 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3198-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq -...
[ MDVSA-2015:032 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:032 http://www.mandriva.com/en/support/security/ Package : php Date : February 5, 2015 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php:...
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
================================================================================ REWTERZ-20140103 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product:...
CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2026 =================== "Reflected Cross-Site Scripting XSS" CWE-79 vulnerability in "Intrexx Professional" product Vendor =================== United Planet GmbH Product =================== "Intrexx is an integrated cross-platform developmen...
SQL Injection Vulnerability in ArticleFR
Advisory ID: HTB23225 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Advisory Publication: July 23, 2014 without technical details Vendor Notification: July 23, 2014 Public Disclosure: August 20, 2014 Vulnerability Type: SQL...
[oss-security] LMS-2014-06-16-2: Linux Kernel LZO
Hello All, A vulnerability has been identified in the Linux kernel implementation of the LZO algorithm. Please find the bug report inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ Lab Mouse Security Report LMS-2014-06-16-2 Report ID: LMS-2014-06-16-2 CVE...
[security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Document ID: c04260456 Version: 2 HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-21 Last...
Barracuda Message Archiver 650 - Persistent Web Vulnerability
Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...
[SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 6.0.33 to 6.0.37 Description: Previous fixes to path parameter handling 1 introduc...
APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lio...
XAMPP 1.8.1 Local Write Access Vulnerability
============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 6,8/10 CVSS Base Score - CVE-ID: CVE-2013-2586...
[ MDVSA-2013:203 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:203 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : July 30, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discover...
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
Advisory ID: HTB23123 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: v0.1.2 and probably prior Tested Version: v0.1.2 Vendor Notification: October 24, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: OS Command Injection CWE-78, SQL Injection...
Smf 2.0.2 Cross-Site Scripting Vulnerability
a bug in Smf 2.0.2 that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Smf 2.0.2 Cross-Site Scripting Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum/ Software Link : http://www.simplemachines.org Security Risk : High Version : A...
ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities
ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: All versio...
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. It...
[waraxe-2012-SA#092] - Multiple Vulnerabilities in Wordpress Slideshow Plugin
waraxe-2012-SA092 - Multiple Vulnerabilities in Wordpress Slideshow Plugin =============================================================================== Author: Janek Vind "waraxe" Date: 17. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-92.html Description of vulnerab...
[SECURITY] [DSA 2368-1] lighttpd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...
ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability
ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-246 July 29, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase Adaptive Server --...
VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0007 Synopsis: VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console Iss...
HTB22947: XSS in Ajax Category Dropdown wordpress plugin
Vulnerability ID: HTB22947 Reference: http://www.htbridge.ch/advisory/xssinajaxcategorydropdownwordpressplugin.html Product: Ajax Category Dropdown wordpress plugin Vendor: http://www.dyasonhat.com/ http://www.dyasonhat.com/ Vulnerable Version: 0.1.5 Vendor Notification: 07 April 2011 Vulnerabili...