47153 matches found
StartSite.ir Cross-site Scripting Vulnerability
------------In The Name Of God------------ StartSite.ir Cross-site Scripting Vulnerability AUTHOR: md.r00t Mail: [email protected] Website: www.r00t.gigfa.com Forum: http://ajaxtm.com/forum Google D0rk: "Powered by StartSite.ir" xss EXPLOIT: scriptalert/0//script script...
Majordomo2 - Directory Traversal (SMTP/HTTP)
Original Advisory: https://sitewat.ch/en/Advisory/View/1 Credit: Michael Brooks https://sitewat.ch Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: http://www.mj2.org/ Affected Build: 20110121 and prior Special thanks to Dave Miller, Reed Loden and the rest...
Microsoft IIS 6 parsing directory “x.asp” Vulnerability
Microsoft IIS 6 parsing directory Vulnerability Discovered by: Pouya daneshmand whhiranATyahooDOTcom http://securitylab.ir/blog Introduction: Using this vulnerability you can bypass some Security filters, for example a file with “.jpg” or “.rar” extension can be executed as an asp Active Server...
[eVuln.com] Multiple XSS in Alguest
New eVuln Advisory: Multiple XSS in Alguest Summary: http://evuln.com/vulns/151/summary.html Details: http://evuln.com/vulns/151/description.html -----------Summary----------- eVuln ID: EV0151 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: low Type: Cross Site Scripting Statu...
vBulletin 4.0.8 - Persistent XSS via Profile Customization
vBulletin - Persistent Cross Site Scripting via Profile Customization Versions Affected: 4.0.8 3.8. is not vulnerable. Info: Content publishing, search, security, and more— vBulletin has it all. Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money...
XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp
------------------------------------------------------------------ XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp Date: 22.04.2010 ------------------------------------------------------------------- - Description Windows Mobile shows message previews if configured to do so. Due...
Tinypug Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: Tinypug Multiple Vulnerabilities Vendor: http://platformassociates.com/ project hosted at http://code.google.com/p/tinypug/ Vulnerable Version: 0.9.5 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Tinypug is a...
[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be...
[ISecAuditors Security Advisories] WP-Forum <= 2.3 SQL Injection vulnerabilities
============================================= INTERNET SECURITY AUDITORS ALERT 2009-010 - Original release date: September 28th, 2009 - Last revised: December 15th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3703 - Severity: 8.5/10 CVSS Base Score...
Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point. Aruba Advisory ID: AID-102609 Revision: 1.0 For Public Release on 10/26/2009...
net2ftp <= 0.97 Cross-Site Scripting/Request Forgery
=cicatriz [email protected]==advisories= / / / / // / / // / o / / .-/ =net2ftp = 0.97 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: net2ftp = 0.97 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-0804 Advisory URL:...
PHP pro bid v 6.04 SQL injection
Affected software: PHP pro bid v 6.04 as at 2008-09-11 Vendor description: The Leading Proffessional sic Auction Script Software available online today written in PHP/ Mysql Impact: SQL injection Description: categories.php and other pages of php pro bid accept user-supplied order-by and ASC/DESC...
Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution 948590 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these...
Mozilla Foundation Security Advisory 2008-15
Mozilla Foundation Security Advisory 2008-15 Title: Crashes with evidence of memory corruption rv:1.8.1.13 Impact: Critical Announced: March 25, 2008 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.13 Thunderbird 2.0.0.13 SeaMonkey 1.1....
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14
waraxe-2008-SA066 - Multiple Vulnerabilities in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 31. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-66.html Target software description:...
CS Guestbook Admin Name & Md5 Security Vuln
By Cr@zyKing http://ayyildiz.org Ayyildiz Team nternationel Force Cs Guestbook admin name & admin hass md5 vuln. http://xxx.com/base/usr/0.php admin name & md5 http://xxx.com/mod.php - go to admin panel Md5 Cracking : gdataonline.com & milw0rm.com Greatz : Eno7 , TamTurk , Metlak , Blackwolf ,...
Education_info/edu_view.asp sql injection
Educationinfo/eduview.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life" cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc 1-...
fipsCMS v2.1 Remote SQL injection Vulnerability
fipsCMS v2.1 Remote SQL injection Vulnerability // AYYILDIZ.ORG Gururla Sunar ... Script: fipsCMS v2.1 Download: http://fipsasp.com/subs/login/Download.asp?ID=60&CatID=5&AccLvl=0 Author: iLker Kandemir [email protected] ThanKs: h0tturk,Ekin0x,Gencnesil,Gencturk,Ajann Exploit:...
[Full-disclosure] Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities
netVigilance Security Advisory 12 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags...
Remot File Include In SLAED_CMS_2
By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...
DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25
Hi; A person on the LedgerSMB core team has found a serious arbitrary code execution issue in LedgerSMB prior to 1.1.5 and SQL-Ledger. A version of SQL-Ledger which fixes this vulnerability was released today version 2.6.25. The vulnerability allows a user to specify a custom function to run when...
phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities
WwW.Deltahacking.NeT dynasite3.2.2 Class = Remote File Inclusion ; Download = http://jaist.dl.sourceforge.net:80/sourceforge/phpdynasite/dynasite3.2.2.tar.gz Found by = Dr.Pantagon [email protected]...
anjel Mambo Component Remote File Include
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : anjel Mambo Component Remote File Include Vulnerabilities -------------------------------------------------------------------------------- Author: CrackersChild...
SubberZ[Lite] - Remote File Include
Chironex Fleckeri SubberZLite - Remote File Include Find by Chironex Fleckeri Mail/MSN: [email protected] http://site/path/user-func.php?myadmindir=Shell...
[ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV27$2006 --------------------------------------------------------------------------- ECHOADV27$2006 Indexu = 5.0.1 Remote File Inclusion --------------------------------------------------------------------------- Author : M.Hasran Addahroni...
[SA18026] UStore Cross-Site Scripting and SQL Injection Vulnerabilities
TITLE: UStore Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18026 VERIFY ADVISORY: http://secunia.com/advisories/18026/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: UStore...
ICMP and TCP timestamp attacks to reset TCP connections
By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease...
Run any OS Command via unauthorized Oracle Reports
Name Run any OS Command via unauthorized Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-014...
Multiple SQL Injections in MetaCart2 for PayPal
Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in...
StarOffice/OpenOffice symbolic links vulnerability
symlink problem during temporary files creation...
Security Advisory FreeBSD-SA-02:36.nfs
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:36.nfs Security Advisory The FreeBSD Project Topic: Bug in NFS server code allows remote denial of service Category: core Module: nfs Announced: 2002-08-05 Credits: Mike...
local user can delete arbitrary files on SuSE-Linux
Hello, If MAXDAYSINTMP 0 in /etc/rc.config on a SuSE-Linux system, a local user can delete arbitrary files by doing some commands like these: mkdir -p "/tmp/hhh /somedirectory" touch -t some-early-date "/tmp/hhh /somedirectory/somefile" sleep 1d The bug is in /etc/cron.daily/aaabase for SuSE...
Timbuktu v3.0 and Public LDAP Server
Timbuktu v3.0 by Netopia, for those who don't know, is a remote control software package for Windows 9x, NT, and the Macintosh that gives you GUI console access. LDAP support was recently introduced to make it easier to find machines that have Timbuktu on them in your enterprise. This is good and...
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...
[SECURITY] [DSA 3375-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
[USN-2721-1] Subversion vulnerabilities
========================================================================== Ubuntu Security Notice USN-2721-1 August 20, 2015 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
[USN-2565-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2565-1 April 09, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360)
Hi, This is part 12 of the ManageOwnage series. For previous parts, see 1. This time we have an arbitrary file download, directory content disclosure and blind SQL injection vulnerabilities in ManageEngine OpManager, Applications Manager and IT360. I've pushed two new Metasploit modules into the...
bash code execution
It's possible to place a function into content of any environment variable...
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6 Safari 6.1.6 and Safari 7.0.6 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4 Impact...
APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7....
[security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04272892 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04272892 Version: 1 HPSBMU03033 rev....
Barracuda Message Archiver 650 - Persistent Web Vulnerability
Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...
Microsoft Sharepoint Server multiple security vulnerabilities
DoS, crossite scripting, memory corruptions, code execution...
Oracle Java multiple security vulnerabilities
40 different vulnerabilities...
socat security vulnerabilities
Buffer overflow, file descriptor leakage...
Multiple Vulnerabilities in Piwigo
Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352, Path...
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. It...
[USN-1406-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1406-1 March 27, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...