47153 matches found
MKPortal modules metric XSS Vulnerability
========================================= MKPortal modules metric XSS Vulnerability ========================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// // // //...
ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability
ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-061 April 5, 2010 -- CVE ID: CVE-2010-0838 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details:...
[InterN0T] LiveZilla - XSS Vulnerability
LiveZilla - Cross Site Scripting Vulnerability Version Affected: 3.1.8.3 newest Info: LiveZilla, the Next Generation Live Help / Live Chat and Live Support System connects you to your website visitors. Use LiveZilla to provide Live Chats and monitor your website visitors in real-time. Convert...
ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability
ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-095 December 9, 2009 -- CVE ID: CVE-2009-3849 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manager --...
[SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1724-1 [email protected] http://www.debian.org/security/ Steffen Joeris February 13th, 2009 http://www.debian.org/security/faq -...
DevIL library buffer overflow
Buffer overflow in iGetHdrHeader function on Radiance RGBE files processing...
multiple vendor ftpd - Cross-site request forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 multiple vendor ftpd - Cross-site request forgery Author: Maksymilian Arciemowicz securityreason.com Date: - - Written: 03.09.2008 - - Public: 26.09.2008 SecurityReason Research SecurityAlert Id: 56 CVE: not assigned SecurityRisk: Low Affected Softwar...
drupal: Session hijacking vulnerability, CVE-2008-3661
drupal: Session hijacking vulnerability, CVE-2008-3661 References https://vulners.com/cve/CVE-2008-3661 http://int21.de/cve/CVE-2008-3661-drupal.html http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/ https://www.defcon.org/html/defcon-16/dc-16-speakers.htmlPerry Description...
[SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1575-1 [email protected] http://www.debian.org/security/ dann frazier May 12, 2008 http://www.debian.org/security/faq -...
Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution 948590 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these...
Aria-Security.net: NetAuctionHelp SQL Injection
Aria-Security Net Original Advisory @ http://aria-security.net/forum/showthread.php?p=1099 ------------------------ Vendor: http://www.netauctionhelp.com PoC: search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=SQL INJECTION...
Mambo module Calendar (Agenda) <= 155 (com_calendar.php) Multiple RFI Vuln
================================================================== Mambo module Calendar Agenda = 155 comcalendar.php Multiple RFI Vuln ================================================================== Found By : Cold z3ro , [email protected]...
WWWboard password disclosure
//A vulnerability found in WWWboard that shows the administrative user names and passwords. Althought the password is hashed, It can easily be decoded. //Effected versions: Version 2.0 ALPHA 2 //File name: passwd.txt //File location: http://victim/wwwboard/passwd.txt //Google dork:...
[Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke
SEC Consult Security Advisory 20070226-0 ======================================================================= title: File Disclosure in Pagesetter for PostNuke program: Pagesetter page creation module vulnerable version: 6.2.0 6.3.0 beta 5 impact: high homepage: http://www.elfisk.dk found:...
dvddb-0.6 media sql-inj. vuln.
Title : dvddb-0.6 media sql-inj. vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] ExpLoit : http://target/path/inc/common.php?user=sql GreetZ: BLaCKWHITE, HackerBox.Eu...
flashChat 4.7.8 Cross Site Scripting Vulnerability
/ Flashchat 4.7.8 / Date of written Advisory: February 04, 2007 Product: Flash Chat = 4.7.8 Vendor: http://tufat.com/ Description: flashChat is a highly customizable PHP/MySQL based chat room script that is easily integrated into a website and mimics IRC in it's command structure Exploits /...
[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability
-=--------------------ADVISORY-------------------=- Siteman 2.0.x2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Siteman 2.0.x2 -=+ Version: 2.0.x2 -=+ Vendor's URL: http://home.no.net/siteman/ -=+ Platform: WindowsLinuxUnix -=+ Bug type:...
IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability
Networksecurity.fi Security Advisory 06-09-2006 Title: IBM Lotus Notes DUNZIP32.dll buffer overflow vulnerability Criticality: High 3/3 Affected software: IBM Lotus Notes versions 6.5.4, 5.0.10 and prior Author: Juha-Matti Laurio juha-matti.laurio at netti.fi Date: 6th September, 2006 Advisory ID...
SubberZ[Lite] - Remote File Include
Chironex Fleckeri SubberZLite - Remote File Include Find by Chironex Fleckeri Mail/MSN: [email protected] http://site/path/user-func.php?myadmindir=Shell...
Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities
====================================================================== Secunia Research 29/06/2006 - phpRaid SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...
BluePay Manager v2.0 Script Insertion Vulnerability
BluePay Manager v2.0 Script Insertion Vulnerability Vuln. discovered by : r0t Date: 18 april 2006 vendor:bluepay.com affected versions:v2.0 and previous orginal advisory: http://pridels.blogspot.com/2006/04/bluepay-manager-v20-script-insertion.html Vuln. description: Input passed to the "Account...
Easy File Sharing Web Server Multiple Vulnerablilities
Easy File Sharing Web Server Multiple Vulnerablilities Software: Easy File Sharing Web Server Version: 3.2 Website: http://www.sharing-file.com/ Description: Easy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without a...
[ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV27$2006 --------------------------------------------------------------------------- ECHOADV27$2006 Indexu = 5.0.1 Remote File Inclusion --------------------------------------------------------------------------- Author : M.Hasran Addahroni...
SUSE Security Announcement: zlib denial of service attack (SUSE-SA:2005:039)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUSE Security Announcement Package: zlib Announcement ID: SUSE-SA:2005:039 Date: Wed, 06 Jul 2005 14:00:00 +0000 Affected Products: 9.1, 9.2, 9.3 SUSE Linux Enterprise Server 9 Novell Linux Desktop 9 Open Enterprise Server Vulnerability Type: remote...
US-CERT Technical Cyber Security Alert TA05-136A -- Apple Mac OS X is affected by multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA05-136A Apple Mac OS X is affected by multiple vulnerabilities Original release date: May 16, 2005 Last revised: -- Source: US-CERT Systems Affected Mac OS X version 10.3.9 Panther and Mac OS X Server version 10.3.9...
Advisory: Lawson Financials RDBMS Insecurity
+-----------------------------------------------------------------------+ | Advisory: lawson001 | | Authors: John Eisenschmidt [email protected] | | George Lewis [email protected] | | Release Date: December 02, 2002 | | Vendor: Lawson | | Application: Financials possibly others | | Affected...
anonymous SMBwriteX DoS
a new concept had to be invented for this one: "the BSOD". a problem that causes an nt5 server's screen to go black. here is a harmless SMB request, prepared earlier from a netmon capture: SMB C write & X, FID = 0x1801, Write 0x73 at 0x00000000 SMB: C write & X, FID = 0x1801, Write 0x73 at...
Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)
Qualys Security Advisory LibreSSL CVE-2015-5333 and CVE-2015-5334 ======================================================================== Contents ======================================================================== Summary Memory Leak CVE-2015-5333 Buffer Overflow CVE-2015-5334...
ipTIME n104r3 vulnerable to CSRF and XSS attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: iptime n104r3 vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt Blog URL:...
[SECURITY] [DSA 3198-1] php5 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3198-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq -...
Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability
Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1355 Release Date: ============= 2015-02-09 Vulnerability Laboratory ID VL-ID: ==================================== 1355...
[ MDVSA-2015:032 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:032 http://www.mandriva.com/en/support/security/ Package : php Date : February 5, 2015 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php:...
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
================================================================================ REWTERZ-20140103 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product:...
CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2026 =================== "Reflected Cross-Site Scripting XSS" CWE-79 vulnerability in "Intrexx Professional" product Vendor =================== United Planet GmbH Product =================== "Intrexx is an integrated cross-platform developmen...
SQL Injection Vulnerability in ArticleFR
Advisory ID: HTB23225 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Advisory Publication: July 23, 2014 without technical details Vendor Notification: July 23, 2014 Public Disclosure: August 20, 2014 Vulnerability Type: SQL...
[oss-security] LMS-2014-06-16-2: Linux Kernel LZO
Hello All, A vulnerability has been identified in the Linux kernel implementation of the LZO algorithm. Please find the bug report inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ Lab Mouse Security Report LMS-2014-06-16-2 Report ID: LMS-2014-06-16-2 CVE...
[security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Document ID: c04260456 Version: 2 HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-21 Last...
APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lio...
XAMPP 1.8.1 Local Write Access Vulnerability
============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 6,8/10 CVSS Base Score - CVE-ID: CVE-2013-2586...
[ MDVSA-2013:203 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:203 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : July 30, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discover...
PuTTY SSH handshake heap overflow
PuTTY SSH handshake heap overflow CVE-2013-4852 Description: PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication, caused by improper bounds...
APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 o...
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
Advisory ID: HTB23123 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: v0.1.2 and probably prior Tested Version: v0.1.2 Vendor Notification: October 24, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: OS Command Injection CWE-78, SQL Injection...
Smf 2.0.2 Cross-Site Scripting Vulnerability
a bug in Smf 2.0.2 that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Smf 2.0.2 Cross-Site Scripting Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum/ Software Link : http://www.simplemachines.org Security Risk : High Version : A...
[waraxe-2012-SA#092] - Multiple Vulnerabilities in Wordpress Slideshow Plugin
waraxe-2012-SA092 - Multiple Vulnerabilities in Wordpress Slideshow Plugin =============================================================================== Author: Janek Vind "waraxe" Date: 17. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-92.html Description of vulnerab...
[SECURITY] [DSA 2368-1] lighttpd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...
ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability
ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-246 July 29, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase Adaptive Server --...
Oracle / Sun / Peoplesoft applications multiple security vulnerabilities
Quarterly critical patch update closes 78 different vulnerabilities in all major applications...
Apple Mac OS X multiple security vulnerabilities
Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation...
Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS)
Hello, In Prestashop Cartium 1.3.3 I have detected multiple Cross Site Scripting XSS vulnerabilities: File Field categoty.php idcategory product.php idproduct search.php searchquery Test pattern for vulnerable versions: "/scriptalert1/script Kind Regards Antonio San Martino...