47153 matches found
FreeBSD 9.1 ftpd Remote Denial of Service
FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 01.02.2013 URL: http://cxsecurity.com/issue/WLB-2013020003 Affected servers: - ftp.uk.freebsd.org, - ftp.ua.freebsd.org, - ftp5.freebsd.org, - ftp5.us.freebsd.org, -...
Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter)
Seeker Research Center Security Advisory By Irene Abezgauz =========== I. Overview =========== An Insecure Redirect vulnerability has been identified in the .NET Form Authentication - in the Redirect From Login mechanism. This vulnerability allows an attacker to craft links that contain redirects...
ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-345 December 7, 2011 - -- CVE ID: - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:P/A:C - -- Affected Vendors:...
[USN-1270-1] Software Center vulnerability
========================================================================== Ubuntu Security Notice USN-1270-1 November 21, 2011 software-center vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
PHP 5.3.6 multiple null pointer dereference
PHP 5.3.6 multiple null pointer dereference Author: Maksymilian Arciemowicz http://securityreason.com/ http://securityreason.net/ http://cxib.net/ Date: - Dis.: 20.07.2011 - Pub.: 19.08.2011 Affected Software verified: PHP 5.3.6 and prior Fixed: PHP 5.3.7 Original URL:...
XWeavers (page.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability XWeavers page.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://xweavers.com/ Persian Gulf 4 Ever! Dork : "inurl:page.asp?id=" "Designed and Developed by XWeavers.com"...
Simploo CMS Community Edition - Remote PHP Code Execution Issue
Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Affected Products: ============= Simploo CMS 1.7.1 and...
XSS in Textpattern CMS
Vulnerability ID: HTB22672 Reference: http://www.htbridge.ch/advisory/xssintextpatterncms.html Product: Textpattern CMS Vendor: Team Textpattern http://textpattern.com/ Vulnerable Version: 4.2.0 Vendor Notification: 21 October 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by...
[security bulletin] HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02286083 Version: 1 HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service DoS, Remote Unauthorized Access NOTICE: The informati...
ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-102 June 8, 2010 -- CVE ID: CVE-2010-1262 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer 8 -- TippingPointTM IP...
Hackproofing Oracle Financials 11i & R12
Hi all, Yesterday a friend of mine told me that I "forget" to share with the general public one small detail about a presentation 1 I given at the conference RootedCon 2010 2. In the presentation there is a currently working 0day against Oracle Financials R12. The 0day is too obvious and pretty...
Microsoft Security Advisory (979267) Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution
Microsoft Security Advisory 979267 Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution Published: January 12, 2010 Version: 1.0 General Information Executive Summary Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in...
URL spoofing bug involving Firefox's error pages and document.write
Application: Firefox 3.0.11 OS: Windows XP - SP3 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description This software is a popular web browser that supports multiple platforms as...
Mozilla Foundation Security Advisory 2009-17
Mozilla Foundation Security Advisory 2009-17 Title: Same-origin violations when Adobe Flash loaded via view-source: scheme Impact: High Announced: April 21, 2009 Reporter: Gregory Fleischer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Security researcher Gregory...
SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming
SEC Consult Security Advisory 20090415-0 ========================================================================== title: Novell Teaming Multiple Vulnerabilities Username Enumeration Multiple Cross Site Scripting Includes vulnerable Liferay portal program: Novell Teaming vulnerable version: 1.0....
Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway Medium Business Edition Could Cause Denial of Service 961759 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves ...
Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability
As the vendor stated, see: http://www.geeklog.net/article.php/geeklog-1.5.2sr2 geeklog is also vulnerable to this: http://www.securityfocus.com/bid/34361/info actually this should be renamed in glFusion 'SESSupdateSessionTime' SQL Injection Vulnerability...
[Full-disclosure] PHP-Calendar SQL Credential Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Risk: Moderate Exploitable: Remotely Vulnerability: Information disclosure Version: Multiple Versions PHP-Calendar http://www.php-calendar.com was "written for a college social group at Northeastern University to keep track of events, etc. We...
[Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server
Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server PoC: http://OC4J/web-app/foobar/c0aec0ae/WEB-INF/web.xml Related: https://vulners.com/cve/CVE-2008-2938 Explaination: The "c0aec0ae" is interpreted as: ".." because on Java's side: "c0ae" is interpreted as: "uC0AE"...
WebStudio CMS 'pageid' Blind SQL Injection
Application: WebStudio CMS Vendor Name: BDigital Media Ltd Vendors Url: http://www.bdigital.biz Bug Type: WebStudio CMS pageid Blind SQL Injection Vulnerability Exploitation: Remote Severity: Critical Solution Status: Unpatched Introduction: WebStudio CMS is a modular Web Content Management Syste...
[AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)
Please find attached a detailed advisory of the vulnerability. Alternatively, the advisory can also be found at: http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last...
WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy
Virangar Security Team Tilte: WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy Author..................: theEdit0r Homepage ...............: Www.Virangar.netwww.virangar.ir Location ...............: Iran Software ...............: WellyBlog Open Source Blog Portal Site Script...
RSS-aggregator (display) Remote File Inclusion Vulnerability
RSS-aggregator display Remote File Inclusion Vulnerability Found : Ghost Hacker R-H TeaM HOME : www.Real-Hack.net Email : [email protected] Script : RSS-aggregator Download Script : http://www.rss-aggregator.com/download.php =========================== Viva IslaM ==========================...
Mozilla Foundation Security Advisory 2008-17
Mozilla Foundation Security Advisory 2008-17 Title: Privacy issue with SSL Client Authentication Impact: Low Announced: March 25, 2008 Reporter: Peter Brodersen and Alexander Klink Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.13 SeaMonkey 1.1.9 Description Peter Brodersen and Alexander...
US-CERT Technical Cyber Security Alert TA07-355A -- Adobe Updates for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-355A Adobe Updates for Multiple Vulnerabilities Original release date: December 21, 2007 Last revised: -- Source: US-CERT Systems Affected Adobe Flash Player 9.0.48.0 and earlier Adobe...
SimpleGallery v0.1.3 (index.php) Cross-Site Scripting Vulnerability
SimpleGallery v0.1.3 index.php Cross-Site Scripting Vulnerability Download: http://richie.7crows.net/projects/gnu/simpleGallery/ Bug found by Jose Luis Gуngora Fernбndez / JosS Contact: sys-projectathotmail.com Spanish Hackers Team www.spanish-hackers.com /server irc.freenode.net /join fullsecure...
SMF .htaccess bypass
./start Discovered by Seph1roth on June 2007 was priv8 Vulnerable: Simple Machine Forum ALL Versions Visit: http://www.blackroots.it - Best hacking site. Description: If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of administration panel :...
TS-2007-002-0: BlueCat Networks Adonis root Privilege Access
Template Security Security Advisory ----------------------------------- BlueCat Networks Adonis root Privilege Access Date: 2007-08-06 Advisory ID: TS-2007-002-0 Vendor: BlueCat Networks, http://www.bluecatnetworks.com/ Revision: 0 Contents -------- Summary Software Version Details Impact Exploit...
CVE-2007-3383: XSS in Tomcat send mail example
CVE-2007-3383: XSS in Tomcat send mail example Severity: Low Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: 4.0.0 to 4.0.6 4.1.0 to 4.1.36 Description: When reporting error messages, the SendMailServlet does not filter user supplied data before display. This enable...
Microsoft Security Bulletin MS07-040 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
Microsoft Security Bulletin MS07-040 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution 931212 Published: July 10, 2007 Version: 1.0 General Information Executive Summary This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could...
[Full-disclosure] [ MDKSA-2007:122 ] - Updated gd packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:122 http://www.mandriva.com/security/ Package : gd Date : June 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: A flaw in libgd2 was found by Xavier Roche where it would n...
aspWebCalendar Remote SQL Injection Vulnerability
Title : aspWebCalendar Remote SQL Injection Vulnerability Author : parad0x Contact : : D.Page : http://www.scriptdungeon.com/script.php?ScriptID=4306 $$ : free S.Page : http://fullrevolution.com http://target/path/calendar.asp?action=viewevent&eventid=SQL Example:...
[security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00809525 Version: 1 HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager OV NNM Remote Unauthorized Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should...
[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech"
·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in Netquery by "VIRtech" Discovered Date: 04/10/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.virtech.org Details: VIRtechs Netquery system is prone to a Cross Site Scripting...
phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability
+------------------------------------------------------------------------------------------- + phpPowerCards 2.10 txt.inc.php Remote Code Execution Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: phpPowerCards 2.10 ...
PHP open_basedir with symlink() function Race Condition PoC exploit
/ -------------------------------------------------------- Neo Security Team NST - Advisory 26 - 09/10/06 -------------------------------------------------------- Program: PHP Homepage: http://www.php.net Vulnerable Versions: PHP 3, 4, 5 Risk: High! Impact: Critical Risk -==PHP openbasedir with...
WM-News v0.5 - Remote File Include Vulnerabilities
ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ---- WM-News v0.5 - Remote File Include Vulnerabilities site : http://www.comscripts.com/jump.php?action=script&id=203 Script : WM-News v0.5 Credits : ERNE Contact : [email protected] and irc.gigachat.net kurdhack Thanks : BLaCKWHITE, B0tan, FearLesS, B3g0k,...
CuteNews 1.3.* Remote File Include Vulnerability
Welcome people In World Defacers Team World Defacers Team ====================================== --------------------Summary---------------- eVuln ID: WD22 Vendor: CuteNews 1.3. Vendor's Web Site: http://cutephp.com/ Software: Live Customer Support Solution :- http://www.pansionat.net/novost/...
PhpBlueDragon CMS 2.9.1, File inclusion vulnerability
----------------------------------------------------- Advisory id: FSA:015 Author: Federico Fazzi Date: 14/06/2006, 18:20 Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability Type: high Product: http://phpbluedragon.net/ Patch: unavailable...
[NT] Norton GoBack Local Authentication Bypass
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
SQL Injection in Chinese ASP Webcounter
I found a vulnerability in a webcounter quite spread in China, I was not able to retrieve its name if someone could help.... You can find examples of this webcounter by searching for "StatDay.asp" hourly statistics for a given day, "StatMonth.asp" daily statistics for a given month or...
vpopmail CGIapps vpasswd vulnerabilities
Centaura Technologies Security Research Lab Advisory Product Name: vpopmail-CGIApps Systems: Linux/OpenBSD/FreeBSD/NetBSD Severity: High Risk Remote: Yes Category: Insuficient input checking Vendor URL: http://diario.buscadoc.org/index.php?topic=Programas Advisory Author: Ignacio Vazquez Advisory...
Advisory CA-2002-25 Integer Overflow In XDR Library
CERT Advisory CA-2002-25 Integer Overflow In XDR Library Original release date: August 05, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Applications using vulnerable implementations of SunRPC-derived XDR libraries, which...
Disclosure of JSP source code with ServletExec AS v3.0c + web instance
Test environment ---------------- NT 4.0 SP6a IIS v4 Sun JDK v1.2.2.006 ServletExec AS v3.0C Vendor status Unify --------------------- Issue reported on October 27th to [email protected] Confirmation on November 2nd that the problem was reproduced Confirmation that the issue was forwarded t...
Security Bulletin (MS00-032)
Microsoft Security Bulletin MS00-032 - -------------------------------------- Patch and Tool Available for "Protected Store Key Length" Vulnerability Originally Posted: June 01, 2000 Summary ======= Microsoft has released a patch and a tool that eliminate a security vulnerability in Microsoftr...
XFree86 server overflow
XFree86 3.3.6 and probably 4.0.0 as well ; - by running X server no matter it's setuid, or called from setuid Xwrapper - works in both cases, seems to me Xwrapper in default RH 6.x distro is rather dumb ; with -xkbmap parameter and over 2100 of 'A's or shellcode, again, it's rather trivial to...
DoS-атака на сервис печати TCP/IP Windows NT
При получении определенного пакеты в порт TCP/515 printer сервис печати TCP/IP умирает вместе с несколькими другими сетевыми сервисами SimpTCP, DHCPServer, FTPSvc, LPDSvc, BinlSvc...
novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0.1-elche is a PHP...
CollabNet Subversion Edge show local file inclusion
Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via "fileName" parameter of the show action Date: 10.10.2014 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local file...
Local PHP File Inclusion in ResourceSpace
Advisory ID: HTB23258 Product: ResourceSpace Vendor: Montala Limited Vulnerable Versions: 7.1.6513 and probably prior Tested Version: 7.1.6513 Advisory Publication: May 6, 2015 without technical details Vendor Notification: May 6, 2015 Vendor Patch: June 1, 2015 Public Disclosure: June 3, 2015...