47153 matches found
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Advisory ID: cisco-sa-20111005-asa Revision 1.0 For Public Release 2011 October 05 1600 UTC GM...
Security issue is_a function in PHP 5.3.7+
PHP 5.3.7 changed the behavior of the isa function, used to check if an object is an instance of a class, to call the autoload function. This causes a remote code execute problem when coupled with a standard library like PEAR that internally uses isa to check if a returned variable is an Error...
PHP 5.3.6 multiple null pointer dereference
PHP 5.3.6 multiple null pointer dereference Author: Maksymilian Arciemowicz http://securityreason.com/ http://securityreason.net/ http://cxib.net/ Date: - Dis.: 20.07.2011 - Pub.: 19.08.2011 Affected Software verified: PHP 5.3.6 and prior Fixed: PHP 5.3.7 Original URL:...
XWeavers (page.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability XWeavers page.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://xweavers.com/ Persian Gulf 4 Ever! Dork : "inurl:page.asp?id=" "Designed and Developed by XWeavers.com"...
AT-TFTP Server Remote Denial of Service Vulnerability
AT-TFTP Server v1.8 Remote Denial of Service Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1013 01/04/2011 Issue Discovered 04/04/2011 Vendor Notified No Response from the Vendor 25/04/2011 Advisory Released Class: Denial of Service Severity: High Overview:...
Xymon monitor cross-site scripting vulnerabilities
Several cross-site scripting vulnerabilities have been identified in the Xymon systems- and network-monitoring tool available at http://sourceforge.net/projects/xymon/ All versions prior to 4.3.1 released April 3, 2011 are vulnerable. I would like to thank David Ferrest for notifying me of this...
HTB22813: XSS vulnerability in UMI.CMS
Vulnerability ID: HTB22813 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinumicms1.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Medium...
Simploo CMS Community Edition - Remote PHP Code Execution Issue
Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Affected Products: ============= Simploo CMS 1.7.1 and...
Path disclousure in OpenCart
Vulnerability ID: HTB22762 Reference: http://www.htbridge.ch/advisory/pathdisclousureinopencart.html Product: OpenCart Vendor: OpenCart http://www.opencart.com/ Vulnerable Version: 1.4.9.1 Vendor Notification: 15 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted,...
Django admin list filter data extraction / leakage
ADVISORY INFORMATION: Advisory ID: NGENUITY-2010-009 Date discovered: 8.28.2010 Date published: 12.22.2010 SOFTWARE AFFECTED: “Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.” 1 The admin interface of the Django web framework can be abuse...
www.eVuln.com : Non-persistent XSS in BizDir
www.eVuln.com advisory: Non-persistent XSS in BizDir Summary: http://evuln.com/vulns/158/summary.html Details: http://evuln.com/vulns/158/description.html -----------Summary----------- eVuln ID: EV0158 Software: BizDir Vendor: LEXIPIXEL Version: v.05.10 Critical Level: low Type: Cross Site...
XSS in Textpattern CMS
Vulnerability ID: HTB22672 Reference: http://www.htbridge.ch/advisory/xssintextpatterncms.html Product: Textpattern CMS Vendor: Team Textpattern http://textpattern.com/ Vulnerable Version: 4.2.0 Vendor Notification: 21 October 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by...
[FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FLOCK-SA-2010-03 http://flock.com/security/ Title: javascript: url with a leading NULL byte can bypass cross origin protection XSS Impact: High Announced on: 2010-09-09 Affected Products: Flock 3 versions prior to 3.0.0.4112 CVEs cve.mitre.org:...
Microsoft Security Bulletin MS10-052 - Critical Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
Microsoft Security Bulletin MS10-052 - Critical Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution 2115168 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft MPEG...
[security bulletin] HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02286083 Version: 1 HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service DoS, Remote Unauthorized Access NOTICE: The informati...
[DSecRG-09-053] VMware Remoute Console - format string
Digital Security Research Group DSecRG Advisory DSECRG-09-053 Application: VMware Remoute Console Version: e.x.p build-158248 Vendor URL: http://vmware.com Bugs: Format String Vulnerabilitys Exploits: YES PoC Reported: 07.08.2009 Vendor response: 13.08.2009 Date of Public Advisory: 09.04.2010 CVE...
Hackproofing Oracle Financials 11i & R12
Hi all, Yesterday a friend of mine told me that I "forget" to share with the general public one small detail about a presentation 1 I given at the conference RootedCon 2010 2. In the presentation there is a currently working 0day against Oracle Financials R12. The 0day is too obvious and pretty...
Microsoft Security Advisory (979267) Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution
Microsoft Security Advisory 979267 Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution Published: January 12, 2010 Version: 1.0 General Information Executive Summary Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in...
[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1897-1 [email protected] http://www.debian.org/security/ Nico Golde September 28th, 2009 http://www.debian.org/security/faq -...
URL spoofing bug involving Firefox's error pages and document.write
Application: Firefox 3.0.11 OS: Windows XP - SP3 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description This software is a popular web browser that supports multiple platforms as...
SQL Injection vulnerability in myPHPNuke
Здравствуйте 3APA3A! Сообщаю вам о найденной мною SQL Injection уязвимости в системе myPHPNuke. SQL Injection: POST запрос на странице http://site/admin.php " from mpnauthors where benchmark10000,md5now!=1/ В поле Nickname. Auth Bypass атака в данном случае невозможна, только Blind SQL Injection...
Mozilla Foundation Security Advisory 2009-17
Mozilla Foundation Security Advisory 2009-17 Title: Same-origin violations when Adobe Flash loaded via view-source: scheme Impact: High Announced: April 21, 2009 Reporter: Gregory Fleischer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Security researcher Gregory...
Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway Medium Business Edition Could Cause Denial of Service 961759 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves ...
Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer (963027)
Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer 963027 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in...
Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability
As the vendor stated, see: http://www.geeklog.net/article.php/geeklog-1.5.2sr2 geeklog is also vulnerable to this: http://www.securityfocus.com/bid/34361/info actually this should be renamed in glFusion 'SESSupdateSessionTime' SQL Injection Vulnerability...
Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Oracle Database Buffer Overflow in SYS.OLAPIMPLT.ODCITABLESTART January 29, 2009 Risk Level: High Affected versions: Oracle Database Server version 9iR2 Remote exploitable: Yes Authentication to Database Server is needed...
[Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server
Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server PoC: http://OC4J/web-app/foobar/c0aec0ae/WEB-INF/web.xml Related: https://vulners.com/cve/CVE-2008-2938 Explaination: The "c0aec0ae" is interpreted as: ".." because on Java's side: "c0ae" is interpreted as: "uC0AE"...
WebStudio CMS 'pageid' Blind SQL Injection
Application: WebStudio CMS Vendor Name: BDigital Media Ltd Vendors Url: http://www.bdigital.biz Bug Type: WebStudio CMS pageid Blind SQL Injection Vulnerability Exploitation: Remote Severity: Critical Solution Status: Unpatched Introduction: WebStudio CMS is a modular Web Content Management Syste...
[AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)
Please find attached a detailed advisory of the vulnerability. Alternatively, the advisory can also be found at: http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last...
WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy
Virangar Security Team Tilte: WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy Author..................: theEdit0r Homepage ...............: Www.Virangar.netwww.virangar.ir Location ...............: Iran Software ...............: WellyBlog Open Source Blog Portal Site Script...
Mozilla Foundation Security Advisory 2008-17
Mozilla Foundation Security Advisory 2008-17 Title: Privacy issue with SSL Client Authentication Impact: Low Announced: March 25, 2008 Reporter: Peter Brodersen and Alexander Klink Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.13 SeaMonkey 1.1.9 Description Peter Brodersen and Alexander...
US-CERT Technical Cyber Security Alert TA07-355A -- Adobe Updates for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-355A Adobe Updates for Multiple Vulnerabilities Original release date: December 21, 2007 Last revised: -- Source: US-CERT Systems Affected Adobe Flash Player 9.0.48.0 and earlier Adobe...
ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows
ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows http://www.zerodayinitiative.com/advisories/ZDI-07-071.html December 6, 2007 -- CVE ID: CVE-2007-6204 -- Affected Vendor: Hewlett-Packard -- Affected Products: OpenView Network Node Manager 7.51 and below -- TippingPointTM...
WebBatch Applications Cross Site Scripting Vulrnability
HSC WebBatch Applications Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...
TS-2007-002-0: BlueCat Networks Adonis root Privilege Access
Template Security Security Advisory ----------------------------------- BlueCat Networks Adonis root Privilege Access Date: 2007-08-06 Advisory ID: TS-2007-002-0 Vendor: BlueCat Networks, http://www.bluecatnetworks.com/ Revision: 0 Contents -------- Summary Software Version Details Impact Exploit...
Microsoft Security Bulletin MS07-040 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
Microsoft Security Bulletin MS07-040 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution 931212 Published: July 10, 2007 Version: 1.0 General Information Executive Summary This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could...
SAP Web Dynpro Java (BC-WD-JAV) Vulnerability
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: NetWeaver, Web Dynpro Java BC-WD-JAV Vendor: SAP Subject: Multiple XSS, HTML Injection Risk: Medium Effect: Remotely exploitable Author: Cyrill Brunschwiler [email protected] Date: June, 17th 2007 Introduction: ------------- Compass...
[Full-disclosure] [ MDKSA-2007:122 ] - Updated gd packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:122 http://www.mandriva.com/security/ Package : gd Date : June 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: A flaw in libgd2 was found by Xavier Roche where it would n...
GMTT Music Distro 1.2 XSS Exploit
-=--------------------ADVISORY-------------------=- GMTT Music Distro Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: GMTT Music Distro -=+ Version: 1.2 -=+ Vendor's URL: http://www.gmtt.co.uk/catalog/webstores -=+ Platform: WindowsLinuxUnix...
Linux and BSD based Unix system IPv6 traffic amplification
IPv6 routing header allows to set route in a way to trasmit packet for multiple times over the same link...
audioCMS arash 0.1.4(arashlib_dir)Remote File Inclusion Vulnerabilities
audioCMS arash 0.1.4arashlibdirRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/arash/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/arashlib/include/edit.inc.php?arashlibdir=Shell...
aspWebCalendar Remote SQL Injection Vulnerability
Title : aspWebCalendar Remote SQL Injection Vulnerability Author : parad0x Contact : : D.Page : http://www.scriptdungeon.com/script.php?ScriptID=4306 $$ : free S.Page : http://fullrevolution.com http://target/path/calendar.asp?action=viewevent&eventid=SQL Example:...
phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability
+------------------------------------------------------------------------------------------- + phpPowerCards 2.10 txt.inc.php Remote Code Execution Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: phpPowerCards 2.10 ...
PHP open_basedir with symlink() function Race Condition PoC exploit
/ -------------------------------------------------------- Neo Security Team NST - Advisory 26 - 09/10/06 -------------------------------------------------------- Program: PHP Homepage: http://www.php.net Vulnerable Versions: PHP 3, 4, 5 Risk: High! Impact: Critical Risk -==PHP openbasedir with...
CuteNews 1.3.* Remote File Include Vulnerability
Welcome people In World Defacers Team World Defacers Team ====================================== --------------------Summary---------------- eVuln ID: WD22 Vendor: CuteNews 1.3. Vendor's Web Site: http://cutephp.com/ Software: Live Customer Support Solution :- http://www.pansionat.net/novost/...
Joomla RFİ ( ERNE )
ERNE ---- ERNEALZM ---- BU ASK BiTMEZ---- Mambo jim Component - Remote File Include Vulnerabilities Credits : ERNE Risk : High Class: Remote Thanks : EntRika, Liz0zim, Rmx, Dengesiz, DiLejyoner AND irc.gigachat.net kurdhack contact: erneaternealizmdotcom Vulnerable :...
[Full-disclosure] Latinchat Denial Of Service
Denial Of Service on Chat Magma Latinchat http://www.latinchat.com Researcher: Vicente Perez 1.-Overview Latinchat is one of the most known chat server, and used basically by latin american people. 2.-Description This system has a vulnerabily as DoS, taking system offline by a while. The fail...
ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug
ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug ---------------------------------------------------- site:http://www.linux.it/fedro/ demo:http://www.e-stamp.ru/forum203/ --------------------------------------------------...
[NT] Norton GoBack Local Authentication Bypass
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
[Bday release] Comersus shopping cart has multiple Sql injection and Cross Site Scripting vulnerabilities
Dcrab 's Security Advisory http://www.dbtech.org Deadbolt Computer Technologies SPECIAL BIRTHDAY RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU CAN SEND EMAILS TO [email protected] Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at...