47153 matches found
Forum Oxalis 0.1.2 <= SQL Injection Vulnerability
Forum Oxalis 0.1.2 = SQL Injection Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Forum Oxalis is a minimalis GPL PHP forum using CSS." Vendor URI: http://developer.berlios.de/projects/forumoxalis/ Risk-level: High The application is prone to a remote SQL...
[Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities
Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============...
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...
Wolf CMS v0.7.5 - Multiple Web Vulnerabilities
Title: ====== Wolf CMS v0.7.5 - Multiple Web Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=452 VL-ID: ===== 452 Introduction: ============= Wolf CMS is a content management system and is Free Software published under the GNU...
Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability
-------------------------------------------------------------------------------- Wordpress Kish Guest Posting Plugin 1.0 uploadify.php Unrestricted File Upload -------------------------------------------------------------------------------- author............: Egidio Romano aka EgiX...
ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability
ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-290 October 15, 2011 - -- CVE ID: CVE-2011-2001 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products:...
Security bypass vulnerability in MyBB
Hello 3APA3A! I want to warn you about security bypass vulnerability in MyBB, which allows to bypass protection against Brute Force and conduct Brute Force attacks. In August in my article Bypassing captchas and blocking at web sites http://websecurity.com.ua/5334/ I wrote about vulnerability in...
Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar Advisory ID: cisco-sa-20110601-cnr Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT +---------------------------------------------------------------------...
Tembria Server Monitor Multiple Cross-site Scripting (XSS) Vulnerabilities
Tembria Server Monitor Multiple Cross-site Scripting XSS Vulnerabilities Solutionary ID: SERT-VDN-1003 Solutionary Disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html CVE ID: Pending Product: Tembria Server Monitor Application Vendor: Tembria...
[SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.3 - - Tomcat 6.0.0 to 6.0.? - - Tomcat 5.5.0 to 5.5.? - - Earlier, unsupported...
PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 11.11.2010 - - Pub.: 10.12.2010 CERT: VU479900 CVE: CVE-2010-4409 CWE: CWE-189 Status: Fixed in PHP 5.3.4...
Stored XSS (Cross Site Scripting) vulnerability in Diferior
Vulnerability ID: HTB22721 Reference: http://www.htbridge.ch/advisory/storedxsscrosssitescriptingvulnerabilityindiferior.html Product: Diferior Vendor: Povilas Musteikis http://www.diferior.com/ Vulnerable Version: 8.03 and probably prior versions Vendor Notification: Vulnerability Type: Stored X...
Microsoft Security Bulletin MS10-068 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
Microsoft Security Bulletin MS10-068 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege 983539 Published: September 14, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability ...
Directory Traversal Vulnerability in TurboFTP Server
Vulnerability ID: HTB22514 Reference: http://www.htbridge.ch/advisory/directorytraversalvulnerabilityinturboftpserver.html Product: TurboFTP Server Vendor: TurboSoft, Inc http://turboftp.com/ Vulnerable Version: 1.20 Build 745 and Probably Prior Versions Vendor Notification: 19 July 2010...
[SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2018-1 [email protected] http://www.debian.org/security/ Raphael Geissert March 18, 2010 http://www.debian.org/security/faq -...
Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities
Multiple memory corruptions in ICMPv6, IPSec, TCP implementations...
US-CERT Technical Cyber Security Alert TA10-012A -- Oracle Updates for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-012A Oracle Updates for Multiple Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected Oracle Database 11g, version 11.1.0.7 Oracle Database 10g Release...
com_jumi / jumi 2.0.5 for joomla 1.5 backdoored
Summary: another backdoored joomla component yawn Application: Jumi, a joomla component About Jumi: Jumi is the set of custom code extensions for Joomla! 1.0.x and 1.5.x in their native modes. Since 2006 more then 200.000 downloads. With Jumi you can include php, html, javascript scripts into the...
[ONSEC-09-017] Blogolet PHP including
ONSEC-09-017 Blogolet PHP including Цель: Blogolet CMS Тип: PHP инъекция Угроза: Высокая Дата обнаружения: 21.09.2009 Дата оповещения разработчика: 21.09.2009 Дата выхода исправления: 21.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимость существует...
Cisco Security Advisory: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products Advisory ID: cisco-sa-20090908-tcp24 Revision 1.0 For Public Release 2009 September 8 1700 UTC GMT...
Kaspersky Antivirus DoS
Infinite loop on parsing URL with large number of dots...
Virtualmin Multiple Vulnerabilities
Virtualmin Multiple Vulnerabilities by Filip Palian filip dot palian at pjwstk dot edu dot pl Software affected: Virtualmin 3.703 Description from the vendor site: "Virtualmin is the world's most powerful and flexible web server control panel. Manage your virtual domains, mailboxes, databases,...
[SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0783: Apache Tomcat information disclosure vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 The unsupported Tomcat 3.x, 4.0.x and 5.0.x...
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
About the security content of Security Update 2009-002 / Mac OS X v10.5.7 Last Modified: May 12, 2009 Article: HT3549 Summary This document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from...
Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution 960803 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and two privately...
OpenX 2.6.4 multiple vulnerabilities
OpenX multiple vulnerabilities An advisory by EnableSecurity in collaboration with Acunetix. Advisory URL: http://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt Version: OpenX 2.6.4 and older versions Description: OpenX is an online advertising web application written in PHP tha...
Mozilla Foundation Security Advisory 2008-69
Mozilla Foundation Security Advisory 2008-69 Title: XSS vulnerabilities in SessionStore Impact: Critical Announced: December 16, 2008 Reporter: mozbugra4 Products: Firefox Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Description Mozilla security researcher mozbugra4 reported vulnerabilities in the...
VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2008-0014 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information...
Null Byte Local file Inclusion in FAR - PHP Project version:1.0
. . | / | | | / / | |/ // / / / |/ / // | / | | / / / // / |/| || /| / / / / / / / / | | / / / | // est.2007 / / forum.darkc0de.com Web Application: FAR - PHP Project version:1.0 Vendor's Address :www.far-php.ro Author: Beenu Arora Address: www.beenuarora.com Python Dark Scripts:...
[SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 inclusive == == Summary:...
Wordpress Malicious File Execution Vulnerability
========================================================== Wordpress Malicious File Execution Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 18 May 2008 SITE : www.citecclub.org APPLICATION : Wordpress Blog VERSION : = 2.5.1 VENDOR :...
BosNews 2002-2006 Remote add user admin
-------------------------------------------------------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo ---------------------------------------------------------...
SolpotCrew Advisory #16 - Mitra Informatika Solusindo cart Remote Sql Injection Exploit
SolpotCrew Community Mitra Informatika Solusindo cart Remote Sql Injection Exploit vendor : http://www.mitrainformatika.com/ Bug Found By : homeedition2001 a.k.a bius 4-03-2008 contact: [email protected] Website : www.solpotcrew.org/adv/homeedition2001-adv-03.txt Greetz:...
PHP-Nuke Module "seminar" Local FIle Inclusion
Aria-Security Team Persian Security Network http://Aria-Security.net ----------------------------------------------- Shoutz: AurA, Null, Kinglet, imm02tal And all our staff PHP-Nuke Module "seminar" Local FIle Inclusion Original Advisory: http://forum.aria-security.net/showthread.php?p=1591...
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search
------------------------------------------------------------------------ Cross-Site Scripting XSS in phpWebSite 1.4.0 search ------------------------------------------------------------------------ Author: Audun Larsen larsen at xqus dot com Date: Dec 29, 2007 --AFFECTED...
DNewsWeb Softwares Cross Site Scripting Vulrnability
HSC DNewsWeb Softwares Cross Site Scripting Vulrnability The DNews News Server is advanced news server software that makes it easy for you to provide users with fast access to Internet Usenet news groups. Installing your own l ocal news server software also gives you complete control to create yo...
[ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 200705-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
[Full-disclosure] SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities
netVigilance Security Advisory 18 SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities Description: SonicBB is a user-friendly and fully customizable bulletin board package. SonicBB is compatible with any web server/operating system combo with PHP 4.x or higher installed.SonicBB is the...
CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ OpenBSD's IPv6 mbufs remote kernel buffer overflow Date Published: 2007-03-13 Last Update: 2007-03-13 Advisory ID: CORE-2007-0219 Bugtraq ID: None currently assigned...
PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability
Title : PHPFootball 1.6 show.php Remote Database Disclosure Vulnerability Author : ajann Contact : : S.Page : http://phpfootball.sourceforge.net $$ : Free Dork : inurl:/phpfootball/ DBREAD--------------------------------------------------------- http://target/path//show.php VARIABLES Example:...
[Full-disclosure] ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability
ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-039.html November 10, 2006 -- CVE ID: CVE-2006-5487 -- Affected Vendor: Marshal -- Affected Products: MailMarshal SMTP 5.x MailMarshal SMTP 6.x MailMarshal SMTP 2006...
[SA22690] Yazd Discussion Forum Two Security Bypass Issues
TITLE: Yazd Discussion Forum Two Security Bypass Issues SECUNIA ADVISORY ID: SA22690 VERIFY ADVISORY: http://secunia.com/advisories/22690/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: From remote SOFTWARE: Yazd Discussion Forum Software 1.x...
[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues
------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-024 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Moderately critical Exploitable from: Remot...
Tagmin C.C 2.1.B Remote File Include
Tagmin C.C 2.1.B Remote File Include +Advisory 3 +LMS 1.12 Sql Injection +Product :Tagmin Control Center 2.1.B +Develop: http://ds3.bbminc.net/tagit2b/ +Dork: inurl:"/tagit2b/" +Vulnerable: Remote File Include +Risk:High +Discovered:by Kernel-32 +Contact: [email protected] +Homepage:...
SYMSA-2006-005
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-005 Advisory Title: Lanap CAPTCHA bypass exposure Author : Michael White, [email protected] and Graham Murphy, [email protected]...
WinAmp player buffer overflow
Buffer overflow on oversized computer name in UNC path of .pls on .m3u file entry. Buffer overflow on oversized WMA playlist file entry. Vulnerability can be exploited for hidden trojan installation...
Raknet network library DoS
Endless loop with 100 CPU usage on empty UDP packet...
Woltlab Burning Book addentry.php SQL Injection
Advisory Information -------------------- Advisory name : Woltlab Burning Book addentry.php SQL Injection Discovered by : drhankey / it-security23.net Vendor Name : Woltlab Vendor Homepage : http://www.woltlab.de Software : Woltlab Burning Book Lite Vulnerability Type : Cross-Site-Scripting...
Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft VM Could Enable System Compromise 816093 Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical...
Обход Trend Micro AppletTrap (protection bypass)
Можно обойти защиту от Javascript Используя Unicode - кодировку...