47153 matches found
[SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 inclusive == == Summary:...
Wordpress Malicious File Execution Vulnerability
========================================================== Wordpress Malicious File Execution Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 18 May 2008 SITE : www.citecclub.org APPLICATION : Wordpress Blog VERSION : = 2.5.1 VENDOR :...
BosNews 2002-2006 Remote add user admin
-------------------------------------------------------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo ---------------------------------------------------------...
SolpotCrew Advisory #16 - Mitra Informatika Solusindo cart Remote Sql Injection Exploit
SolpotCrew Community Mitra Informatika Solusindo cart Remote Sql Injection Exploit vendor : http://www.mitrainformatika.com/ Bug Found By : homeedition2001 a.k.a bius 4-03-2008 contact: [email protected] Website : www.solpotcrew.org/adv/homeedition2001-adv-03.txt Greetz:...
PHP-Nuke Module "seminar" Local FIle Inclusion
Aria-Security Team Persian Security Network http://Aria-Security.net ----------------------------------------------- Shoutz: AurA, Null, Kinglet, imm02tal And all our staff PHP-Nuke Module "seminar" Local FIle Inclusion Original Advisory: http://forum.aria-security.net/showthread.php?p=1591...
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search
------------------------------------------------------------------------ Cross-Site Scripting XSS in phpWebSite 1.4.0 search ------------------------------------------------------------------------ Author: Audun Larsen larsen at xqus dot com Date: Dec 29, 2007 --AFFECTED...
DNewsWeb Softwares Cross Site Scripting Vulrnability
HSC DNewsWeb Softwares Cross Site Scripting Vulrnability The DNews News Server is advanced news server software that makes it easy for you to provide users with fast access to Internet Usenet news groups. Installing your own l ocal news server software also gives you complete control to create yo...
CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ OpenBSD's IPv6 mbufs remote kernel buffer overflow Date Published: 2007-03-13 Last Update: 2007-03-13 Advisory ID: CORE-2007-0219 Bugtraq ID: None currently assigned...
PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability
Title : PHPFootball 1.6 show.php Remote Database Disclosure Vulnerability Author : ajann Contact : : S.Page : http://phpfootball.sourceforge.net $$ : Free Dork : inurl:/phpfootball/ DBREAD--------------------------------------------------------- http://target/path//show.php VARIABLES Example:...
[Full-disclosure] ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability
ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-039.html November 10, 2006 -- CVE ID: CVE-2006-5487 -- Affected Vendor: Marshal -- Affected Products: MailMarshal SMTP 5.x MailMarshal SMTP 6.x MailMarshal SMTP 2006...
[SA22690] Yazd Discussion Forum Two Security Bypass Issues
TITLE: Yazd Discussion Forum Two Security Bypass Issues SECUNIA ADVISORY ID: SA22690 VERIFY ADVISORY: http://secunia.com/advisories/22690/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: From remote SOFTWARE: Yazd Discussion Forum Software 1.x...
[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues
------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-024 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Moderately critical Exploitable from: Remot...
Tagmin C.C 2.1.B Remote File Include
Tagmin C.C 2.1.B Remote File Include +Advisory 3 +LMS 1.12 Sql Injection +Product :Tagmin Control Center 2.1.B +Develop: http://ds3.bbminc.net/tagit2b/ +Dork: inurl:"/tagit2b/" +Vulnerable: Remote File Include +Risk:High +Discovered:by Kernel-32 +Contact: [email protected] +Homepage:...
Raknet network library DoS
Endless loop with 100 CPU usage on empty UDP packet...
Woltlab Burning Book addentry.php SQL Injection
Advisory Information -------------------- Advisory name : Woltlab Burning Book addentry.php SQL Injection Discovered by : drhankey / it-security23.net Vendor Name : Woltlab Vendor Homepage : http://www.woltlab.de Software : Woltlab Burning Book Lite Vulnerability Type : Cross-Site-Scripting...
iDEFENSE Security Advisory 12.16.04: MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability
MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability iDEFENSE Security Advisory 12.16.04 http://www.idefense.com/application/poi/display?id=168 December 16, 2004 I. BACKGROUND MPlayer is a movie player for Linux that also runs on many other Unices, and non- x86 CPUs. It plays most MPEG, VOB,...
Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft VM Could Enable System Compromise 816093 Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical...
Security Bulletin (MS00-039)
Microsoft Security Bulletin MS00-039 - -------------------------------------- Patch Available for "SSL Certificate Validation" Vulnerabilities Originally posted: June 05, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities in Microsoftr Internet...
Security Bulletin (MS00-022)
Patch Available for "XLM Text Macro" Vulnerability Originally Posted: April 03, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Excel. The vulnerability could allow a macro to run without generating the expected security warning. Frequent...
[SECURITY] [DSA 3346-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3346-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 31, 2015 https://www.debian.org/security/faq -...
Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vtiger CRM Authenticated Remote Code Execution CVE-2015-6000 http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html 1. Summary 2. Vulnerability Details 3. Exploitation / Proof of Concept 4. Timeline 5. See Also 1. Summary Vtiger CRM...
[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability
------------------------------------------------------------------------------- Magento = 1.9.2 catalogProductCreate Autoloaded File Inclusion Vulnerability ------------------------------------------------------------------------------- - Software Link: http://magento.com/ - Affected Versions:...
[USN-2745-1] QEMU vulnerabilities
========================================================================== Ubuntu Security Notice USN-2745-1 September 24, 2015 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
[USN-2724-1] QEMU vulnerabilities
========================================================================== Ubuntu Security Notice USN-2724-1 August 27, 2015 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
Microsoft Office multiple security vulnerabilities
Memory corruptions, code execution...
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )
Advisory: Adobe Connect Reflected XSS Author: Stas Volfus Bugsec Information Security LTD Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect Central version: 9.3 is vulnerable to Reflected XSS Cro...
[ MDVSA-2015:097 ] php-ZendFramework
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:097 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : March 28, 2015 Affected: Business Server 2.0 Problem Description: Updated php-ZendFramework packages fix multiple...
Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser
------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...
[USN-2531-1] Requests vulnerability
========================================================================== Ubuntu Security Notice USN-2531-1 March 16, 2015 requests vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 3177-1] mod-gnutls security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3177-1 [email protected] http://www.debian.org/security/ Sebastien Delafond March 10, 2015 http://www.debian.org/security/faq -...
Multiple Vulnerabilities in my little forum
Advisory ID: HTB23248 Product: my little forum Vendor: http://mylittleforum.net/ Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Advisory Publication: January 14, 2015 without technical details Vendor Notification: January 14, 2015 Vendor Patch: February 8, 2015 Public...
[SECURITY] [DSA 3116-1] polarssl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3116-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 30, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3107-1] subversion security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3107-1 [email protected] http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq -...
[security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04476799 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04476799 Version: 1 HPSBUX03139...
Apple Mac OS X / OS X Server multiple security vulnerabilities
Privilege escalation, multiple memory corruptions on different formats parsing, information leakage, DoS, protection bypass, multiple vulnerabilities in 3rd parties components...
CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java
CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java =================================================================== Smack http://www.igniterealtime.org/projects/smack/ is an Open Source XMPP Jabber client library for instant messaging and presence written in Java. Smack prior ...
[SECURITY] [DSA 2926-1] linux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2926-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 12, 2014 http://www.debian.org/security/faq -...
[USN-2172-1] CUPS vulnerability
========================================================================== Ubuntu Security Notice USN-2172-1 April 24, 2014 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities
ESA-2014-009.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2014-009 CVE Identifier: CVE-2011-1473, CVE-2014-0625, CVE-2014-0626, CVE-2014-0627 Severity Rating: CVSS v2 Base Score: See below for individual scores...
USN-2126-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2126-1 March 03, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
HP Service Manager multiple security vulnerabilities
Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Remote Denial of Service DoS, Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues...
Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability
Document Title: =============== Barracuda Bug Bounty 36 Firewall - Client Side Exception Handling Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1102 Barracuda Networks Security ID BNSEC: BNSEC-2398...
XSS and CSRF Horde Groupware Web mail Edition
Exploit Title : XSS and CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/28/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...
[USN-2004-1] python-glanceclient vulnerability
========================================================================== Ubuntu Security Notice USN-2004-1 October 23, 2013 python-glanceclient vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Cisco Identity Services Engine multiple security vulnerabilities
Authentication bypass, code execution...
WowzaMediaServer SecureToken bypass (and worse)
Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: By default all installations of WMS use four modules in their application's config file: base, properties, logging, flvplayback. I've found out that the properties...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ • Software Link: http://dleviet.com/ • Affected Version: 9.7 only. • Vulnerability Description: Th...
[USN-1643-1] Perl vulnerabilities
========================================================================== Ubuntu Security Notice USN-1643-1 November 30, 2012 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
PrestaShop <= 1.5.1 Persistent XSS
PrestaShop = 1.5.1 Persistent XSS Tested under: Firefox, Chrome and Safari latest versions Discover Credits: David Sopas - [email protected] | @dsopas | davidsopas.com/labs Original link: http://davidsopas.com/labs/prestashopxss.txt Description: PrestaShop is the most reliable and flexible...