Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2013/04/02 12:0 a.m.99 views

[USN-1784-1] libxslt vulnerability

========================================================================== Ubuntu Security Notice USN-1784-1 April 02, 2013 libxslt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.4AI score0.04286EPSS
Exploits1
securityvulns
securityvulns
added 2013/02/04 12:0 a.m.99 views

[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability

------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ • Software Link: http://dleviet.com/ • Affected Version: 9.7 only. • Vulnerability Description: Th...

7.5CVSS0.3AI score0.40465EPSS
Exploits9
securityvulns
securityvulns
added 2012/12/11 12:0 a.m.99 views

Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework

Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...

6.8CVSS0.6AI score0.09296EPSS
Exploits5
securityvulns
securityvulns
added 2012/10/05 12:0 a.m.99 views

[security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03489683 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03489683 Version: 3 HPSBMU02815...

10CVSS0.5AI score0.6022EPSS
Exploits6
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.99 views

WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities

Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-015 Author: Stefan Schurtz Affected Software: Successfully tested on 'Count Per Day' 3.1.1 Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day Vendor Status: fixed...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.99 views

Microsoft Windows multiple security vulnerabilities

MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability...

9.3CVSS2.7AI score0.99966EPSS
Exploits14References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.99 views

Brute Force и XSS уязвимости в Webglimpse

Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2012/03/18 12:0 a.m.99 views

Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability Advisory ID: cisco-sa-20120314-fwsm Revision 1.0 For Public Release 2012 March 14 16:00 UTC GMT...

7.8CVSS0.7AI score0.02076EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/05 12:0 a.m.99 views

MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter

CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...

0.2AI score
Exploits2
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.99 views

ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability

ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-290 October 15, 2011 - -- CVE ID: CVE-2011-2001 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products:...

9.3CVSS0.4AI score0.71802EPSS
Exploits5
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.99 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

8.3CVSS1.6AI score0.10046EPSS
Exploits7References29Affected Software9
securityvulns
securityvulns
added 2011/06/29 12:0 a.m.99 views

Multiple vulnerabilities in Open-Realty

Vulnerability ID: HTB23023 Reference: http://www.htbridge.ch/advisory/multiplevulnerabilitiesinopenrealty.html Product: Open-Realty Vendor: Transparent Technologies, Inc. http://www.open-realty.org/ Vulnerable Version: 3.1.5 and probably prior Tested on: 3.1.5 Vendor Notification: 07 June 2011...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/06/19 12:0 a.m.99 views

NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability

NSFOCUS Security AdvisorySA2011-01 Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability Release Date: 2011-06-15 CVE ID: CVE-2011-1250 http://www.nsfocus.com/en/advisories/1101.html Affected Software and System: ============================= Microsoft Internet...

9.3CVSS6.5AI score0.21586EPSS
Exploits1
securityvulns
securityvulns
added 2011/05/05 12:0 a.m.99 views

[USN-1129-1] Perl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1129-1 May 03, 2011 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

8.5CVSS0.6AI score0.08712EPSS
Exploits4
securityvulns
securityvulns
added 2011/03/15 12:0 a.m.99 views

About the security content of Safari 5.0.4

About the security content of Safari 5.0.4 Last Modified: March 09, 2011 Article: HT4566 Email this article Print this page Summary This document describes the security content of Safari 5.0.4. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until...

10CVSS9.6AI score0.43382EPSS
Exploits11
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.99 views

PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 11.11.2010 - - Pub.: 10.12.2010 CERT: VU479900 CVE: CVE-2010-4409 CWE: CWE-189 Status: Fixed in PHP 5.3.4...

5CVSS7.7AI score0.18878EPSS
Exploits5
securityvulns
securityvulns
added 2010/12/10 12:0 a.m.99 views

Mozilla Foundation Security Advisory 2010-81

Mozilla Foundation Security Advisory 2010-81 Title: Integer overflow vulnerability in NewIdArray Impact: Critical Announced: December 9, 2010 Reporter: regenrecht Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.13 Firefox 3.5.16 SeaMonkey 2.0.11 Description Security researcher regenrecht...

9.3CVSS0.7AI score0.04812EPSS
Exploits0
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.99 views

[ MDVSA-2010:224 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:224 http://www.mandriva.com/security/ Package : php Date : November 9, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability was discovered...

6.8CVSS7.6AI score0.11281EPSS
Exploits1
securityvulns
securityvulns
added 2010/07/24 12:0 a.m.99 views

ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability

ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-133 July 20, 2010 -- CVE ID: CVE-2010-2752 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x --...

9.3CVSS0.5AI score0.09782EPSS
Exploits5
securityvulns
securityvulns
added 2010/06/29 12:0 a.m.99 views

Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries

Nuance Communications, Inc. offer on their german web page http://www.nuance.de/kostenlose-ocr-software-test/download.asp a trial version of OmniPage 16 Professional for download. The installer OPPro16TD.exe a self-extracting RAR archive was published "Tue, 30 Jun 2009 14:38:28 GMT" according to...

7AI score
Exploits0
securityvulns
securityvulns
added 2010/05/13 12:0 a.m.99 views

VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280)

VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities CVE-2010-1280 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to...

9.3CVSS9.2AI score0.16637EPSS
Exploits8
securityvulns
securityvulns
added 2010/04/19 12:0 a.m.99 views

[DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-09-049 Application: IBM BladeCenter Managmet Module Versions Affected: before BPET50G Vendor URL: http://www-03.ibm.com/systems/bladecenter/ Bug: DoS Exploits: YES Reported: 24.07.2009 Vendor response: 26.07.2009 Date of Public Advisory:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.99 views

AneCMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: AneCMS Multiple Vulnerabilities Vendor: http://anecms.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with a RAW HTTP packet sender Fix: N/A - Description: AneCMS is a small and fast CMS completely modular. Written...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/03/31 12:0 a.m.99 views

VMSA-2010-0005 VMware products address vulnerabilities in WebAccess

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0005 Synopsis: VMware products address vulnerabilities in WebAccess Issue date: 2010-03-29 Updated on: 2010-03-29 initial releas...

7.5CVSS7AI score0.02399EPSS
Exploits2
securityvulns
securityvulns
added 2010/03/21 12:0 a.m.99 views

Vbulletin 4.0.2 XSS Vulnerability

================================= Vbulletin 4.0.2 XSS Vulnerability ================================= + Vbulletin 4.0.2 XSS Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2010/02/22 12:0 a.m.99 views

[Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-004: SAP J2EE Authentication Phishing Vector This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.99 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance Advisory ID: cisco-sa-20100210-ironport Revision 1.0 For Public Release 2010 February 10 1600 UTC GMT...

10CVSS0.9AI score0.04387EPSS
Exploits1
securityvulns
securityvulns
added 2009/12/29 12:0 a.m.99 views

[ MDVSA-2009:344 ] perl-DBD-Pg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:344 http://www.mandriva.com/security/ Package : perl-DBD-Pg Date : December 28, 2009 Affected: 2008.0 Problem Description: Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg: Heap-based...

7.5CVSS8.2AI score0.04347EPSS
Exploits2
securityvulns
securityvulns
added 2009/11/20 12:0 a.m.99 views

[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01931960 Version: 1 HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as...

10CVSS0.1AI score0.78968EPSS
Exploits12
securityvulns
securityvulns
added 2009/10/13 12:0 a.m.99 views

Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution 975254 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves two publicly disclosed...

9.3CVSS0.4AI score0.90913EPSS
Exploits20
securityvulns
securityvulns
added 2009/08/14 12:0 a.m.99 views

[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01820968 Version: 1 HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux ICE-LX Cross Site Request Forgery CSRF , Remote Execution of Arbitrary Code, Denial of Service DoS, and Other...

7.5CVSS0.6AI score0.15395EPSS
Exploits3
securityvulns
securityvulns
added 2009/08/08 12:0 a.m.99 views

ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability

ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-049 August 5, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details: This vulnerability allow...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/06/08 12:0 a.m.99 views

[security bulletin] HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01760771 Version: 1 HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory DDMI Running on Windows, Remote Unauthorized Access NOTICE: The information in this Security Bulleti...

4CVSS0.3AI score0.01758EPSS
Exploits0
securityvulns
securityvulns
added 2009/04/12 12:0 a.m.99 views

ftpdmin v. 0.96 RNFR remote buffer overflow exploit

?php / ftpdmin v. 0.96 RNFR remote buffer overflow exploit xp sp3 / case study by Nine:Situations:Group::surfista software site: http://www.sentex.net/mwandel/ftpdmin/ our site: http://retrogod.altervista.org/ bug found by rgod in 2006, RNFR sequences can trigger a simple eip overwrite. We can us...

Exploits0
securityvulns
securityvulns
added 2009/02/01 12:0 a.m.99 views

Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2008/11/01 12:0 a.m.99 views

İltaweb Kolay Site (urundetay) Sql injection Vulnerability (Tr)

Author: BiLGi ASD Contact: [email protected] Home: Bilgi-Asd.Ch Script: ltaweb Kolay Site Tr Sql injection Vulnerability http://www.aspindir.com/goster/5665 $Price$: 100 Exploit: urundetay.asp?id=67+union+select+0,1,sifre,kullaniciadi,4,5,6,7,8,9,10,11,12+from+uyeler Demo:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/10/02 12:0 a.m.99 views

Remote and Local File Inclusion Vulnerability <= 1.1 Rportal

RPortal v1.1 Rportal is a management system of contents simple and powerful Web, enabling you to create your site in a few minutes, while profiting from a complete and effective administration. Remote and Local File Inclusion Vulnerability = 1.1 Found the 29th September 2008 Author: Kad mail :...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/09/04 12:0 a.m.99 views

CS-Cart <= 1.3.5 SQL Injection

GulfTech Security Research September 02, 2008 Vendor : CS-Cart.com URL : http://www.cs-cart.com/ Version : CS-Cart = 1.3.5 Risk : SQL Injection Description: CS-Cart Cart is a full featured online ecommerce application written in php that allows users to build, run and promote an online store. The...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.99 views

Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)

Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 954066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Office Excel...

9.3CVSS1.2AI score0.35649EPSS
Exploits8
securityvulns
securityvulns
added 2008/08/01 12:0 a.m.99 views

[CVE-2008-2370] Apache Tomcat information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2370: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and...

5CVSS7.1AI score0.52716EPSS
Exploits1
securityvulns
securityvulns
added 2008/07/29 12:0 a.m.99 views

[SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1619-1 [email protected] http://www.debian.org/security/ Devin Carraway July 27, 2008 http://www.debian.org/security/faq -...

5CVSS7.2AI score0.95182EPSS
Exploits20
securityvulns
securityvulns
added 2008/05/20 12:0 a.m.99 views

Wordpress Malicious File Execution Vulnerability

========================================================== Wordpress Malicious File Execution Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 18 May 2008 SITE : www.citecclub.org APPLICATION : Wordpress Blog VERSION : = 2.5.1 VENDOR :...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/02/10 12:0 a.m.99 views

CVE-2008-0002: Tomcat information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-0002: Tomcat information disclosure vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.5 to 6.0.15 Description: If an exception occurs during the processing of parameters eg if the client...

5.8CVSS7.1AI score0.05057EPSS
Exploits0
securityvulns
securityvulns
added 2008/01/02 12:0 a.m.99 views

Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search

------------------------------------------------------------------------ Cross-Site Scripting XSS in phpWebSite 1.4.0 search ------------------------------------------------------------------------ Author: Audun Larsen larsen at xqus dot com Date: Dec 29, 2007 --AFFECTED...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2007/11/27 12:0 a.m.99 views

PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/09/26 12:0 a.m.99 views

[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:188 http://www.mandriva.com/security/ Package : postgresql Date : September 25, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: PostgreSQL 8.1 and probably later and earlier...

10CVSS7.7AI score0.2613EPSS
Exploits3
securityvulns
securityvulns
added 2007/08/03 12:0 a.m.99 views

Pluck 4.3 themes.php Remote File Inclusion and disclosure

Aria-Security Team Pluck 4.3 Remote File Inclusion Vendor: http://www.pluck-cms.org/ /path/data/inc/theme.php if Registerglobal was set as ON then we can use the $dir variable for RFI isfile$dir."/".$file $files=$file; else $dirs=$dir."/".$file; if$dirs foreach $dirs as $dir include...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/27 12:0 a.m.99 views

PHP Safe_mode bypass exploit (win32service)

?php PHP Safemode bypass exploit win32service Note: Tested on 5.2.1 Author: NetJackal Email: nima501atyahoodotcom Website: http://netjackal.by.ru Usage: http://victim.net/nj.php?CMD=command $command=isset$GET'CMD'?$GET'CMD':'dir'; cammand $dir=iniget'uploadtmpdir'; Directory to store command's...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.99 views

PHMe CMS 0.0.2 local File Include Vulnerabilitiy

Tilte: PHMe CMS 0.0.2 local File Include Vulnerabilitiy www.Aria-security.Com For English www.Aria-Security.net For Persian Author: YouYou Software: PHMe CMS Site Script: http://sourceforge.net/projects/phme proof Of Concept : www.example.com/path/resources/functionlist.php?action=Local Script00...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.99 views

Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6

A security issue has been found which allows an unauthenticated user to bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6. Severity: Highly Critical Versions affected: 1.2.0 through 1.2.6 Status: Vendor solution available upgrade to 1.2.7 Effect: Authentication bypass. Required...

7.2AI score
Exploits0
Total number of security vulnerabilities5000