47153 matches found
[USN-1784-1] libxslt vulnerability
========================================================================== Ubuntu Security Notice USN-1784-1 April 02, 2013 libxslt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ • Software Link: http://dleviet.com/ • Affected Version: 9.7 only. • Vulnerability Description: Th...
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework
Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...
[security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03489683 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03489683 Version: 3 HPSBMU02815...
WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-015 Author: Stefan Schurtz Affected Software: Successfully tested on 'Count Per Day' 3.1.1 Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day Vendor Status: fixed...
Microsoft Windows multiple security vulnerabilities
MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability...
Brute Force и XSS уязвимости в Webglimpse
Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...
Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability Advisory ID: cisco-sa-20120314-fwsm Revision 1.0 For Public Release 2012 March 14 16:00 UTC GMT...
MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter
CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...
ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability
ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-290 October 15, 2011 - -- CVE ID: CVE-2011-2001 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Multiple vulnerabilities in Open-Realty
Vulnerability ID: HTB23023 Reference: http://www.htbridge.ch/advisory/multiplevulnerabilitiesinopenrealty.html Product: Open-Realty Vendor: Transparent Technologies, Inc. http://www.open-realty.org/ Vulnerable Version: 3.1.5 and probably prior Tested on: 3.1.5 Vendor Notification: 07 June 2011...
NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability
NSFOCUS Security AdvisorySA2011-01 Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability Release Date: 2011-06-15 CVE ID: CVE-2011-1250 http://www.nsfocus.com/en/advisories/1101.html Affected Software and System: ============================= Microsoft Internet...
[USN-1129-1] Perl vulnerabilities
========================================================================== Ubuntu Security Notice USN-1129-1 May 03, 2011 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
About the security content of Safari 5.0.4
About the security content of Safari 5.0.4 Last Modified: March 09, 2011 Article: HT4566 Email this article Print this page Summary This document describes the security content of Safari 5.0.4. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until...
PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 11.11.2010 - - Pub.: 10.12.2010 CERT: VU479900 CVE: CVE-2010-4409 CWE: CWE-189 Status: Fixed in PHP 5.3.4...
Mozilla Foundation Security Advisory 2010-81
Mozilla Foundation Security Advisory 2010-81 Title: Integer overflow vulnerability in NewIdArray Impact: Critical Announced: December 9, 2010 Reporter: regenrecht Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.13 Firefox 3.5.16 SeaMonkey 2.0.11 Description Security researcher regenrecht...
[ MDVSA-2010:224 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:224 http://www.mandriva.com/security/ Package : php Date : November 9, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability was discovered...
ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-133 July 20, 2010 -- CVE ID: CVE-2010-2752 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x --...
Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
Nuance Communications, Inc. offer on their german web page http://www.nuance.de/kostenlose-ocr-software-test/download.asp a trial version of OmniPage 16 Professional for download. The installer OPPro16TD.exe a self-extracting RAR archive was published "Tue, 30 Jun 2009 14:38:28 GMT" according to...
VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280)
VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities CVE-2010-1280 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to...
[DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability
Digital Security Research Group DSecRG Advisory DSECRG-09-049 Application: IBM BladeCenter Managmet Module Versions Affected: before BPET50G Vendor URL: http://www-03.ibm.com/systems/bladecenter/ Bug: DoS Exploits: YES Reported: 24.07.2009 Vendor response: 26.07.2009 Date of Public Advisory:...
AneCMS Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: AneCMS Multiple Vulnerabilities Vendor: http://anecms.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with a RAW HTTP packet sender Fix: N/A - Description: AneCMS is a small and fast CMS completely modular. Written...
VMSA-2010-0005 VMware products address vulnerabilities in WebAccess
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0005 Synopsis: VMware products address vulnerabilities in WebAccess Issue date: 2010-03-29 Updated on: 2010-03-29 initial releas...
Vbulletin 4.0.2 XSS Vulnerability
================================= Vbulletin 4.0.2 XSS Vulnerability ================================= + Vbulletin 4.0.2 XSS Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0...
[Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-004: SAP J2EE Authentication Phishing Vector This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance Advisory ID: cisco-sa-20100210-ironport Revision 1.0 For Public Release 2010 February 10 1600 UTC GMT...
[ MDVSA-2009:344 ] perl-DBD-Pg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:344 http://www.mandriva.com/security/ Package : perl-DBD-Pg Date : December 28, 2009 Affected: 2008.0 Problem Description: Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg: Heap-based...
[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01931960 Version: 1 HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as...
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution 975254 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves two publicly disclosed...
[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01820968 Version: 1 HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux ICE-LX Cross Site Request Forgery CSRF , Remote Execution of Arbitrary Code, Denial of Service DoS, and Other...
ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability
ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-049 August 5, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details: This vulnerability allow...
[security bulletin] HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01760771 Version: 1 HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory DDMI Running on Windows, Remote Unauthorized Access NOTICE: The information in this Security Bulleti...
ftpdmin v. 0.96 RNFR remote buffer overflow exploit
?php / ftpdmin v. 0.96 RNFR remote buffer overflow exploit xp sp3 / case study by Nine:Situations:Group::surfista software site: http://www.sentex.net/mwandel/ftpdmin/ our site: http://retrogod.altervista.org/ bug found by rgod in 2006, RNFR sequences can trigger a simple eip overwrite. We can us...
Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass
Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...
İltaweb Kolay Site (urundetay) Sql injection Vulnerability (Tr)
Author: BiLGi ASD Contact: [email protected] Home: Bilgi-Asd.Ch Script: ltaweb Kolay Site Tr Sql injection Vulnerability http://www.aspindir.com/goster/5665 $Price$: 100 Exploit: urundetay.asp?id=67+union+select+0,1,sifre,kullaniciadi,4,5,6,7,8,9,10,11,12+from+uyeler Demo:...
Remote and Local File Inclusion Vulnerability <= 1.1 Rportal
RPortal v1.1 Rportal is a management system of contents simple and powerful Web, enabling you to create your site in a few minutes, while profiting from a complete and effective administration. Remote and Local File Inclusion Vulnerability = 1.1 Found the 29th September 2008 Author: Kad mail :...
CS-Cart <= 1.3.5 SQL Injection
GulfTech Security Research September 02, 2008 Vendor : CS-Cart.com URL : http://www.cs-cart.com/ Version : CS-Cart = 1.3.5 Risk : SQL Injection Description: CS-Cart Cart is a full featured online ecommerce application written in php that allows users to build, run and promote an online store. The...
Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 954066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Office Excel...
[CVE-2008-2370] Apache Tomcat information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2370: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and...
[SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1619-1 [email protected] http://www.debian.org/security/ Devin Carraway July 27, 2008 http://www.debian.org/security/faq -...
Wordpress Malicious File Execution Vulnerability
========================================================== Wordpress Malicious File Execution Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 18 May 2008 SITE : www.citecclub.org APPLICATION : Wordpress Blog VERSION : = 2.5.1 VENDOR :...
CVE-2008-0002: Tomcat information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-0002: Tomcat information disclosure vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.5 to 6.0.15 Description: If an exception occurs during the processing of parameters eg if the client...
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search
------------------------------------------------------------------------ Cross-Site Scripting XSS in phpWebSite 1.4.0 search ------------------------------------------------------------------------ Author: Audun Larsen larsen at xqus dot com Date: Dec 29, 2007 --AFFECTED...
PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:188 http://www.mandriva.com/security/ Package : postgresql Date : September 25, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: PostgreSQL 8.1 and probably later and earlier...
Pluck 4.3 themes.php Remote File Inclusion and disclosure
Aria-Security Team Pluck 4.3 Remote File Inclusion Vendor: http://www.pluck-cms.org/ /path/data/inc/theme.php if Registerglobal was set as ON then we can use the $dir variable for RFI isfile$dir."/".$file $files=$file; else $dirs=$dir."/".$file; if$dirs foreach $dirs as $dir include...
PHP Safe_mode bypass exploit (win32service)
?php PHP Safemode bypass exploit win32service Note: Tested on 5.2.1 Author: NetJackal Email: nima501atyahoodotcom Website: http://netjackal.by.ru Usage: http://victim.net/nj.php?CMD=command $command=isset$GET'CMD'?$GET'CMD':'dir'; cammand $dir=iniget'uploadtmpdir'; Directory to store command's...
PHMe CMS 0.0.2 local File Include Vulnerabilitiy
Tilte: PHMe CMS 0.0.2 local File Include Vulnerabilitiy www.Aria-security.Com For English www.Aria-Security.net For Persian Author: YouYou Software: PHMe CMS Site Script: http://sourceforge.net/projects/phme proof Of Concept : www.example.com/path/resources/functionlist.php?action=Local Script00...
Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6
A security issue has been found which allows an unauthenticated user to bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6. Severity: Highly Critical Versions affected: 1.2.0 through 1.2.6 Status: Vendor solution available upgrade to 1.2.7 Effect: Authentication bypass. Required...