47153 matches found
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Advisory ID: cisco-sa-20111005-fwsm Revision 1.0 For Public Release 2011 October 05 1600 UTC GMT +-------------------------------------------------------------------...
Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Chezola Systems display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://chezolasystems.com/ Persian Gulf 4 Ever! Dork : "Powered by Chezola Systems Canada Inc"...
NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability
NSFOCUS Security AdvisorySA2011-01 Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability Release Date: 2011-06-15 CVE ID: CVE-2011-1250 http://www.nsfocus.com/en/advisories/1101.html Affected Software and System: ============================= Microsoft Internet...
Microsoft Windows multiple security vulnerabilities
OpenType Font parsing memory corruption, task scheduler privilege escalation, usafe DLL loading, multiple kernel vulnerabilities, Consent User Interface privilege escalation, Netlogon DoS...
[eVuln.com] sitename XSS in Hot Links Lite
New eVuln Advisory: sitename XSS in Hot Links Lite Summary: http://evuln.com/vulns/143/summary.html Details: http://evuln.com/vulns/143/description.html -----------Summary----------- eVuln ID: EV0143 Software: Hot Links Lite Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site...
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...
AneCMS Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: AneCMS Multiple Vulnerabilities Vendor: http://anecms.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with a RAW HTTP packet sender Fix: N/A - Description: AneCMS is a small and fast CMS completely modular. Written...
Vbulletin 4.0.2 XSS Vulnerability
================================= Vbulletin 4.0.2 XSS Vulnerability ================================= + Vbulletin 4.0.2 XSS Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0...
dstat privilege escalation
share libraries are searched in the working directory...
Apache Tomcat for Windows backdoor account
admin account with empty password is created during installation...
[security bulletin] HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01760771 Version: 1 HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory DDMI Running on Windows, Remote Unauthorized Access NOTICE: The information in this Security Bulleti...
Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution 960803 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and two privately...
Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass
Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...
Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution 959070 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves three privately reported vulnerabilities in Microsoft...
[Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Java Web Start File Inclusion via System Properties Override Release Date:...
Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution 955218 Published: November 11, 2008 Version: 1.0 General Information Executive Summary This security update resolves several vulnerabilities in Microsoft XML Core...
[USN-666-1] Dovecot vulnerability
=========================================================== Ubuntu Security Notice USN-666-1 November 07, 2008 dovecot vulnerability CVE-2008-4907 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also...
Remote and Local File Inclusion Vulnerability <= 1.1 Rportal
RPortal v1.1 Rportal is a management system of contents simple and powerful Web, enabling you to create your site in a few minutes, while profiting from a complete and effective administration. Remote and Local File Inclusion Vulnerability = 1.1 Found the 29th September 2008 Author: Kad mail :...
MS Internet Explorer 7 Denial Of Service Exploit
!-- MS Internet Explorer 7 Denial Of Service Exploit Type : Denial Of Service Release Date : 2007-09-29 Product / Vendor : Microsoft http://www.Microsoft.com MS Internet Explorer 7 Denial Of Service Exploit : -- titleMS Internet Explorer 7 Denial Of Service Exploit/title body bgcolor="000000" br ...
Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 954066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Office Excel...
Mozilla Foundation Security Advisory 2008-35
Mozilla Foundation Security Advisory 2008-35 Title: Command-line URLs launch multiple tabs when Firefox not running Impact: Critical Announced: July 15, 2008 Reporter: Billy Rios, Ben Turner, Dan Veditz Products: Firefox Fixed in: Firefox 3.0.1 Firefox 2.0.0.16 Description Security researcher Bil...
[Full-disclosure] Opera - heap based buffer overflow (CVE-2007-6521)
============================================ ||| Security Advisory AKLINK-SA-2008-006 ||| ||| CVE-2007-6521 CVE candidate ||| ============================================ Opera - heap-based buffer overflow ================================== Date released: 28.05.2007 Date reported: 05.10.2007...
joomla com_activities sql injection
allinurl :"comactivities" index.php?option=comactivities&Itemid=51&func=detail&id=-1//union//select//0,1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,username//from//mosusers/...
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search
------------------------------------------------------------------------ Cross-Site Scripting XSS in phpWebSite 1.4.0 search ------------------------------------------------------------------------ Author: Audun Larsen larsen at xqus dot com Date: Dec 29, 2007 --AFFECTED...
PHMe CMS 0.0.2 local File Include Vulnerabilitiy
Tilte: PHMe CMS 0.0.2 local File Include Vulnerabilitiy www.Aria-security.Com For English www.Aria-Security.net For Persian Author: YouYou Software: PHMe CMS Site Script: http://sourceforge.net/projects/phme proof Of Concept : www.example.com/path/resources/functionlist.php?action=Local Script00...
Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6
A security issue has been found which allows an unauthenticated user to bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6. Severity: Highly Critical Versions affected: 1.2.0 through 1.2.6 Status: Vendor solution available upgrade to 1.2.7 Effect: Authentication bypass. Required...
[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20
waraxe-2007-SA049 - Multiple vulnerabilities in Phorum 5.1.20 ==================================================================== Author: Janek Vind "waraxe" Date: 19. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-49.html Target software description: Phorum 5.1.20...
[Full-disclosure] ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability
ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-039.html November 10, 2006 -- CVE ID: CVE-2006-5487 -- Affected Vendor: Marshal -- Affected Products: MailMarshal SMTP 5.x MailMarshal SMTP 6.x MailMarshal SMTP 2006...
[Full-disclosure] [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation
Gentoo Linux Security Advisory GLSA 200611-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Sql injection in Moodle
Hi, There is a sql injection in Moodle 1.6.1+ and maybe before versions : The "$blogEntry" parameter passed to "insertrecord" function in /blog/edit.php, is not checked properly . Version 1.6.2 has been released moodle.org. - Omid...
VBZooM <=V1.11 "sub-join.php" SQL Injection
======================================= Discovered By: C.B.B.L CrAzY CrAcKeR,Breeeeh,BoNy-m,LiNuX rOOt ======================================= Search: POWERED BY VBZooM V1.11 Example:- /sub-join.php?UserID=SQL Injection...
[Full-disclosure] phpBB 2.0.20 Full Path Disclosure and SQL Errors
Source: http://securityreason.com/achievementsecurityalert/38 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.20 Full Path Disclosure and SQL Errors Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 1.5.2006 - -Public: 5.5.2006 from SecurityReason.Com CVE: - - CVE-2006-2219 Full...
Microsoft Windows system services privilege escalation
There are several local services SSDP Discovery service, Universal Plug and Play Host service allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System. Also vulnerable: HP Software: "Pml Driver HPZ12" HP Printer...
[Full-disclosure] XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability
======================================================================================= XOR Crew :: Security Advisory 3/22/2006 ======================================================================================= vBulletin ImpEx = 1.74 - Remote Command Execution Vulnerability...
PHP JackKnife XSS vuln.
PHP JackKnife XSS vuln. Vuln. dicovered by : r0t Date: 13 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/php-jackknife-xss-vuln.html vendor:http://www.phpjk.com/ affected version: 2.21 and prior Product Description: PHP JackKnife is an easily set-up, fast, feature-rich photo galle...
[Full-disclosure] RANKBOX <= XSS vulnerability
Advisory 1 Title: "RANKBOX = XSS vulnerability" Author: spyburn Contact: [email protected] Website: elitemexico.org Date: 07/11/2005 Risk: High Vendor Url: http://chamberofgold.com Affected Software: RANKBOX Non Affected: We Are: ELITE MEXICO...
indows Plug and Play Remote Compromise
nternet Security Systems Protection Advisory August 9, 2005 Windows Plug and Play Remote Compromise Summary: X-force has discovered a vulnerability in the Windows Plug and Play service. This vulnerability is remotely exploitable in the default configuration of Windows 2000, and is present in all...
[UNIX] Kmail HTML Support Allows Spoofing of Emails' Content
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Gadu-Gadu, another two bugs
Product: Gadu-Gadu, build 155 and older Vendor: SMS-EXPRESS.COM http://www.gadu-gadu.pl Impact: Script execution in local zone, Remote DoS Severity: High Authors: Blazej Miga [email protected], Jaroslaw Sajko [email protected] Date: 17/12/04 ISSUE Gadu-Gadu is the first Polish instant messenger...
Skype buffer overflow
callto: URL buffer overflow...
ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer
Below please find our public report for the HTTPS cache poisoning issue in Internet Explorer. It includes workarounds for server operators, allowing them to protect their web services without having to rely on users to patch their browsers. Regards, ACROS Security http://www.acrossecurity.com...
EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Release Date: November 12, 2002 Severity: High Remote SYSTEM level code execution Systems Affected: Macromedia Coldfusion 6.0 and prior IIS ISAPI Macromedia JRun 4.0 and prior IIS ISAPI Description: Macromedia JRun and...
Уязвимости в Cisco SN 5420
Различные уязвимости позволяют чтение конфигурации и DoS...
Security Advisory 2001-009: Race condition between sugid-exec and ptrace(2)
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2001-009 ================================= Topic: Race condition between sugid-exec and ptrace2 Version: All official releases up to and including 1.5 Severity: Local user may gain superuser privileges Fixed: NetBSD-current: June 15, 200...
Security Bulletin MS01-033
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Uncheck...
Security Bulletin MS01-018
---------------------------------------------------------------------- Title: Visual Studio VB-TSQL Object Contains Unchecked Buffer Date: 27 March 2001 Software: Visual Studio 6.0 Enterprise Edition Impact: Run code of attacker's choice Bulletin: MS01-018 Microsoft encourages customers to review...
HIS Auktion 1.62: "show files" vulnerability and remote command execute.
-----------UkR security team advisory 8------------ HIS Auktion 1.62: "show files" vulnerability and remote command execute. -------------------------------------------------- Name: HIS Auktion 1.62: "show files" vulnurability. Date: 11.02.2001 Author: UkR-XblP About: script "HIS Auktion 1.62" is...
Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus
Brute Forcing FTP Servers with enabled anti-hammering ant brute-force modus ----------------------------------------------------------------------------- While playing around with Serv-U FTP Server, I found out that it is possible to bypass it's hammering protection which should protect accounts...
Cisco CDP attacks
Folks, when playing around with CDP, I discovered several interesting things. Due the leak of Cisco hardware around here, I ask you for your expiriences. Details as follows: Program: http://www.phenoelit.de/irpas/cdp.c Known effekts: -IOS 11.11: when flooding the cisco with random deviceID update...
Microsoft Security Bulletin MS00-051 - -------------------------------------- Patch Available for "Excel REGISTER.ID Function" Vulnerability Originally posted: July 26, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Microsoft Excel 97 an...