47153 matches found
[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0
waraxe-2012-SA082 - File Existence Disclosure in Uploadify 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-82.html Description of vulnerable software:...
Brute Force и XSS уязвимости в Webglimpse
Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...
Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability
-------------------------------------------------------------------------------- Wordpress Kish Guest Posting Plugin 1.0 uploadify.php Unrestricted File Upload -------------------------------------------------------------------------------- author............: Egidio Romano aka EgiX...
Apache multiple security vulnerabilities
Information leakage, filtering bypass, privilege escalation, DoS...
[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03153338 Version: 1 HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be act...
lighthttpd security vulnerabilities
DoS on base64 parsing...
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-26-1 QuickTime 7.7.1 QuickTime 7.7.1 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application...
Funnel Web (pages.php?page) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web pages.php?page AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...
About the security content of Mac OS X v10.6.8 and Security Update 2011-004
About the security content of Mac OS X v10.6.8 and Security Update 2011-004 Last Modified: June 23, 2011 Article: HT4723 Email this article Print this page Summary This document describes of Mac OS X v10.6.8 and Security Update 2011-004, which can be downloaded and installed via Software Update...
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-194 June 14, 2011 -- CVE ID: CVE-2011-1260 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...
HTB22945: Multiple XSS in ZENphoto
Vulnerability ID: HTB22945 Reference: http://www.htbridge.ch/advisory/multiplexssinzenphoto.html Product: ZENphoto Vendor: ZENphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit:...
SCADA Trojans: Attacking the Grid + Advantech vulnerabilities
Hi! You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented: - 0days in Advantech/BroadWin WebAccess SCADA product - Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs -...
About the security content of Safari 5.0.3 and Safari 4.1.3
About the security content of Safari 5.0.3 and Safari 4.1.3 Last Modified: November 18, 2010 Article: HT4455 Email this article Print this page Summary This document describes the security content of Safari 5.0.3 and Safari 4.1.3. For the protection of our customers, Apple does not disclose,...
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...
AneCMS Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: AneCMS Multiple Vulnerabilities Vendor: http://anecms.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with a RAW HTTP packet sender Fix: N/A - Description: AneCMS is a small and fast CMS completely modular. Written...
Vbulletin 4.0.2 XSS Vulnerability
================================= Vbulletin 4.0.2 XSS Vulnerability ================================= + Vbulletin 4.0.2 XSS Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0...
XSS Vulnerability in JpGraph 3.0.6
XSS Vulnerability in JpGraph 3.0.6 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- JpGraph is an object oriented library for PHP that can be used to create various types of graphs which also contains support for client side image...
[Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]
NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +================================================================================================================================+ + Novell-QuickFinder Server //Cross-site scripting XSS Remote Java Execution Code +...
Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass
Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...
[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1
waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...
[Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Java Web Start File Inclusion via System Properties Override Release Date:...
Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution 955218 Published: November 11, 2008 Version: 1.0 General Information Executive Summary This security update resolves several vulnerabilities in Microsoft XML Core...
[USN-666-1] Dovecot vulnerability
=========================================================== Ubuntu Security Notice USN-666-1 November 07, 2008 dovecot vulnerability CVE-2008-4907 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also...
Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.
saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...
MS Internet Explorer 7 Denial Of Service Exploit
!-- MS Internet Explorer 7 Denial Of Service Exploit Type : Denial Of Service Release Date : 2007-09-29 Product / Vendor : Microsoft http://www.Microsoft.com MS Internet Explorer 7 Denial Of Service Exploit : -- titleMS Internet Explorer 7 Denial Of Service Exploit/title body bgcolor="000000" br ...
Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 954066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Office Excel...
VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX,...
Blind Sql-Injection in Joomla 1.5 RC3
Thanks to team of Darkc0de.com Blind Sql-Injection in Joomla 1.5 RC3 URL : http://localhost/index.php 1. Parameter = view The following changes were applied to the original request: • Set parameter 'view's value to 'somechars'20+20'article' POC URL :...
[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:188 http://www.mandriva.com/security/ Package : postgresql Date : September 25, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: PostgreSQL 8.1 and probably later and earlier...
Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6
A security issue has been found which allows an unauthenticated user to bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6. Severity: Highly Critical Versions affected: 1.2.0 through 1.2.6 Status: Vendor solution available upgrade to 1.2.7 Effect: Authentication bypass. Required...
Redirection Vulnerability in wp-pass.php, WordPress 2.2.1
The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely...
[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20
waraxe-2007-SA049 - Multiple vulnerabilities in Phorum 5.1.20 ==================================================================== Author: Janek Vind "waraxe" Date: 19. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-49.html Target software description: Phorum 5.1.20...
NeatUpload vulnerability and fix
Product: NeatUpload Synopsis: A race condition in several versions of the NeatUpload ASP.NET component could sometimes cause portions of responses to be sent to the wrong user, potentially revealing sensitive information to unauthorized users. Vulnerable versions: 1.2.11-1.2.16, 1.1.18-1.1.23, an...
CascadianFAQ <= 4.1 (index.php) Remote Blind SQL Injection Vulnerability
Title : CascadianFAQ = 4.1 index.php Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://eclectic-designs.com $$ : Free Dork : This FAQ is powered by CascadianFAQ DorkEx :...
Sql injection in Moodle
Hi, There is a sql injection in Moodle 1.6.1+ and maybe before versions : The "$blogEntry" parameter passed to "insertrecord" function in /blog/edit.php, is not checked properly . Version 1.6.2 has been released moodle.org. - Omid...
MusicBox <= 2.3.4 XSS SQL injection Vulnerability
MusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting XSS -------------------------- http://www.target.xx/?id=scriptalert/EllipsisSecurityTest//script&page=0...
VBZooM <=V1.11 "sub-join.php" SQL Injection
======================================= Discovered By: C.B.B.L CrAzY CrAcKeR,Breeeeh,BoNy-m,LiNuX rOOt ======================================= Search: POWERED BY VBZooM V1.11 Example:- /sub-join.php?UserID=SQL Injection...
Microsoft Security Bulletin MS06-021
Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer 916281 Published: June 13, 2006 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
[Full-disclosure] phpBB 2.0.20 Full Path Disclosure and SQL Errors
Source: http://securityreason.com/achievementsecurityalert/38 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.20 Full Path Disclosure and SQL Errors Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 1.5.2006 - -Public: 5.5.2006 from SecurityReason.Com CVE: - - CVE-2006-2219 Full...
[Full-disclosure] XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability
======================================================================================= XOR Crew :: Security Advisory 3/22/2006 ======================================================================================= vBulletin ImpEx = 1.74 - Remote Command Execution Vulnerability...
PHP JackKnife XSS vuln.
PHP JackKnife XSS vuln. Vuln. dicovered by : r0t Date: 13 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/php-jackknife-xss-vuln.html vendor:http://www.phpjk.com/ affected version: 2.21 and prior Product Description: PHP JackKnife is an easily set-up, fast, feature-rich photo galle...
[Full-disclosure] RANKBOX <= XSS vulnerability
Advisory 1 Title: "RANKBOX = XSS vulnerability" Author: spyburn Contact: [email protected] Website: elitemexico.org Date: 07/11/2005 Risk: High Vendor Url: http://chamberofgold.com Affected Software: RANKBOX Non Affected: We Are: ELITE MEXICO...
Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service 890859 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Elevation of Privilege...
Security Update: [CSSA-2001-SCO.25] OpenServer: various scoadmin/sysadm subprograms have buffer overflows
To: [email protected] [email protected] [email protected] [email protected] Do not reply to this mail. This security advisory is being sent from a nonexistent address in order to avoid spam problems. Caldera's contact address for UNIX security issue...
Security Bulletin MS01-033
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Uncheck...
Serv-U FTP directory traversal vunerability (all versions)
===================================================================== Securax-SA-09 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Catsoft serv-U FTP Directory Transversal Vulnerability Announced: 2000-12-03 Updated...
ipx storm
Hello, The IPX protocol has samething called IPX ping. Sending a packet to socket 0x456 to anything supporting ipx causes a response to be sent back. If you send a packet with source and destination addresses set to the ethernet broadcast address and source and destination socket set to 0x456...
Device Inspector v1.5 iOS - Command Inject Vulnerabilities
Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...
[USN-2694-1] PCRE vulnerabilities
========================================================================== Ubuntu Security Notice USN-2694-1 July 29, 2015 pcre3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...