47153 matches found
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Cisco Identity Services Engine multiple security vulnerabilities
Authentication bypass, code execution...
[security bulletin] HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03781657 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03781657 Version: 1 HPSBMU02883...
[USN-1801-1] curl vulnerability
========================================================================== Ubuntu Security Notice USN-1801-1 April 16, 2013 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-010A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: January 10, 2013 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including Java Platform...
TomatoCart 1.x | Unrestricted File Creation
OVERVIEW TomatoCart 1.x versions are vulnerable to Unrestricted File Creation. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It is forked from osCommerce 3 as a separate project and is released under the GNU General...
Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro
---+ Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext, whic...
[SECURITY] [DSA 2579-1] apache2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2579-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 30, 2012 http://www.debian.org/security/faq -...
[USN-1595-1] libxslt vulnerabilities
========================================================================== Ubuntu Security Notice USN-1595-1 October 04, 2012 libxslt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Exploit Title: Mihalism Multi Host v 5.0
Exploit Title: Mihalism Multi Host v 5.0 Google Dork: intext:"powered by Mihalism Multi Host" Date: 2012/8/25 Discovered By : Explo!ter Software Link: http://www.mihalismscript.com/ Version: 5.0 Tested on: Linux Contact : Emperor-team.org Spt to : Stokke Details : ++++++++++++++++++++++++++ the...
ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-141 August 17, 2012 - -- CVE ID: CVE-2012-1855 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
[Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities
Title: ====== eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=575 VL-ID: ===== 575 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0004 Synopsis: VMware View privilege escalation and cross-site scripting Issue date: 2012-03-15 Updated on: 2012-03-15 initial...
[USN-1364-1] Linux kernel (OMAP4) vulnerabilities
========================================================================== Ubuntu Security Notice USN-1364-1 February 13, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatypes
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2 Remote exploitable: No Credits: This vulnerability was discovered and researched by Martin Rakhmanov of...
ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)
Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...
AdaptCMS 2.0.1 Multiple security vulnerabilities
Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities Advisory ID: SSCHADV2011-018 Author: Stefan Schurtz Affected Software: Successfully tested on AdaptCMS 2.0.1 Vendor URL: http://www.adaptcms.com/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...
Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Listendifferent prodotto.php?IDprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.listendifferent.com/ Persian Gulf 4 Ever! Dork : "Concept and Designed by...
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq -...
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-197 June 14, 2011 -- CVE ID: CVE-2011-1266 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-196 June 14, 2011 -- CVE ID: CVE-2011-1262 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
[SECURITY] [DSA 2251-1] subversion security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2251-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 02, 2011 http://www.debian.org/security/faq -...
NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write
LibAVCodec AMV Out of Array Write 27/04/2011 Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect...
XSS vulnerability in Frog CMS
Vulnerability ID: HTB22682 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinfrogcms.html Product: Frog CMS Vendor: Philippe Archambault http://www.madebyfrog.com/ Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: Stored XSS...
Path disclosure in CLANSPHERE
Vulnerability ID: HTB22692 Reference: http://www.htbridge.ch/advisory/pathdisclosureinclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: Path disclosure Status: Fixed by Vendor Ri...
CVE-2010-3700: Spring Security bypass of security constraints
CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...
Mozilla Foundation Security Advisory 2010-58
Mozilla Foundation Security Advisory 2010-58 Title: Crash on Mac using fuzzed font in data: URL Impact: Critical Announced: September 7, 2010 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird 3.0.7 SeaMonkey...
[security bulletin] HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02282388 Version: 1 HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery CSRF, Cross Sit...
[security bulletin] HPSBUX02556 SSRT100014 rev.1 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02288473 Version: 1 HPSBUX02556 SSRT100014 rev.1 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon ...
Pligg Installation File XSS Vulnerability
Title: Pligg Installation File XSS Vulnerability Vendor: Pligg Product: Pligg CMS Tested Version: 1.0.4 Threat Class: XSS Severity: Medium Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== Pligg is prone to a XSS vulnerability in the installation file:...
[SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be als...
HP Operations Manager backdoor account
There is a hidden undocumented Tomcat account...
3Com OfficeConnect Firewall/Router multiple remote Vulnerabilities
Product: 3Com OfficeConnect Firewall/Router Website: http://www.3com.com/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Vuln: remote command execution and password disclosure Admin password disclosure 1 SSH/Telnet to router using one of these hidde...
[Advisory]PBBoard <=2.0.2 Full Path Disclosure
AdvisoryPBBoard =2.0.2 - Full Path Disclosure Details ======= Product: PHP = PBBoard Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.pbboard.com Credits ============ Discovered by: rUnViRuS site: http://www.sec-area.com Affected Products: ---------------------------- test on...
SEC Consult SA-20090901-0 :: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console
SEC Consult Security Advisory 20090901-0 ======================================================================= title: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console products: JSFTemplating FileStreamer/PhaseListener component...
cURL / libcurl SSL certificate spoofing
Certificate name spoofing via NULL byte...
CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability 1. Advisory Information Title: Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability...
(GET var 'id') BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -->
!/usr/bin/perl ------------------------------------------------------------------------------------------ GET var 'id' BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -- ------------------------------------------------------------------------------------------ CMS...
Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability Advisory ID: cisco-sa-20090311-cucmpab Revision 1.0 For Public Release 2009 March 11 1600 UTC GMT...
DMXReady Blog Manager (SQL/XSS)
--------------------------------------------------------- Portal Name: DMXReady Blog Manager SQL/XSS Vendor : http://www.galaxyscripts.com Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL/XSS --------------------------------------------------------- SQL:...
Mozilla Foundation Security Advisory 2008-43
Mozilla Foundation Security Advisory 2008-43 Title: BOM characters, low surrogates stripped from JavaScript before execution Impact: Moderate Announced: September 23, 2008 Reporter: Dave Reed, Chris Weber, Gareth Heyes Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox...
[ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing
Gentoo Linux Security Advisory GLSA 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
Dear users of TYPO3, It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library feadminlib.inc allows Cross Site Scripting XSS. === Component Type === TYPO3 Core === Affected...
xss in ipb 2.3.5
Invision Power Board =2.3.5 Active XSS Работает в ie Не работает в opera 1 создаем файл any.html внути него scriptalert/script 2 содаем пост с аттачем any.html Автор:00...
Microsoft Security Bulletin MS08-026 – Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Microsoft Security Bulletin MS08-026 – Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution 951207 Published: May 13, 2008 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Word that cou...
Mozilla Foundation Security Advisory 2008-19
Mozilla Foundation Security Advisory 2008-19 Title: XUL popup spoofing variant cross-tab popups Impact: High Announced: March 25, 2008 Reporter: Chris Thomas Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.13 SeaMonkey 1.1.9 Description Mozilla contributor Chris Thomas demonstrated that it w...
Motorola Timbuktu multiple security vulnerabilities
Directory traversal, DoS and log spoofing...
Arbitrary commands execution in Versant Object Database 7.0.1.3
Luigi Auriemma Application: Versant Object Database http://www.versant.com/enUS/products/objectdatabase Versions: = 7.0.1.3 Platforms: Windows, Solaris, HP-UX, AIX, Linux Bug: arbitrary commands execution Exploitation: remote Date: 04 Mar 2008 Author: Luigi Auriemma e-mail: [email protected]...
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability by NBBN Founed: December 2007 Type: Cross-Site Request Forgery Code: html head /head body onLoad="javascript:document.it.submit" form action="http://localhost/xampp/wbb2/modcp.php" method="post" name="it" input type="hidden"...
[Full-disclosure] CVE-2007-6244: Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability
CVE-2007-6244 Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability 19 December 2007 == Summary == Affected Vendor: Adobe Affected Products: Flash Player ActiveX Control for Internet Explorer Affected Versions: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlie...