47153 matches found
Exploit Title: Mihalism Multi Host v 5.0
Exploit Title: Mihalism Multi Host v 5.0 Google Dork: intext:"powered by Mihalism Multi Host" Date: 2012/8/25 Discovered By : Explo!ter Software Link: http://www.mihalismscript.com/ Version: 5.0 Tested on: Linux Contact : Emperor-team.org Spt to : Stokke Details : ++++++++++++++++++++++++++ the...
[Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities
Title: ====== eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=575 VL-ID: ===== 575 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0004 Synopsis: VMware View privilege escalation and cross-site scripting Issue date: 2012-03-15 Updated on: 2012-03-15 initial...
[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability
CAL-2011-0055Adobe Shockwave Player Parsing blockcout memory corruption vulnerability Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0055 CVE: CVE-2012-0759...
TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatypes
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2 Remote exploitable: No Credits: This vulnerability was discovered and researched by Martin Rakhmanov of...
ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)
Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...
Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Listendifferent prodotto.php?IDprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.listendifferent.com/ Persian Gulf 4 Ever! Dork : "Concept and Designed by...
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2251-1] subversion security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2251-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 02, 2011 http://www.debian.org/security/faq -...
NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write
LibAVCodec AMV Out of Array Write 27/04/2011 Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect...
[AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities
OpenCMS = 7.5.3 multiple vulnerabilities Name: OpenCMS = 7.5.3 multiple vulnerabilities Systems Affected: OpenCMS = 7.5.3 Severity: High Vendor: http://www.opencms.org Advisory: http://antisnatchor.com/opencms7.5.3multiplevulnerabilities Author: Michele "antisnatchor" Orru michele.orru AT...
Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
On Wed, 16 Feb 2011 16:11:23 -0700 cxib wrote: Affected Software: - PHP 5.3.5 grapheme is neither part of PHP core, nor built-in PHP extension, therefore above is false as bug is not in PHP itself. People using PHP 5.3.5 but not using grapheme some distros like Debian and derrivatives offer this...
XSS vulnerability in Frog CMS
Vulnerability ID: HTB22682 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinfrogcms.html Product: Frog CMS Vendor: Philippe Archambault http://www.madebyfrog.com/ Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: Stored XSS...
Mozilla Foundation Security Advisory 2010-58
Mozilla Foundation Security Advisory 2010-58 Title: Crash on Mac using fuzzed font in data: URL Impact: Critical Announced: September 7, 2010 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird 3.0.7 SeaMonkey...
[security bulletin] HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02282388 Version: 1 HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery CSRF, Cross Sit...
[security bulletin] HPSBUX02556 SSRT100014 rev.1 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02288473 Version: 1 HPSBUX02556 SSRT100014 rev.1 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon ...
[xss] a xss on "ThreadID" parameter in BBSXP 2008 from china
first, my name is liscker, not lis + cker. Im chinese. thank you. BBSXP is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
[SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be als...
HP Operations Manager backdoor account
There is a hidden undocumented Tomcat account...
[Advisory]PBBoard <=2.0.2 Full Path Disclosure
AdvisoryPBBoard =2.0.2 - Full Path Disclosure Details ======= Product: PHP = PBBoard Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.pbboard.com Credits ============ Discovered by: rUnViRuS site: http://www.sec-area.com Affected Products: ---------------------------- test on...
PostgreSQL multiple security vulnerabilities
Denial of Service, privilege escalation, LDAP authentication bypass...
SEC Consult SA-20090901-0 :: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console
SEC Consult Security Advisory 20090901-0 ======================================================================= title: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console products: JSFTemplating FileStreamer/PhaseListener component...
CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability 1. Advisory Information Title: Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability...
(GET var 'id') BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -->
!/usr/bin/perl ------------------------------------------------------------------------------------------ GET var 'id' BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -- ------------------------------------------------------------------------------------------ CMS...
Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability Advisory ID: cisco-sa-20090311-cucmpab Revision 1.0 For Public Release 2009 March 11 1600 UTC GMT...
DMXReady Blog Manager (SQL/XSS)
--------------------------------------------------------- Portal Name: DMXReady Blog Manager SQL/XSS Vendor : http://www.galaxyscripts.com Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL/XSS --------------------------------------------------------- SQL:...
Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2
NGSSoftware Insight Security Research Advisory Name: Trigger abuse of MDSYS.SDOTOPODROPFTBL Systems Affected: Oracle 10g R1 and R2 10.1.0.5 and 10.2.0.2 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 23rd July 2008 Date of Public...
Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability
====================================================================== Secunia Research 20/10/2008 - HP SiteScope SNMP Trap Script Insertion - ====================================================================== Table of Contents Affected...
Mozilla Foundation Security Advisory 2008-43
Mozilla Foundation Security Advisory 2008-43 Title: BOM characters, low surrogates stripped from JavaScript before execution Impact: Moderate Announced: September 23, 2008 Reporter: Dave Reed, Chris Weber, Gareth Heyes Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox...
[ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing
Gentoo Linux Security Advisory GLSA 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
Dear users of TYPO3, It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library feadminlib.inc allows Cross Site Scripting XSS. === Component Type === TYPO3 Core === Affected...
Microsoft Security Bulletin MS08-026 ā Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Microsoft Security Bulletin MS08-026 ā Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution 951207 Published: May 13, 2008 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Word that cou...
Mozilla Foundation Security Advisory 2008-19
Mozilla Foundation Security Advisory 2008-19 Title: XUL popup spoofing variant cross-tab popups Impact: High Announced: March 25, 2008 Reporter: Chris Thomas Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.13 SeaMonkey 1.1.9 Description Mozilla contributor Chris Thomas demonstrated that it w...
Motorola Timbuktu multiple security vulnerabilities
Directory traversal, DoS and log spoofing...
Arbitrary commands execution in Versant Object Database 7.0.1.3
Luigi Auriemma Application: Versant Object Database http://www.versant.com/enUS/products/objectdatabase Versions: = 7.0.1.3 Platforms: Windows, Solaris, HP-UX, AIX, Linux Bug: arbitrary commands execution Exploitation: remote Date: 04 Mar 2008 Author: Luigi Auriemma e-mail: [email protected]...
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability by NBBN Founed: December 2007 Type: Cross-Site Request Forgery Code: html head /head body onLoad="javascript:document.it.submit" form action="http://localhost/xampp/wbb2/modcp.php" method="post" name="it" input type="hidden"...
Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615)
Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer 942615 Published: December 11, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves four privately reported vulnerabilities. The most serious security impact...
[security bulletin] HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01183597 Version: 1 HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin shoul...
NuclearBB Alpha 2 Remote File Inclusion
Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...
eXV2.de Browser Cookie is not properly sanitised
Details ======= Product: eXV2.de CMS = 2.0.5. Severity: moderated Remote-Exploit: yes Vendor-URL: http://www.exv2.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: Vision aka n-tier http://www.i-s-o.org Original Advisory: ============...
[scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting
SiteScape forum prior 7.3 Cross Site Scripting scip AG Vulnerability ID 3159 07/13/2007 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3159 I. INTRODUCTION SiteScape forum is a commercial web forum. It uses presence to connect teams through phone, IM, chat, SMS and email, as well as voice- and...
phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability
phpCOIN = RC-1 modules/mail/index.php Remote File Include Vulnerability Script: phpCOIN Version: RC-1 URL: http://www.phpcoin.com/coinmodules/downloads/dload.php?id=1 Found by: Born To K!LL Bug in : modules/mail/index.php code : Include module functions file include...
[SA23656] b2evolution "redirect_to" HTML Attribute Cross-Site Scripting
---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When...
Adobe reader plugin PDF files universal crossite scripting
By using URIs like http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where...
eClassifieds [injection sql]
vendor site: http://enthrallweb.com/ product : eClassifieds bug:injection sql risk : medium injection sql : /ad.asp?ADID='sql /ad.asp?catid='sql /dircat.asp?cid='sql /dirSub.asp?sid='sql /ad.asp?catid=35&subid='sql /ad.asp?catid=35&subid=102&adid='sql laurent gaffi & benjamin moss http://s-a-p.ca...
AFGB GUESTBOOK 2.2 (Htmls) Remote File Include Vulnerabilities
afgb GUESTBOOK V2.2 Htmls Remote File Include Vulnerability Turkish Hacker's Discovered By : mdX ------------------------------------------------------ Cyber-Warrior TIM Ay ve YIldIzlar Geceye YakISIr... the moon and the stars suit the night Class : REmote File Code Detailed File...
[Full-disclosure] New Vuln...
Hi..... The Vuln :- Found By Sp1deRNeT My Site :- www.sp1der-n3t.com ++ www.pal-hacking.com My E-mail :- Sp1deRNeT We Are :- Sp1deRNeT , HACKERS PAL , MohajaLi . Palestinan HackerS TeAm Script :- SmartyValidate-2.8 Search in Yahoo/Google :- "SmartyValidate-2.8" ======== Exploit :-...
NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability
NSFOCUS Security Advisory SA2006-07 ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability Release Date: 2006-07-27 CVE ID: CVE-2006-3840 http://www.nsfocus.com/english/homepage/research/0607.htm Affected systems & software =================== RealSecure Network Sensor...
ChangeLog-2.6.16.6
commit 37863c8a9b7b0261ec76daad8afffe9ab5314794 Author: Greg Kroah-Hartman [email protected] Date: Mon Apr 17 13:36:51 2006 -0700 Linux 2.6.16.6 commit 512dba41bae0ec8de72269167f23b75a4770097d Author: Hugh Dickins [email protected] Date: Wed Apr 12 14:34:27 2006 -0700 PATCH shmat: stop mprotect from...
Coppermine Photo Gallery <=1.4.3 remote code execution
Coppermine Photo Gallery = 1.4.3 arbitrary local/remote inclusion: --------- - 18/02/2006 5.09.55 ----------------------------------------------------------- -------------------------------------------------------------------------------- software: site: http://coppermine-gallery.net/index.php...