47153 matches found
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows
CVE-2012-5641 Information disclosure via unescaped backslashes in URLs on Windows Affected Versions: All Windows-based releases of Apache CouchDB, up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable. Description: A specially crafted request could be used to access content directly that wou...
TomatoCart 1.x | Unrestricted File Creation
OVERVIEW TomatoCart 1.x versions are vulnerable to Unrestricted File Creation. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It is forked from osCommerce 3 as a separate project and is released under the GNU General...
Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro
---+ Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext, whic...
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...
ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-147 August 22, 2012 - -- CVE ID: CVE-2011-3897 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affecte...
PHP Jobsite v1.36 - Cross Site Scripting Vulnerabilities
Title: ====== PHP Jobsite v1.36 - Cross Site Scripting Vulnerabilities Date: ===== 2012-06-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=616 VL-ID: ===== 616 Common Vulnerability Scoring System: ==================================== 2.3 Introduction: =============...
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow MS12-037 / CVE-2012-1876 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by...
[SECURITY] [DSA 2480-2] request-tracker3.8 regression update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-2 [email protected] http://www.debian.org/security/ Florian Weimer May 29, 2012 http://www.debian.org/security/faq -...
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0004 Synopsis: VMware View privilege escalation and cross-site scripting Issue date: 2012-03-15 Updated on: 2012-03-15 initial...
ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-348 December 13, 2011 - -- CVE ID: CVE-2011-3165 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...
ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)
Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...
AdaptCMS 2.0.1 Multiple security vulnerabilities
Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities Advisory ID: SSCHADV2011-018 Author: Stefan Schurtz Affected Software: Successfully tested on AdaptCMS 2.0.1 Vendor URL: http://www.adaptcms.com/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...
Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Zones Web Solution index.php?manufacturersid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.zones.in/ Persian Gulf 4 Ever! Dork : "Powered By : Zones Web Solution"...
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq -...
[ MDVSA-2011:096 ] python
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:096 http://www.mandriva.com/security/ Package : python Date : May 22, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities have been identified an...
[security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02267197 Version: 1 HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should be...
Symantec Antivirus Corporate Edition Alert Management Service code execution
It's possible to execute commands without authentication via TCP/38292 service...
Path disclosure in CLANSPHERE
Vulnerability ID: HTB22692 Reference: http://www.htbridge.ch/advisory/pathdisclosureinclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: Path disclosure Status: Fixed by Vendor Ri...
CVE-2010-3700: Spring Security bypass of security constraints
CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...
ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability
ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-190 October 1, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iManager --...
[security bulletin] HPSBUX02556 SSRT100014 rev.1 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02288473 Version: 1 HPSBUX02556 SSRT100014 rev.1 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon ...
vBulletin 0-day Denial Of Service Exploit
========================================= vBulletin 0-day Denial Of Service Exploit ========================================= The largest Exploit Database in the world ! 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /'...
SEC Consult SA-20090901-0 :: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console
SEC Consult Security Advisory 20090901-0 ======================================================================= title: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console products: JSFTemplating FileStreamer/PhaseListener component...
LifeType 1.2.8 Remote File Inclusion Vulnerability
/=============================================================================================================================================== | | o LifeType 1.2.8 Remote File Inclusion Vulnerability | | Software : LifeType 1.2.8 | Vendor : http://lifetype.net/ | Author : Cru3l.b0y | Contact :...
(GET var 'id') BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -->
!/usr/bin/perl ------------------------------------------------------------------------------------------ GET var 'id' BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -- ------------------------------------------------------------------------------------------ CMS...
Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability
====================================================================== Secunia Research 20/10/2008 - HP SiteScope SNMP Trap Script Insertion - ====================================================================== Table of Contents Affected...
HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability
HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability Ghost Hacker , R-h Team , Real Hack We Will Be Back Soon : Found by : Ghost Hacker - R-H Team - |, .-. .-. ,| My Blog : http://gh0st10.wordpress.com | o/ o | My Email : [email protected] |/ / | Name Script : HIOX Browser...
[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...
Linux distributives OpenSSH / OpenSSL weak random generator
Weak random generation in Debian-based distributives Debian, Ubuntu...
Microsoft Security Bulletin MS08-026 – Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Microsoft Security Bulletin MS08-026 – Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution 951207 Published: May 13, 2008 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Word that cou...
Secunia Research: HP OpenView Network Node Manager OpenView5.exe Directory Traversal
====================================================================== Secunia Research 14/04/2008 - HP OpenView Network Node Manager OpenView5.exe Directory Traversal - ====================================================================== Table of Contents Affected...
Microsoft Security Bulletin MS08-016 – Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
Microsoft Security Bulletin MS08-016 – Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution 949030 Published: March 11, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Office that...
Hosting Controller - Multiple Security Bugs (Extremely Critical)
Title: Multiple Security Bugs In Hosting Controller Critical: Extremely critical Impact: Full system administrator access Vendor: Hosting Controller Version: 6.1 Hot fix = 3.3 Vendor URL: www.hostingcontroller.com Solution: N/A From company - There is temporary solution in this report Exploit:...
Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615)
Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer 942615 Published: December 11, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves four privately reported vulnerabilities. The most serious security impact...
Checkpoint ZoneAlarm multiple privilege escalations
Vsdatant.sys driver multiple IOCTLs buffer overflows. Weak permissions for executable files...
EEYE: VGX.DLL Compressed Content Heap Overflow Vulnerability
VGX.DLL Compressed Content Heap Overflow Vulnerability Release Date: August 14, 2007 Date Reported: October 24, 2006 Severity: High Code Execution Systems Affected: Internet Explorer 6 SP1 - Windows 2000 SP4 Internet Explorer 6 SP1 - Windows XP SP1 Internet Explorer 6 SP2 - Windows XP SP2 Interne...
iG Shop 1.4 eval Inclusion Vulnerability
!/usr/bin/perl -w use LWP::UserAgent; iG Shop 1.4 eval Inclusion Vulnerability found by IFX nyubicrew Vulnerability on page.php if !$action $action = "make"; // here the function will be called. eval "page$action;"; die "Example: perl $0 http://www.planetgolfuk.co.uk/shopn" unless @ARGV; $b =...
Mozilla Foundation Security Advisory 2007-13
Mozilla Foundation Security Advisory 2007-13 Title: Persistent Autocomplete Denial of Service Impact: Low Announced: May 30, 2007 Reporter: Marcel Products: Firefox Fixed in: Firefox 2.0.0.4 Firefox 1.5.0.12 Description Marcel reported that a malicious web page could perform a denial of service...
rPSA-2007-0090-1 gimp
rPath Security Advisory: 2007-0090-1 Published: 2007-05-03 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: gimp=/conary.rpath.com@rpl:devel//1/2.2.8-8.3-1 References: https://vulners.com/cve/CVE-2007-2356...
ACLS ineffective in SQL-Ledger and LedgerSMB
Hi all; I have decided to finally send to this list a serious security flaw in the design of SQL-Ledger all versions. LedgerSMB all versions is also affected but the problem with a workaround has been mentioned in our documentation since the fork. Ordinarily I would not make a big deal out of thi...
[SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Potential Denial of Service bug in smbd == CVE ID: CVE-2007-0452 == == Versions: Samba 3.0.6 - 3.0.23d inclusive == == Summary: A logic error in the deferred open code == can le...
easy-content filemanager
easy-content filemanager Email: hackerbinhphuoc atyahoo dot com website: http://www.vnsecurity.com ------------------------------------- we can hack web use easy-content filemanager very easy we search with keyword: intitle: easy-content filemanager or inurl: filemanager/Default.asp and we can...
Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include
Valdersoft Shopping Cart v3.0 E-Commerce Software commonIncludePath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +/commoninclude/common.php , /include/common.php, /admin/include/common.php +code : + + include $commonIncludePath."common.php" ; + + Exploit :...
[ECHO_ADV_58$2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV58$2006 ----------------------------------------------------------------------------------------------- ECHOADV58$2006Cyberfolio =2.0 RC1 $av Remote File Inclusion Vulnerability...
[Full-disclosure] Secunia Research: Jetbox Multiple Vulnerabilities
====================================================================== Secunia Research 02/08/2006 - Jetbox Multiple Vulnerabilities - ====================================================================== Table of Contents Affected Software....................................................1...
NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability
NSFOCUS Security Advisory SA2006-07 ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability Release Date: 2006-07-27 CVE ID: CVE-2006-3840 http://www.nsfocus.com/english/homepage/research/0607.htm Affected systems & software =================== RealSecure Network Sensor...
RE: [Full-disclosure] Cisco VPN Concentrator IKE resource exhaustionDoS Advisory
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello: This is a Cisco PSIRT response to an advisory published by an unaffiliated third party, Roy Hills, of NTA Monitor Ltd posted as of July 26, 2006 at http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html, and entitled: Cisco VPN...
ChangeLog-2.6.16.6
commit 37863c8a9b7b0261ec76daad8afffe9ab5314794 Author: Greg Kroah-Hartman [email protected] Date: Mon Apr 17 13:36:51 2006 -0700 Linux 2.6.16.6 commit 512dba41bae0ec8de72269167f23b75a4770097d Author: Hugh Dickins [email protected] Date: Wed Apr 12 14:34:27 2006 -0700 PATCH shmat: stop mprotect from...
Coppermine Photo Gallery <=1.4.3 remote code execution
Coppermine Photo Gallery = 1.4.3 arbitrary local/remote inclusion: --------- - 18/02/2006 5.09.55 ----------------------------------------------------------- -------------------------------------------------------------------------------- software: site: http://coppermine-gallery.net/index.php...