47153 matches found
Apache security vulnerabilities
DoS, few potential vulnerabilities...
Vulnerabilities in JW Player and millions of web sites
Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player. These are Content Spoofing and Cross-Site Scripting vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are JW Player 5.9.2156 and 5.9.2206, except one vulnerability and...
Pligg <= 9.9.0 Multiple Vulnerabilities
GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg = 9.9 Risk : Multiple Vulnerabilities Description: Pligg is a popular open source, full featured, content management system written in php. There are a number of vulnerabilities within Pligg th...
[Full-disclosure] ClamAV: Local Privilege Escalation Vulnerability On MacOS [SCN Advisory #04]
The full, up-to-date advisory will be maintained here: http://www.sentinelchicken.com/advisories/clamav/ For your convenience, a text version is included below. tim -- CLAMAV: LOCAL PRIVILEGE ESCALATION VULNERABILITY ON MACOS =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= TABLE OF...
[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04250814 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04250814 Version: 1 HPSBGN03010 rev....
[DSECRG-09-062] Alteon OS BBI (Nortell) - Multiple Vulnerabilities
Digital Security Research Group DSecRG Advisory http://dsecrg.com/pages/vul/show.php?id=161 Various XSS and XSRF vulnerabilities were identified in the Alteon OS Browser-Based Interface BBI. Application: Alteon OS BBI Versions Affected: = 21.0.8.3 and may be higher =25.1.0.0 Vendor URL:...
hMAilServer 4.4.2 (PHPWebAdmin) local & remote file inclusion
hMAilServer 4.4.2 PHPWebAdmin local & remote file inclusion poc by Nine:Situations:Group::strawdog ------------------------------------------------------------------------ our site: http://retrogod.altervista.org software site: http://www.hmailserver.com/ description:...
PHP disable_functions function aliases protection bypass
Function, disabled with disablefunctions, may be invoked by it's alias...
[Full-disclosure] OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities
Security Advisory - - OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities - ---------------------------------------------------- Product: OpenBiblio Version: Version 0.5.2 Prerelease 4 and prior is affected Url: http://obiblio.sourceforge.net/ Affected by: Full path disclosure, local file...
Web Online Games (game.php) Multiple Vulnerabilities
==================================================== Web Online Games game.php Multiple Vulnerabilities ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / ...
[USN-2787-1] audiofile vulnerability
========================================================================== Ubuntu Security Notice USN-2787-1 October 28, 2015 audiofile vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
SipXtapi SIP library buffer overflow
Buffer overflow on CSeq field parsing...
Virtual War File İnclusion
Virtual War File nclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File nclusion // get functions $vwarroot = "./"; require $vwarroot . "includes/functionscommon.php"; require $vwarroot...
Security Bulletin (MS00-087)
Microsoft Security Bulletin MS00-087 - -------------------------------------- Patch Available for "Terminal Server Login Buffer Overflow" Vulnerability Originally posted: November 08, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Window...
CSRF/XSS In Manage Engine Asset Explorer
=============================================================================== CSRF/Stored XSS Vulnerability in Manage Engine Asset Explorer =============================================================================== . contents:: Table Of Content Overview ======== Title :CSRF/Stored XSS...
Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Foresta Creativa prodotti.php?idCategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.forestacreativa.com/ Persian Gulf 4 Ever! Dork : "Powered by Foresta Creativa"...
nabopoll 1.2 Remote Unprotected Admin Section Vulnerability
By Cr@zyKing [email protected] Thakns : ApAci & Erne & Uyussman & Eno7 & Thehacker & CrackersChild Script : nabopoll 1.1.2 Risk : Remote Add Admin Exploit |High Site : http://nabocorp.com/ Google Dork : inurl:"nabopoll/" Exploit : http://target.com/nabopoll/admin/configedit.php Mysql Config For...
[badroot security] probe.cgi: Remote Command Execution
BADROOT SECURITY GROUP Security Advisory 2005 - 0x06 http://www.badroot.org irc.us.azzurra.org badroot Authors ....... spher3 spher3 at fatalimpulse dot net Date .......... 04-07-2005 Product ....... probe.cgi Type .......... Remote Command Execution o Info: ================ That script is used t...
Netscape/Mozilla SOAP integer overflow
Integer overflow in SOAPParameter object constructor...
Remote Exploit for Aborior's Encore Web Forum
================================================================== Product : Abrior's Encore WebForum Versions : Unchecked maybe version I Bug : Remote Command Execution via Display.cgi Impact : Attackers can execute remote command Risk : Medium/High Date : April 3, 2004 Bug found by : k159 from...
LockDown 2000
Official LockDown Corp. Release Systems Affected: All Windows based machines running LockDown 2000. The Problem: LockDown 2000 main text display limited the amount of text that could be entered in the main display window. If an attacker made over 200 connections to a logged port, error messages o...
Struts2 Prefixed Parameters OGNL Injection Vulnerability
CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-016...
Temenos T24 security vulnerabilities
Authentication bypass, crossite scripting...
[ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability
ECHOADV51$2006 ----------------------------------------------------------------------------------------- ECHOADV51$2006 docmint = 2.0 MYENVBASEENGINELOC Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...
IdeBox (include) Remote File Inclusion Vulnerability
IdeBox include Remote File Inclusion Vulnerability Found : Ghost Hacker Home page : www.Real-Hack.net Email : [email protected] Script : IdeBox Download Script : http://ideabox.phpoutsourcing.com/ideabox11.tgz =========================== Viva IslaM ========================== Error include.ph...
Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit
Absolute Image Gallery Gallery.ASP categoryid MSSQL Injection Exploit Type : SQL Injection Release Date : 2007-03-15 Product / Vendor : Absolute Image Gallery http://www.xigla.com/absoluteig/ Bug : http://localhost/script/gallery.asp?action=viewimage&categoryid=-SQL Inj-...
[Full-disclosure] Easy Message Board Directory Traversal and Remote Command
============================================================ ============================================================ Title: Easy Message Board Directory Traversal and Remote Command Execution Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 08/05/2005...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Restrictions bypass, information spoofing, information leakage, buffer overflows, memory corruptions, DoS, code execution...
[SA19843] Jax Guestbook "page" Cross-Site Scripting Vulnerability
TITLE: Jax Guestbook "page" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19843 VERIFY ADVISORY: http://secunia.com/advisories/19843/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Jax Guestbook 3.x http://secunia.com/product/5494/ DESCRIPTION:...
[SA14701] XMB Script Insertion Vulnerabilities
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: XMB Script Insertion Vulnerabilities SECUNIA ADVISORY...
[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05
waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-97.html Description of vulnerable...
CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites
CWB PRO Version 1.5INCLUDEPATHRemote File Include Vulnerabilites D.Script: http://codewalkers.com/codefiles/373cwbs1.5demo.zip Discovered by: GloDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/include/clsheadlineprod.php?INCLUDEPATH=Shell...
PHP Link Directory XSS Vulnerability version <= 3.0.6
Smilehouse Oy -= Security Advisory =- Advisory: PHP Link Directory XSS Vulnerability Release Date: 2007/01/21 Last Modified: 2007/01/21 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg, Associate of ISCІ [email protected] Application: PHP Link Directory = 3.0.6...
DUdirectory Admin Panel SQL Injection
DUdirectory Admin Panel SQL Injection Download: http://www.duware.com/zips/productsnew/DUdirectory31.zip Search:"DUdrirectory" DUdirectory/admin/default.asp User:'or' Pass:'or' Testing; http://www.euconvention.be/DUdirectory/admin/default.asp...
ICMP-based blind connection-reset attack
Folks, Here's the packet trace and the explanation of an ICMP-based blind connection-reset attack. In our sample scenario, a web-client 10.0.0.1, TCP port 3270 is downloading a file from a web-server 192.168.0.1, TCP port 80. If the TCP/IP implementations of both end-points are vulnerable,you can...
lab382 (dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability lab382 dettaglio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.lab382.com/ Persian Gulf 4 Ever! Dork : "Web site by: lab382.com" "inurl:dettaglio.php?id="...
All Of the Mambo & Joomla Script Remote File Inclussion Bugs..
Hi every body... There are some Remote File Inclussion bugs on Mamabo & Joomla Script... You can search ; ex: inurl:Dork , dork, allinurl:dork on google or the other search sites.. Dork: comcomprofiler Expl: administrator/components/comcomprofiler/plugin.class.php?mosConfigabsolutepath=Shell Dork...
Skype information leakage
Locally deleted messages are only marked as deleted without wipeing or squeezing the database...
Skype memory corruption
Memory corruption on file transfer...
OpenSSH cryptographic weakness
With low probability it's possible to recover few bits of plaintext...
AllMyGuests => ?_AMGconfig[cfg_serverpath] Remote File Inclusion Exploit
============================================================================ AllMyGuests = ?AMGconfigcfgserverpath Remote File Inclusion Exploit ============================================================================ Scirpt Infected signin.php Critical level : Dangerous...
Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution 969706 Published: July 28, 2009 Version: 1.0 General Information Executive Summary This security update addresses several privately reported vulnerabilities i...
[Full-Disclosure] QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004]
rfdslabs security advisory Title: QNX crrtrap arbitrary file read/write vulnerability RLSA06-2004 Versions: QNX RTOS 2.4, 4.25, 6.1.0, 6.2.0 + Update Patch A Vendor: http://www.qnx.com Date: Dec 11 2004 Author: Julio Cesar Fort julio NOSPAM rfdslabs com br 1. Introduction crrtrap is a tool to...
Security Bulletin (MS01-003)
---------------------------------------------------------------------- Title: Patch Available for Winsock Mutex Vulnerability Date: 24 January 2001 Software: Microsoft Windows NT 4.0 and Windows NT 4.0 TSE Impact: Denial of Service Bulletin: MS01-003 Microsoft encourages customers to review the...
Planet WGSD-1020
Добрый день! Не знаю, может кто уже присылал... В свитчах Planet WGSD-1020 есть закладка. Пользователь superuser с паролем planet. В пользовательском интерфейсе он нигде не упоминается, но его видно в файле конфигурации кстати, несмотря на то, что файл конфигурации бинарный, имена и пароли там...
Aerohive Hive Manager and Hive OS Multiple Vulnerabilities
, , . '.' '. ', . , '. , .', , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Aerohive Hive Manager and Hive OS Multiple Vulnerabilities Affected Versions: Aerohive Hive Manager Stand-alone and Cloud = 6.1R3 and HiveOS 6.1R3 PDF:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability
Info: Bug found by Jose Luis Gуngora Fernбndez JosS sys-projectathotmail.com http://www.spanish-hackers.com Spanish Hackers Team - SHT EspSeC & Hack0wn!. Software: ASPPortal Free Version HomePage: http://www.aspportal.net/ Exploit: Remote SQL Injection Vulnerability High Dork: "Powered by...
AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities
========================================================================================== AwAuctionScript Aw Auction Script - Market Place for WebMasters Multiple Vulnerabilities ==========================================================================================...
Security Bulletin MS01-015
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: IE can...