47153 matches found
Apache security vulnerabilities
DoS, few potential vulnerabilities...
Vulnerabilities in JW Player and millions of web sites
Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player. These are Content Spoofing and Cross-Site Scripting vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are JW Player 5.9.2156 and 5.9.2206, except one vulnerability and...
Pligg <= 9.9.0 Multiple Vulnerabilities
GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg = 9.9 Risk : Multiple Vulnerabilities Description: Pligg is a popular open source, full featured, content management system written in php. There are a number of vulnerabilities within Pligg th...
[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04250814 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04250814 Version: 1 HPSBGN03010 rev....
[Full-disclosure] ClamAV: Local Privilege Escalation Vulnerability On MacOS [SCN Advisory #04]
The full, up-to-date advisory will be maintained here: http://www.sentinelchicken.com/advisories/clamav/ For your convenience, a text version is included below. tim -- CLAMAV: LOCAL PRIVILEGE ESCALATION VULNERABILITY ON MACOS =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= TABLE OF...
[DSECRG-09-062] Alteon OS BBI (Nortell) - Multiple Vulnerabilities
Digital Security Research Group DSecRG Advisory http://dsecrg.com/pages/vul/show.php?id=161 Various XSS and XSRF vulnerabilities were identified in the Alteon OS Browser-Based Interface BBI. Application: Alteon OS BBI Versions Affected: = 21.0.8.3 and may be higher =25.1.0.0 Vendor URL:...
PHP disable_functions function aliases protection bypass
Function, disabled with disablefunctions, may be invoked by it's alias...
hMAilServer 4.4.2 (PHPWebAdmin) local & remote file inclusion
hMAilServer 4.4.2 PHPWebAdmin local & remote file inclusion poc by Nine:Situations:Group::strawdog ------------------------------------------------------------------------ our site: http://retrogod.altervista.org software site: http://www.hmailserver.com/ description:...
[Full-disclosure] OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities
Security Advisory - - OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities - ---------------------------------------------------- Product: OpenBiblio Version: Version 0.5.2 Prerelease 4 and prior is affected Url: http://obiblio.sourceforge.net/ Affected by: Full path disclosure, local file...
Web Online Games (game.php) Multiple Vulnerabilities
==================================================== Web Online Games game.php Multiple Vulnerabilities ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / ...
[USN-2787-1] audiofile vulnerability
========================================================================== Ubuntu Security Notice USN-2787-1 October 28, 2015 audiofile vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
SipXtapi SIP library buffer overflow
Buffer overflow on CSeq field parsing...
Security Bulletin (MS00-087)
Microsoft Security Bulletin MS00-087 - -------------------------------------- Patch Available for "Terminal Server Login Buffer Overflow" Vulnerability Originally posted: November 08, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Window...
Virtual War File İnclusion
Virtual War File nclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File nclusion // get functions $vwarroot = "./"; require $vwarroot . "includes/functionscommon.php"; require $vwarroot...
CSRF/XSS In Manage Engine Asset Explorer
=============================================================================== CSRF/Stored XSS Vulnerability in Manage Engine Asset Explorer =============================================================================== . contents:: Table Of Content Overview ======== Title :CSRF/Stored XSS...
Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Foresta Creativa prodotti.php?idCategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.forestacreativa.com/ Persian Gulf 4 Ever! Dork : "Powered by Foresta Creativa"...
[badroot security] probe.cgi: Remote Command Execution
BADROOT SECURITY GROUP Security Advisory 2005 - 0x06 http://www.badroot.org irc.us.azzurra.org badroot Authors ....... spher3 spher3 at fatalimpulse dot net Date .......... 04-07-2005 Product ....... probe.cgi Type .......... Remote Command Execution o Info: ================ That script is used t...
nabopoll 1.2 Remote Unprotected Admin Section Vulnerability
By Cr@zyKing [email protected] Thakns : ApAci & Erne & Uyussman & Eno7 & Thehacker & CrackersChild Script : nabopoll 1.1.2 Risk : Remote Add Admin Exploit |High Site : http://nabocorp.com/ Google Dork : inurl:"nabopoll/" Exploit : http://target.com/nabopoll/admin/configedit.php Mysql Config For...
Netscape/Mozilla SOAP integer overflow
Integer overflow in SOAPParameter object constructor...
Temenos T24 security vulnerabilities
Authentication bypass, crossite scripting...
Remote Exploit for Aborior's Encore Web Forum
================================================================== Product : Abrior's Encore WebForum Versions : Unchecked maybe version I Bug : Remote Command Execution via Display.cgi Impact : Attackers can execute remote command Risk : Medium/High Date : April 3, 2004 Bug found by : k159 from...
LockDown 2000
Official LockDown Corp. Release Systems Affected: All Windows based machines running LockDown 2000. The Problem: LockDown 2000 main text display limited the amount of text that could be entered in the main display window. If an attacker made over 200 connections to a logged port, error messages o...
Struts2 Prefixed Parameters OGNL Injection Vulnerability
CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-016...
[ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability
ECHOADV51$2006 ----------------------------------------------------------------------------------------- ECHOADV51$2006 docmint = 2.0 MYENVBASEENGINELOC Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...
[Full-disclosure] Easy Message Board Directory Traversal and Remote Command
============================================================ ============================================================ Title: Easy Message Board Directory Traversal and Remote Command Execution Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 08/05/2005...
IdeBox (include) Remote File Inclusion Vulnerability
IdeBox include Remote File Inclusion Vulnerability Found : Ghost Hacker Home page : www.Real-Hack.net Email : [email protected] Script : IdeBox Download Script : http://ideabox.phpoutsourcing.com/ideabox11.tgz =========================== Viva IslaM ========================== Error include.ph...
Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit
Absolute Image Gallery Gallery.ASP categoryid MSSQL Injection Exploit Type : SQL Injection Release Date : 2007-03-15 Product / Vendor : Absolute Image Gallery http://www.xigla.com/absoluteig/ Bug : http://localhost/script/gallery.asp?action=viewimage&categoryid=-SQL Inj-...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Restrictions bypass, information spoofing, information leakage, buffer overflows, memory corruptions, DoS, code execution...
[SA19843] Jax Guestbook "page" Cross-Site Scripting Vulnerability
TITLE: Jax Guestbook "page" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19843 VERIFY ADVISORY: http://secunia.com/advisories/19843/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Jax Guestbook 3.x http://secunia.com/product/5494/ DESCRIPTION:...
[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05
waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-97.html Description of vulnerable...
[SA14701] XMB Script Insertion Vulnerabilities
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: XMB Script Insertion Vulnerabilities SECUNIA ADVISORY...
CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites
CWB PRO Version 1.5INCLUDEPATHRemote File Include Vulnerabilites D.Script: http://codewalkers.com/codefiles/373cwbs1.5demo.zip Discovered by: GloDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/include/clsheadlineprod.php?INCLUDEPATH=Shell...
DUdirectory Admin Panel SQL Injection
DUdirectory Admin Panel SQL Injection Download: http://www.duware.com/zips/productsnew/DUdirectory31.zip Search:"DUdrirectory" DUdirectory/admin/default.asp User:'or' Pass:'or' Testing; http://www.euconvention.be/DUdirectory/admin/default.asp...
ICMP-based blind connection-reset attack
Folks, Here's the packet trace and the explanation of an ICMP-based blind connection-reset attack. In our sample scenario, a web-client 10.0.0.1, TCP port 3270 is downloading a file from a web-server 192.168.0.1, TCP port 80. If the TCP/IP implementations of both end-points are vulnerable,you can...
lab382 (dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability lab382 dettaglio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.lab382.com/ Persian Gulf 4 Ever! Dork : "Web site by: lab382.com" "inurl:dettaglio.php?id="...
PHP Link Directory XSS Vulnerability version <= 3.0.6
Smilehouse Oy -= Security Advisory =- Advisory: PHP Link Directory XSS Vulnerability Release Date: 2007/01/21 Last Modified: 2007/01/21 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg, Associate of ISCІ [email protected] Application: PHP Link Directory = 3.0.6...
Skype information leakage
Locally deleted messages are only marked as deleted without wipeing or squeezing the database...
All Of the Mambo & Joomla Script Remote File Inclussion Bugs..
Hi every body... There are some Remote File Inclussion bugs on Mamabo & Joomla Script... You can search ; ex: inurl:Dork , dork, allinurl:dork on google or the other search sites.. Dork: comcomprofiler Expl: administrator/components/comcomprofiler/plugin.class.php?mosConfigabsolutepath=Shell Dork...
Skype memory corruption
Memory corruption on file transfer...
OpenSSH cryptographic weakness
With low probability it's possible to recover few bits of plaintext...
AllMyGuests => ?_AMGconfig[cfg_serverpath] Remote File Inclusion Exploit
============================================================================ AllMyGuests = ?AMGconfigcfgserverpath Remote File Inclusion Exploit ============================================================================ Scirpt Infected signin.php Critical level : Dangerous...
[Full-Disclosure] QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004]
rfdslabs security advisory Title: QNX crrtrap arbitrary file read/write vulnerability RLSA06-2004 Versions: QNX RTOS 2.4, 4.25, 6.1.0, 6.2.0 + Update Patch A Vendor: http://www.qnx.com Date: Dec 11 2004 Author: Julio Cesar Fort julio NOSPAM rfdslabs com br 1. Introduction crrtrap is a tool to...
Security Bulletin (MS01-003)
---------------------------------------------------------------------- Title: Patch Available for Winsock Mutex Vulnerability Date: 24 January 2001 Software: Microsoft Windows NT 4.0 and Windows NT 4.0 TSE Impact: Denial of Service Bulletin: MS01-003 Microsoft encourages customers to review the...
Aerohive Hive Manager and Hive OS Multiple Vulnerabilities
, , . '.' '. ', . , '. , .', , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Aerohive Hive Manager and Hive OS Multiple Vulnerabilities Affected Versions: Aerohive Hive Manager Stand-alone and Cloud = 6.1R3 and HiveOS 6.1R3 PDF:...
Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution 969706 Published: July 28, 2009 Version: 1.0 General Information Executive Summary This security update addresses several privately reported vulnerabilities i...
Planet WGSD-1020
Добрый день! Не знаю, может кто уже присылал... В свитчах Planet WGSD-1020 есть закладка. Пользователь superuser с паролем planet. В пользовательском интерфейсе он нигде не упоминается, но его видно в файле конфигурации кстати, несмотря на то, что файл конфигурации бинарный, имена и пароли там...
AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities
========================================================================================== AwAuctionScript Aw Auction Script - Market Place for WebMasters Multiple Vulnerabilities ==========================================================================================...
ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability
Info: Bug found by Jose Luis Gуngora Fernбndez JosS sys-projectathotmail.com http://www.spanish-hackers.com Spanish Hackers Team - SHT EspSeC & Hack0wn!. Software: ASPPortal Free Version HomePage: http://www.aspportal.net/ Exploit: Remote SQL Injection Vulnerability High Dork: "Powered by...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions and buffer overflows...
Security Bulletin MS01-015
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: IE can...