47153 matches found
Microsoft Security Bulletin MS08-006 – Important Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Microsoft Security Bulletin MS08-006 – Important Vulnerability in Internet Information Services Could Allow Remote Code Execution 942830 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important update resolves a privately reported vulnerability in Internet...
Mozilla Foundation Security Advisory 2008-06
Mozilla Foundation Security Advisory 2008-06 Title: Web browsing history and forward navigation stealing Impact: Critical Announced: February 7, 2008 Reporter: David Bloom Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 SeaMonkey 1.1.8 Description Mozilla contributor David...
[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1449-1 [email protected] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq -...
Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
sorry, i've made a mistake! only the versions = 1.0.0 are veulnerable!...
Multi Host Forum Pro phpbb & ipb Multiple Sql Injection
--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
Mozilla Foundation Security Advisory 2007-29
Mozilla Foundation Security Advisory 2007-29 Title: Crashes with evidence of memory corruption rv:1.8.1.8 Impact: Critical Announced: October 18, 2007 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.8 Thunderbird 2.0.0.8 SeaMonkey 1.1.5...
S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting
S21Sec Advisory - Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa [email protected] Pablo Seijo Cajaraville...
ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability
ZDI-07-057: Firebird processpacket Remote Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-057.html October 10, 2007 -- CVE ID: CVE-2007-4992 -- Affected Vendor: Firebird -- Affected Products: Firebird SQL 2.0.2 -- TippingPointTM IPS Customer Protection: TippingPoin...
DRBGuestbook Remote XSS Vulnerability
Oo Title: DRBGuestbook Remote XSS Vulnerability Download: http://www.hotscripts.com/jump.php?listingid=67702&jumptype=1 Author: Gokhan Contact: [email protected] | KAF KAF KAF SIN SIN SIN KAFSIN KAFSIN KAF Vuln Code: index.php XSS:...
iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities
IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end...
EEYE: VGX.DLL Compressed Content Heap Overflow Vulnerability
VGX.DLL Compressed Content Heap Overflow Vulnerability Release Date: August 14, 2007 Date Reported: October 24, 2006 Severity: High Code Execution Systems Affected: Internet Explorer 6 SP1 - Windows 2000 SP4 Internet Explorer 6 SP1 - Windows XP SP1 Internet Explorer 6 SP2 - Windows XP SP2 Interne...
Best Top List Remote File Upload Vulnerability
Best Top List Remote File Upload Vulnerability ---------------------------------------------- Script : Best Top List Version : All Version Site : http://besttoplist.sourceforge.net Closed Founder : Rizgar Contact : [email protected] and irc.gigachat.net kurdhack Thanks : KHC, PH , ColdHackers...
Remote Command Exec (FireFox 2.0.0.5 et al)
By: Nate McFeters nate dot mcfeters -at- gmail Billy BK Rios billy dot rios -at- gmail Tested in FireFox 2.0.0.5 and 3.0a6, Netscape Navigator 9, and Mozilla browser. NOTE These examples were created for WinXP SP2 with no external mail programs installed outlook, notes…etc. If you have an externa...
[USN-470-1] Linux kernel vulnerabilities
=========================================================== Ubuntu Security Notice USN-470-1 June 08, 2007 linux-source-2.6.20 vulnerabilities CVE-2007-1353, CVE-2007-2451, CVE-2007-2453 =========================================================== A security issue affects the following Ubuntu...
Apache httpd vulenrabilities
PSNC Security Team has got the pleasure to announce that, as a result of Apache httpd server ver. 1.3.x, 2.0.x and 2.2.x source code analysis, several vulnerabilities have been found that make it possible to perfom a DoS attack against the services and the system that the application is running o...
safari's saved password at risk
I'd like to inform you that safari is prone to a vunlerability that allow a local user to steal safari's saved passwords by using some macosx componenets. More infos about this issue will be made available as soon as apple will provide a fix. I strongly recommend users remove all safari's saved...
rPSA-2007-0090-1 gimp
rPath Security Advisory: 2007-0090-1 Published: 2007-05-03 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: gimp=/conary.rpath.com@rpl:devel//1/2.2.8-8.3-1 References: https://vulners.com/cve/CVE-2007-2356...
Net Side Content Management System
I see your future and your future is death. Sharingan ! -------------------------------------------------------------------------------------------------------------- Hi I'm sharingan and this is my vuln : script name : Net Side Content Management System 2 versions found both vulnerable | Version...
Fıstıq Duyuru Scripti Remote Sql İnjection Exploit
Fstq Duyuru Scripti Remote Sql njection File : goster.asp Sql : -120union+all+select+0,kullaniciadi,sifre,3+from+admin Admin Name + Admin Pass Admin Menu: yoneticiii/default.asp Thanks : Ajann , Xoron , ApAci , ErNE , Uyuss , Eno7 , Thehacker , Enjexion .pl Exploit Code : !/usr/bin/perl Script...
easy-content filemanager
easy-content filemanager Email: hackerbinhphuoc atyahoo dot com website: http://www.vnsecurity.com ------------------------------------- we can hack web use easy-content filemanager very easy we search with keyword: intitle: easy-content filemanager or inurl: filemanager/Default.asp and we can...
Adobe reader plugin PDF files universal crossite scripting
By using URIs like http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where...
Phpdebug 1.1.0 - Remote File Include by Firewall
====================================================================== Phpdebug 1.1.0 - Remote File Include by Firewall Application Affect: Phpdebug 1.1.0 Source Code: http://scripts.ringsworld.com/development-tools/phpdebug-v1.1.0.zip Code: includeonce"$debugClassLocation/debug.php"; ExPloit :...
NuRems 1.0 Remote XSS/SQL Injection Exploit
From:Filistin,Lubnan,IraQ,Turkey NuRems 1.0 Remote XSS/SQL Injection Exploit XSS: form name=RequestForm action="http://x/sch1.asp" method="POST" select name="stcode" size=10 option value="XSS HERE"Alabama /select td align=center INPUT TYPE="submit" VALUE="Show cities..." /form /XSS SQL:...
phpBB Ajax Shoutbox <= 0.0.5 Remote File Include Vulnerability
Title: phpBB Ajax Shoutbox = 0.0.5 phpbbrootpath Remote File Inclusion Author/Discovery: boecke Vulnerability Type: Remote File Inclusion Risk: High Risk Software Affected: phpBB Ajax Shoutbox = 0.0.5 Release Source: http://usuarios.lycos.es/kinfule/download.php?id=16 Release Page @ phpBB.com :...
[Full-disclosure] Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: Xeobook = 0.93 Multiple SQL Injection Vulnerabilities Release Date: 10/12/2006 Last Modified: 10/12/2006 Author: Tamriel tamriel at gmx dot net Application: Xeobook = 0.93 Risk: Moderate Vendor Status: not contacted Vendor Site:...
Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability
.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | / / :. . ..: ||| / .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Kochsuite v0.9.4 Mambo/Joomla CMS Component . . : contact :...
[Full-disclosure] Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities Release Date: 2006/07/25 Last Modified: 2006/07/25 Author: Tamriel tamriel at gmx dot net Application: Professional Home Page Tools Login Script Risk: Low Vendor...
[TZO-062006] Safe'nVulnerable
Safe'nSec - Insecure File execution and Auto-startup Ref : TZO-062006-SafenSec Author : Thierry Zoller WWW : http://secdev.zoller.lu Article : http://secdev.zoller.lu/research/safensec.htm I. Background "Safe'n'Sec is complex data and user applications protection against threats and vulnerabiliti...
Microsoft Embedded OpenType Font Engine "t2embed" Remote Heap Overflow
/ oh my, bad luck, eEye released the advisory few minutes ago, and I've been researching this bug since about a week, sorry, it's cancelled / NOTE: this is super initial raport, if you expect some more info mail me for the bank account number... Microsoft Embedded OpenType Font Engine "t2embed"...
[SA18325] OnePlug CMS SQL Injection Vulnerabilities
TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...
Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution 902400 Published: October 11, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Ratin...
CDE bug in Unixware 7.1
Hi, I'm jGgM. Unixware 7.1 dtlogin make bug reporting to /var/dt/Xerrors. but, permision of /var/dt is 777. make symlink /var/dt/Xerrors to any file. for example ln -sf /etc/.rhosts /var/dt/Xerrors and, Login from another system to Unixware machine. If another system does not have hostname,...
Option to VERITAS Cluster Server (VCS) lltstat command will panic system.
I had a hell of a time getting through to Veritas, but after I did they reacted VERY quickly. I apologize that I didn't get this info out to the general community sooner, but Veritas didn't tell me that they released the fix. In the name of full disclosure: synopsis: "When using VERITAS Cluster...
Broker FTP unauthorized directory browsing and plain text password storing
403-SECURITY advisory Issue: Broker FTP unauthorized directory browsing and plain text password storing Author: Astral [email protected] Discovered: 07.11.2000 Published: 22.11.2000 Version: 4.7.5.0 others are probably vulnerable too Vendor: TransSoft I. Description: Broker FTP is powerful...
CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...
Checkmarx CxQL Sandbox bypass (CVE-2014-8778)
Checkmarx CxQL Sandbox bypass CVE-2014-8778 Vendor: Checkmarx - www.checkmarx.com Product: CxSuite Version affected: 7.1.5 and prior Credit: Huy-Ngoc DAU @ngocdh of Deloitte Conseil, France ================================ Introduction ================================ Checkmarx is a static source...
Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin
Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin CVE: CVE-2015-7667 Vendor: WordPress web-mv Product: ResAds Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...
owncloud multiple security vulnerabilities
Code execution, authentication bypass, information disclosure, crossite scripting, DoS...
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a...
APPLE-SA-2015-08-13-4 OS X Server v4.1.5
APPLE-SA-2015-08-13-4 OS X Server v4.1.5 OS X Server v4.1.5 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10.5 or later Impact: A remote attacker may be able to cause a denial of service Description: An assertion issue existed in the handling of TKEY packets...
SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150716-0 ======================================================================= title: Permanent Cross-Site Scripting product: Oracle Application Express vulnerable version: All versions prior to...
CVE-2015-1773 Apache Flex reflected XSS vulnerability
CVE-2015-1773 Apache Flex reflected XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: All versions of Apache Flex before 4.14.1 Description: The asdoc tool produced JavaScript code that was vulnerable to a reflected XSS attack. A request with a specially...
[ MDVSA-2015:200 ] mediawiki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:200 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : April 10, 2015 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: In...
[USN-2536-1] libXfont vulnerabilities
========================================================================== Ubuntu Security Notice USN-2536-1 March 18, 2015 libxfont vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Morfy CMS v1.05 - Command Execution Vulnerability
Document Title: =============== Morfy CMS v1.05 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1367 https://github.com/Awilum/monstra-cms/issues/351 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185 CVE-ID:...
OpenSSL multiple security vulnerabilities
Poodle attack. Protocol version downgrade to SSL 3.0. Memory leaks in SRTP and session tickets. Insufficient no-ssl3 protection. Data leakage via padding attack...
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire
Advisory: Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Details ======= Product: kequestionnaire Affected Versions: 2.5.2...
CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5392 =================== "XML eXternal Entity XXE" CWE-611 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload automation tool. It i...
[security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04472866 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04472866 Version: 1 HPSBMU03127 rev....
[USN-2359-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2359-1 September 23, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...