47153 matches found
Microsoft Security Bulletin MS10-017 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
Microsoft Security Bulletin MS10-017 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution 980150 Published: March 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves seven privately reported vulnerabilities in Microsoft Offi...
Cross-Site Scriting on Portwise SSL VPN v4.6
PR09-04: Cross-Site Scriting on Portwise SSL VPN v4.6 Vulnerability found: 25th March 2009 Vendor informed: 28th April 2009 Vulnerability fixed: Severity: Medium Description: The Portwise portal login page is vulnerable to XSS. Portwise is a SSL-VPN portal. Note: Other version might be affected a...
AssetsSoSimple supplier_admin.php Supplier Field XSS
product: AssetsSoSimple version tested: 0.33 vendor URL: http://assetssosimple.sourceforge.net/ script: supplieradmin.php field: Supplier ooo BugsNotHugs Shared Vulnerability Disclosure Account...
XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability
Date of Discovery: 10-Nov-2009 Credits:zhangmcatmail.ustc.edu.cn Vendor: Dxmsoft Affected: XM Easy Personal FTP Server 5.8.0 Earlier versions may also be affected Overview: XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP...
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
Digital Security Research Group DSecRG Advisory DSECRG-09-010 http://dsecrg.com/pages/vul/show.php?id=110 Application: Oracle Database 10G Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 29.01.2008 Vend...
Adobe Acrobat / Reader multiple security vulnerabilities
Multiple memory corruptions, array index overflows, etc...
Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525)
Microsoft Security Bulletin MS09-060 - Critical Vulnerabilities in Microsoft Active Template Library ATL ActiveX Controls for Microsoft Office Could Allow Remote Code Execution 973965 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves...
PostgreSQL multiple security vulnerabilities
Denial of Service, privilege escalation, LDAP authentication bypass...
Mozilla Foundation Security Advisory 2009-44
Mozilla Foundation Security Advisory 2009-44 Title: Location bar and SSL indicator spoofing via window.open on invalid URL Impact: Moderate Announced: August 3, 2009 Reporter: Juan Pablo Lopez Yacubian Products: Firefox Fixed in: Firefox 3.5.2 Firefox 3.0.13 Description Security researcher Juan...
Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager July 22, 2009 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11 11.1.0.6, 11.1.0.7 and Oracle Enterprise Manager 10g Gri...
[SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Updated to add additional patches required for 5.5.x and 4.1.x CVE-2008-5515: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.2...
SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability
SEC Consult Security Advisory 20090525-1 ========================================================================== title: Nortel Contact Center Manager Server Password Disclosure program: Nortel Contact Center Manager Server vulnerable version: 6.0 homepage: http://www.nortel.com/ccms found:...
Mozilla Foundation Security Advisory 2009-15
Mozilla Foundation Security Advisory 2009-15 Title: URL spoofing with box drawing character Impact: Low Announced: April 21, 2009 Reporter: Moxie Marlinspike Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Thunderbird 2.0.0.21 SeaMonkey 1.1.15 Description Security researcher Mox...
Microsoft Security Bulletin MS09-007 - Important Vulnerability in SChannel Could Allow Spoofing (960225)
Microsoft Security Bulletin MS09-007 - Important Vulnerability in SChannel Could Allow Spoofing 960225 Published: March 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in the Secure Channel SChannel security package in...
OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities
Multiple vulnerabilities in SSL/TLS DSA/ECDSA certificate chain validations...
Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet)
Oracle Forms Cross site Scripting in iFcgi60.exe / f60servlet About: Oracle Forms is a tool somewhat like Visual Basic in appearance, but the code inside is PL/SQL which allows a developer to quickly create user-interface applications which access an Oracle database in a very efficient and...
Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability
Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: SQL Injection Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta e-mail:...
Joomla component beamospetition 1.0.12 Sql Injection
Joomla component beamospetition 1.0.12 Sql Injection / Xss Author : vdss Dork : "Powered by beamospetition 1.0.12" Dl : http://joomlacode.org/gf/project/beamospetition/ Xss : http://site/?option=combeamospetition&func=sign&pet='scriptalert'Xss'/script Sql Injection :...
VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0019 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 Issue dat...
GoodTech SSH Remote Buffer Overflow Exploit
GoodTech SSH Remote Buffer Overflow Exploit Written by r0ut3r - writ3r at gmail.com SSHFXPOPEN command contains a buffer oveflow. All other operations are also vulnerable, opendir, unlink, etc. use Net::SSH2; my $user = "root"; my $pass = "yahh"; my $ip = "127.0.0.1"; my $port = 22; my $ssh2 =...
[Full-disclosure] iDefense Security Advisory 04.08.08: Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability
iDefense Security Advisory 04.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 08, 2008 I. BACKGROUND The HxTocCtrl ActiveX Control is a library used by the Microsoft Help engine. More information is available at the following website. http://en.wikipedia.org/wiki/MicrosoftHelp2 I...
PHP-Nuke Module Downloads SQL Injection(sid)
PHP-Nuke Module Downloads SQL Injectionsid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl: sid "modules php name Downloads" DORK 2 : allinurl: sid"dop=viewsdownload" EXPLOIT : admin =...
IpSwitch WS_FTPSERVER with SSH remote Buffer Overflow
IpSwitch WSFTPSERVER with SSH remote Buffer Overflow Website:http://www.wsftp.com/products/wsftpserver/ Version:6.1.0.0 last one,others might be vuln too Bug: Remote Buffer Overflow CD 8e8.a78: Access violation - code c0000005 first chance First chance exceptions are reported before any exception...
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities
Syhunt: HFS HTTP File Server Template Cross-Site Scripting and Information Disclosure Vulnerabilities Advisory-ID: 200801161 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 2.0 to and including 2.3Beta Build 174 Non-Affected Applications: HFS 1.6a and earlier versions...
[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1449-1 [email protected] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq -...
Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
sorry, i've made a mistake! only the versions = 1.0.0 are veulnerable!...
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
SnIper-sa.com SSSSS nnn nn ii ppppppp eeeeeeeee rrrrr ss nn nn nn ii pp p ee rr rr s nn nn nn ii pp p ee rr r ss nn nn nn ii ppppppp ee rr rr sssss nn nn nn ii pp eeeeee rrrr ss nn nn nn ii pp ee rrrr s nn nn nn ii pp ee rr rr ss nn nnn ii pp ee rr rr sssss nn nnn ii pp eeeeeeeeee rr rr VerY-SecR...
Multi Host Forum Pro phpbb & ipb Multiple Sql Injection
--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting
S21Sec Advisory - Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa [email protected] Pablo Seijo Cajaraville...
ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability
ZDI-07-057: Firebird processpacket Remote Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-057.html October 10, 2007 -- CVE ID: CVE-2007-4992 -- Affected Vendor: Firebird -- Affected Products: Firebird SQL 2.0.2 -- TippingPointTM IPS Customer Protection: TippingPoin...
DRBGuestbook Remote XSS Vulnerability
Oo Title: DRBGuestbook Remote XSS Vulnerability Download: http://www.hotscripts.com/jump.php?listingid=67702&jumptype=1 Author: Gokhan Contact: [email protected] | KAF KAF KAF SIN SIN SIN KAFSIN KAFSIN KAF Vuln Code: index.php XSS:...
Best Top List Remote File Upload Vulnerability
Best Top List Remote File Upload Vulnerability ---------------------------------------------- Script : Best Top List Version : All Version Site : http://besttoplist.sourceforge.net Closed Founder : Rizgar Contact : [email protected] and irc.gigachat.net kurdhack Thanks : KHC, PH , ColdHackers...
Remote Command Exec (FireFox 2.0.0.5 et al)
By: Nate McFeters nate dot mcfeters -at- gmail Billy BK Rios billy dot rios -at- gmail Tested in FireFox 2.0.0.5 and 3.0a6, Netscape Navigator 9, and Mozilla browser. NOTE These examples were created for WinXP SP2 with no external mail programs installed outlook, notes…etc. If you have an externa...
safari's saved password at risk
I'd like to inform you that safari is prone to a vunlerability that allow a local user to steal safari's saved passwords by using some macosx componenets. More infos about this issue will be made available as soon as apple will provide a fix. I strongly recommend users remove all safari's saved...
Fıstıq Duyuru Scripti Remote Sql İnjection Exploit
Fstq Duyuru Scripti Remote Sql njection File : goster.asp Sql : -120union+all+select+0,kullaniciadi,sifre,3+from+admin Admin Name + Admin Pass Admin Menu: yoneticiii/default.asp Thanks : Ajann , Xoron , ApAci , ErNE , Uyuss , Eno7 , Thehacker , Enjexion .pl Exploit Code : !/usr/bin/perl Script...
Adobe reader plugin PDF files universal crossite scripting
By using URIs like http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where...
Phpdebug 1.1.0 - Remote File Include by Firewall
====================================================================== Phpdebug 1.1.0 - Remote File Include by Firewall Application Affect: Phpdebug 1.1.0 Source Code: http://scripts.ringsworld.com/development-tools/phpdebug-v1.1.0.zip Code: includeonce"$debugClassLocation/debug.php"; ExPloit :...
[Full-disclosure] iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities
IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities iDefense Security Advisory 11.08.06 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 08, 2006 I. BACKGROUND IBM Lotus Domino is a software suite designed to facilitate collaboration between co-workers. More information can be found at...
phpBB Ajax Shoutbox <= 0.0.5 Remote File Include Vulnerability
Title: phpBB Ajax Shoutbox = 0.0.5 phpbbrootpath Remote File Inclusion Author/Discovery: boecke Vulnerability Type: Remote File Inclusion Risk: High Risk Software Affected: phpBB Ajax Shoutbox = 0.0.5 Release Source: http://usuarios.lycos.es/kinfule/download.php?id=16 Release Page @ phpBB.com :...
Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability
.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | / / :. . ..: ||| / .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Kochsuite v0.9.4 Mambo/Joomla CMS Component . . : contact :...
[Full-disclosure] Multiple Vulns in Bitrix CMS
Multiple Vulns in Bitrix CMS Vendor bitrix.com Version The latest one 4.1.x Severity Medium Patched: No Multiple vulnerabilities discovered in Bitrix CMS. A remote attacker can conduct XSS attacks and compromise vulnerable system. 1. A remote attacker can get information about version history and...
[TZO-062006] Safe'nVulnerable
Safe'nSec - Insecure File execution and Auto-startup Ref : TZO-062006-SafenSec Author : Thierry Zoller WWW : http://secdev.zoller.lu Article : http://secdev.zoller.lu/research/safensec.htm I. Background "Safe'n'Sec is complex data and user applications protection against threats and vulnerabiliti...
[SA18325] OnePlug CMS SQL Injection Vulnerabilities
TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...
CommonSpot Content Server vuln.
CommonSpot Content Server vuln. Vuln. discovered by : r0t Date: 23 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/commonspot-content-server-vuln.html vendor:http://www.paperthin.com/ affected version:4.5 and prior Product Description: PaperThin's award-winning technology enables o...
iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability
Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability iDEFENSE Security Advisory 10.11.05 www.idefense.com/application/poi/display?id=319&type=vulnerabilities October 11, 2005 I. BACKGROUND The Distributed Transaction Controller provides a method for disparate processes to...
[Full-disclosure] Advisory 01/2005: Fileupload/download vulnerability in Trac
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy Python Hackers Project www.hardened-php.net -= Security Advisory =- Advisory: Fileupload/download vulnerability in Trac Release Date: 2005/06/20 Last Modified: 2005/06/20 Author: Stefan Esser [email protected] Application: Trac = 0.8.3...
[SA13074] FsPHPGallery Denial of Service and Disclosure of System Information Vulnerabilities
---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...
[waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]
================================================================================ waraxe-2004-SA012 ================================================================================ Multiple vulnerabilities in XMB 1.8 Partagium SP3 and 1.9 Nexus Beta...
Buffer overflow in mshtml.dll
Stack overflow on long filename or extension in EMBED tag...
CDE bug in Unixware 7.1
Hi, I'm jGgM. Unixware 7.1 dtlogin make bug reporting to /var/dt/Xerrors. but, permision of /var/dt is 777. make symlink /var/dt/Xerrors to any file. for example ln -sf /etc/.rhosts /var/dt/Xerrors and, Login from another system to Unixware machine. If another system does not have hostname,...