47153 matches found
awiki 20100125 multiple local file inclusion vulnerabilities
awiki 20100125 multiple local file inclusion vulnerabilities download http://www.kobaonline.com/awiki/awiki-20100125.zip or http://sourceforge.net/projects/kcwiki/files/awiki/awiki-20100125.zip author muuratsalo contact muuratsaloatgmail.com exploits...
Mozilla Foundation Security Advisory 2011-13
Mozilla Foundation Security Advisory 2011-13 Title: Multiple dangling pointer vulnerabilities Impact: Critical Announced: April 28, 2011 Reporter: regenrecht Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 Description Security researcher regenrecht reported...
Mozilla Foundation Security Advisory 2011-12
Mozilla Foundation Security Advisory 2011-12 Title: Miscellaneous memory safety hazards rv:2.0.1/ 1.9.2.17/ 1.9.1.19 Impact: Critical Announced: April 28, 2011 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 4.0.1 Firefox 3.6.17 Firefox 3.5.19 Thunderbird 3.1.10 SeaMonkey 2.0.14...
HTB22917: XSS vulnerabilities in phpCollab
Vulnerability ID: HTB22917 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Stored XSS Cross...
VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0004 Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bin...
Microsoft IIS FTP Server buffer overflow
Heap buffer overflow...
[DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss
XSS vulnerability found in SAP Crystal Report Server 2008 Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://sap.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 04.03.2010 Vendor response: 05.03.2010 Date of SAPNOTE Publishe...
Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Name : BroadWorks Call Detail Record Disclosure Vulnerability Vendor Website : http://broadsoft.com/products/broadworks/ Date Released : November 2, 2010 Affected Software: BroadWor...
[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA multiple vulnerabilities
STANKOINFORMZASCHITA-10-01 Netbiter® webSCADA – multiple vulnerabilities Authors: Eugene Salov [email protected], Andrej Komarov [email protected] Product: Netbiter® webSCADA CVSS v2 Base Score: 9.0 AV:N/AC:L/Au:R/C:C/I:C/A:C Impact Subscore: 10.0 Exploitability Subscore: 8.0 Availability of...
SQL injection vulnerability in e107
Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010 Vulnerability Type: SQL Injectio...
[security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02507909 Version: 2 HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should b...
XSS vulnerability in pimcore
Vulnerability ID: HTB22562 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinpimcore.html Product: pimcore Vendor: elements.at New Media Solutions GmbH. http://www.pimcore.org/ Vulnerable Version: 1.1.0 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type:...
XSS vulnerability in Spitfire search
Vulnerability ID: HTB22483 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfiresearch.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Si...
[SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.29 Tomcat 6.0.0 to 6.0.27 Tomcat 7.0.0 Note: 7.0.0 is stil...
Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability
====================================================================== Secunia Research 12/05/2010 - Adobe Shockwave Player Integer Overflow Vulnerability - ====================================================================== Table of Contents Affected...
Apache ActiveMQ is prone to source code disclosure vulnerability.
Apache ActiveMQ Source Code Disclosure Vulnerability SecPod Technologies www.secpod.com Author Veerendra G.G SecPod ID: 1002 04/18/2010 Issue Discovered 04/20/2010 Vendor Notified 04/21/2010 Fix Available Class: Source code disclosure Severity: Medium Overview: --------- Apache ActiveMQ is prone ...
Microsoft Security Bulletin MS10-017 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
Microsoft Security Bulletin MS10-017 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution 980150 Published: March 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves seven privately reported vulnerabilities in Microsoft Offi...
AssetsSoSimple supplier_admin.php Supplier Field XSS
product: AssetsSoSimple version tested: 0.33 vendor URL: http://assetssosimple.sourceforge.net/ script: supplieradmin.php field: Supplier ooo BugsNotHugs Shared Vulnerability Disclosure Account...
XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability
Date of Discovery: 10-Nov-2009 Credits:zhangmcatmail.ustc.edu.cn Vendor: Dxmsoft Affected: XM Easy Personal FTP Server 5.8.0 Earlier versions may also be affected Overview: XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP...
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
Digital Security Research Group DSecRG Advisory DSECRG-09-010 http://dsecrg.com/pages/vul/show.php?id=110 Application: Oracle Database 10G Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 29.01.2008 Vend...
PostgreSQL multiple security vulnerabilities
Denial of Service, privilege escalation, LDAP authentication bypass...
Linux kernel multiple security vulnerabilities
Multiple DoS conditions, information leaks...
Mozilla Foundation Security Advisory 2009-44
Mozilla Foundation Security Advisory 2009-44 Title: Location bar and SSL indicator spoofing via window.open on invalid URL Impact: Moderate Announced: August 3, 2009 Reporter: Juan Pablo Lopez Yacubian Products: Firefox Fixed in: Firefox 3.5.2 Firefox 3.0.13 Description Security researcher Juan...
[SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Updated to add additional patches required for 5.5.x and 4.1.x CVE-2008-5515: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.2...
[ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability
ECHOADV102$2009 ----------------------------------------------------------------------------------------- ECHOADV102$2009 BusinessSpace = 1.2 id Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...
Mozilla Foundation Security Advisory 2009-05
Mozilla Foundation Security Advisory 2009-05 Title: XMLHttpRequest allows reading HTTPOnly cookies Impact: Low Announced: February 3, 2009 Reporter: Wladimir Palant Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.6 SeaMonkey 1.1.15 Description Developer and Mozilla community member Wladimir...
[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues
MajorSecurity Advisory 56moziloWiki - Directory Traversal, XSS and SessionFixation Issues Details ======= Product: moziloWiki Security-Risk: High Remote-Exploit: yes Vendor-URL: http://www.mozilo.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...
CORE-2008-0126: Multiple vulnerabilities in iCal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in iCal Advisory Information Title: Multiple vulnerabilities in iCal Advisory ID: CORE-2008-0126 Advisory URL:...
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities
Syhunt: HFS HTTP File Server Template Cross-Site Scripting and Information Disclosure Vulnerabilities Advisory-ID: 200801161 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 2.0 to and including 2.3Beta Build 174 Non-Affected Applications: HFS 1.6a and earlier versions...
[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1449-1 [email protected] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq -...
Bitweaver source code disclosure, arbitrary file upload
WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...
Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
sorry, i've made a mistake! only the versions = 1.0.0 are veulnerable!...
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
SnIper-sa.com SSSSS nnn nn ii ppppppp eeeeeeeee rrrrr ss nn nn nn ii pp p ee rr rr s nn nn nn ii pp p ee rr r ss nn nn nn ii ppppppp ee rr rr sssss nn nn nn ii pp eeeeee rrrr ss nn nn nn ii pp ee rrrr s nn nn nn ii pp ee rr rr ss nn nnn ii pp ee rr rr sssss nn nnn ii pp eeeeeeeeee rr rr VerY-SecR...
Multi Host Forum Pro phpbb & ipb Multiple Sql Injection
--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
b1gmail Cross Site Scripting
b1gmail Cross Site Scripting ============================ Version: 6.3.1 site: http://www.b1gmail.de Profile: Cross Site Scripting Method: POST location:hilfe.php strings: "+onmouseover=alert1898233298+ http://site.com/hilfe.php?chapter="+onmouseover=alert1898233298+ credits: malibu.r...
Best Top List Remote File Upload Vulnerability
Best Top List Remote File Upload Vulnerability ---------------------------------------------- Script : Best Top List Version : All Version Site : http://besttoplist.sourceforge.net Closed Founder : Rizgar Contact : [email protected] and irc.gigachat.net kurdhack Thanks : KHC, PH , ColdHackers...
Solaris finger bug
Hi all: Recently, we monitored a cracker from Eastern Europe, who ran 'finger 9@host' against a Solaris 7 box, and got the following result: Login Name TTY Idle When Where daemon ??? . . . . bin ??? pts/1 Oct 2, 2002 xxx.lbl.gov sys ??? . . . . account1 ??? pts/8 Jul 20, 2000 yyy.lbl.gov account2...
Remote Command Exec (FireFox 2.0.0.5 et al)
By: Nate McFeters nate dot mcfeters -at- gmail Billy BK Rios billy dot rios -at- gmail Tested in FireFox 2.0.0.5 and 3.0a6, Netscape Navigator 9, and Mozilla browser. NOTE These examples were created for WinXP SP2 with no external mail programs installed outlook, notes…etc. If you have an externa...
ImI image file inclusion in script upload
w2box: web 2.0 File Repository Upload Script Code Source http://labs.beffa.org/w2box/ Dork : "powered by w2box" Discovered by 4ur3v0ir Homepage Four: http://www.security-frog.org http://www.c-group.org http://hslteam.org Greetz To:NINF,frat2005,komtec1,kakalake,AntraX,fr34k And Staff...
safari's saved password at risk
I'd like to inform you that safari is prone to a vunlerability that allow a local user to steal safari's saved passwords by using some macosx componenets. More infos about this issue will be made available as soon as apple will provide a fix. I strongly recommend users remove all safari's saved...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
enomphp => 4.0 Remote Traversal Directory
""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM enomphp ...
Phpdebug 1.1.0 - Remote File Include by Firewall
====================================================================== Phpdebug 1.1.0 - Remote File Include by Firewall Application Affect: Phpdebug 1.1.0 Source Code: http://scripts.ringsworld.com/development-tools/phpdebug-v1.1.0.zip Code: includeonce"$debugClassLocation/debug.php"; ExPloit :...
[SA22803] ProFTPD Unspecified Vulnerability
TITLE: ProFTPD Unspecified Vulnerability SECUNIA ADVISORY ID: SA22803 VERIFY ADVISORY: http://secunia.com/advisories/22803/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: ProFTPD 1.3.x http://secunia.com/product/5430/ DESCRIPTION: Evgeny Legerov has reported a...
[Full-disclosure] iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities
IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities iDefense Security Advisory 11.08.06 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 08, 2006 I. BACKGROUND IBM Lotus Domino is a software suite designed to facilitate collaboration between co-workers. More information can be found at...
JaxUltraBB <= 2.0 (delete.php) Defaced Exploit
!/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
HP Ignite-UX Server unauthorized access
No description provided...
[Full-disclosure] Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]
Title: Microsoft Internet Information Services UTF-7 XSS Vulnerability http://www.geocities.jp/ptrssec/advisory09e.html + Date: 1 October 2006 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Internet Information Services + Overview: Using UTF-7 encoded URLs, IIS...
[SA22122] PhotoStore Cross-Site Scripting Vulnerabilities
TITLE: PhotoStore Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA22122 VERIFY ADVISORY: http://secunia.com/advisories/22122/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PhotoStore 2.x http://secunia.com/product/12118/ DESCRIPTION: meto5757 has...
Mailman 2.1.8 Multiple Security Issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0013 - Public Advisory +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Mailman 2.1.8 Multiple Security Issues +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Sep 13, 2006 PUBLISHED AT...