47153 matches found
HTB22917: XSS vulnerabilities in phpCollab
Vulnerability ID: HTB22917 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Stored XSS Cross...
VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0004 Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bin...
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-051 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this...
[DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss
XSS vulnerability found in SAP Crystal Report Server 2008 Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://sap.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 04.03.2010 Vendor response: 05.03.2010 Date of SAPNOTE Publishe...
Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Name : BroadWorks Call Detail Record Disclosure Vulnerability Vendor Website : http://broadsoft.com/products/broadworks/ Date Released : November 2, 2010 Affected Software: BroadWor...
[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA multiple vulnerabilities
STANKOINFORMZASCHITA-10-01 Netbiter® webSCADA – multiple vulnerabilities Authors: Eugene Salov [email protected], Andrej Komarov [email protected] Product: Netbiter® webSCADA CVSS v2 Base Score: 9.0 AV:N/AC:L/Au:R/C:C/I:C/A:C Impact Subscore: 10.0 Exploitability Subscore: 8.0 Availability of...
SQL injection vulnerability in e107
Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010 Vulnerability Type: SQL Injectio...
XSS vulnerability in Spitfire search
Vulnerability ID: HTB22483 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfiresearch.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Si...
Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability
====================================================================== Secunia Research 12/05/2010 - Adobe Shockwave Player Integer Overflow Vulnerability - ====================================================================== Table of Contents Affected...
Bonsai Information Security - OS Command Injection in Cacti <= 0.8.7e
OS Command Injection in Cacti ============================= http://www.bonsai-sec.com/en/research/vulnerability.php ============================= 1. Advisory Information Advisory ID: BONSAI-2010-0105 Date published: 2010-04-21 Vendors contacted: Cacti Release mode: Coordinated release 2...
CORE-2010-0323: XSS Vulnerability in NextGEN Gallery Wordpress Plugin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ XSS Vulnerability in NextGEN Gallery Wordpress Plugin 1. Advisory Information Title: XSS Vulnerability in NextGEN Gallery Wordpress Plugin Advisory Id: CORE-2010-0323...
CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting (XSS) Vulnerability
CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting XSS Vulnerability ============================================================== Security Advisory 03.30.2010 I. BACKGROUND Apache ActiveMQ is the most popular and powerful open source messaging and Integration Patterns provider...
[Full-disclosure] Windows SMB NTLM Authentication Weak Nonce Vulnerability
to get the scripts mentioned by this advisory please get the full version at http://www.hexale.org/advisories/OCHOA-2010-0209.txt; I did not include them here to reduce the size of this email Windows SMB NTLM Authentication Weak Nonce Vulnerability Security Advisory Hernan Ochoa [email protected] ...
CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Vulnerability Note VU#261869
Vulnerability Note VU261869 Clientless SSL VPN products break web browser domain-based security models Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...
AssetsSoSimple supplier_admin.php Supplier Field XSS
product: AssetsSoSimple version tested: 0.33 vendor URL: http://assetssosimple.sourceforge.net/ script: supplieradmin.php field: Supplier ooo BugsNotHugs Shared Vulnerability Disclosure Account...
XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability
Date of Discovery: 10-Nov-2009 Credits:zhangmcatmail.ustc.edu.cn Vendor: Dxmsoft Affected: XM Easy Personal FTP Server 5.8.0 Earlier versions may also be affected Overview: XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP...
PostgreSQL multiple security vulnerabilities
Denial of Service, privilege escalation, LDAP authentication bypass...
Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution 969883 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service...
Mozilla Foundation Security Advisory 2009-44
Mozilla Foundation Security Advisory 2009-44 Title: Location bar and SSL indicator spoofing via window.open on invalid URL Impact: Moderate Announced: August 3, 2009 Reporter: Juan Pablo Lopez Yacubian Products: Firefox Fixed in: Firefox 3.5.2 Firefox 3.0.13 Description Security researcher Juan...
Mozilla Firefox, Thunderbird, SeaMonkey, NSS multiple security vulnerabilities
Certificate spoofing, buffer overflow, code execution...
[SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Updated to add additional patches required for 5.5.x and 4.1.x CVE-2008-5515: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.2...
SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability
SEC Consult Security Advisory 20090525-1 ========================================================================== title: Nortel Contact Center Manager Server Password Disclosure program: Nortel Contact Center Manager Server vulnerable version: 6.0 homepage: http://www.nortel.com/ccms found:...
Mozilla Foundation Security Advisory 2009-15
Mozilla Foundation Security Advisory 2009-15 Title: URL spoofing with box drawing character Impact: Low Announced: April 21, 2009 Reporter: Moxie Marlinspike Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Thunderbird 2.0.0.21 SeaMonkey 1.1.15 Description Security researcher Mox...
Mozilla Foundation Security Advisory 2009-13
Mozilla Foundation Security Advisory 2009-13 Title: Arbitrary code execution via XUL tree element Impact: Critical Announced: March 27, 2009 Reporter: Nils Products: Firefox Fixed in: Firefox 3.0.8 Description Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL...
[ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability
ECHOADV102$2009 ----------------------------------------------------------------------------------------- ECHOADV102$2009 BusinessSpace = 1.2 id Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...
Mozilla Foundation Security Advisory 2009-05
Mozilla Foundation Security Advisory 2009-05 Title: XMLHttpRequest allows reading HTTPOnly cookies Impact: Low Announced: February 3, 2009 Reporter: Wladimir Palant Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.6 SeaMonkey 1.1.15 Description Developer and Mozilla community member Wladimir...
ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1)
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2009-01-27-1 ------------------------------------------------------------------------- ASPR 2009-01-27-1: HTML Injection in BEA WebLogic Server Console...
[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues
MajorSecurity Advisory 56moziloWiki - Directory Traversal, XSS and SessionFixation Issues Details ======= Product: moziloWiki Security-Risk: High Remote-Exploit: yes Vendor-URL: http://www.mozilo.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...
CORE-2008-0126: Multiple vulnerabilities in iCal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in iCal Advisory Information Title: Multiple vulnerabilities in iCal Advisory ID: CORE-2008-0126 Advisory URL:...
[Full-disclosure] iDefense Security Advisory 04.08.08: Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability
iDefense Security Advisory 04.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 08, 2008 I. BACKGROUND The HxTocCtrl ActiveX Control is a library used by the Microsoft Help engine. More information is available at the following website. http://en.wikipedia.org/wiki/MicrosoftHelp2 I...
[security bulletin] HPSBMA02307 SSRT071420 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01321117 Version: 1 HPSBMA02307 SSRT071420 rev.1 - HP OpenView Network Node Manager OV NNM Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as...
IpSwitch WS_FTPSERVER with SSH remote Buffer Overflow
IpSwitch WSFTPSERVER with SSH remote Buffer Overflow Website:http://www.wsftp.com/products/wsftpserver/ Version:6.1.0.0 last one,others might be vuln too Bug: Remote Buffer Overflow CD 8e8.a78: Access violation - code c0000005 first chance First chance exceptions are reported before any exception...
BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include
Name : BLOG:CMS 4.2.1.c DIRPLUGINS Multiple Remote File Include Download From : http://dfn.dl.sourceforge.net/sourceforge/blogcms/blogcms.4.2.1.c.7z Or Here http://blogcms.com Found By : RoMaNcYxHaCkEr We Are H-T TeaM Houssamix - ToXiC Home Page : Not Yet : Tryag.cc/cc No-Hack.net V99x.com/vb...
Bitweaver source code disclosure, arbitrary file upload
WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...
b1gmail Cross Site Scripting
b1gmail Cross Site Scripting ============================ Version: 6.3.1 site: http://www.b1gmail.de Profile: Cross Site Scripting Method: POST location:hilfe.php strings: "+onmouseover=alert1898233298+ http://site.com/hilfe.php?chapter="+onmouseover=alert1898233298+ credits: malibu.r...
CVE-2007-3385: Handling of \" in cookies
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3385: Handling of " in cookies Severity: Low Session Hi-jacking Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 3.3 to 3.3.2 Description: Tomcat incorrectly handles the...
[ECHO_ADV_83$2007] PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability
ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...
Mozilla Foundation Security Advisory 2007-27
Mozilla Foundation Security Advisory 2007-27 Title: Unescaped URIs passed to external programs Impact: Critical Announced: July 30, 2007 Reporter: Jesper Johansson Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.6 Thunderbird 2.0.0.6 Thunderbird 1.5.0.13 SeaMonkey 1.1.4...
Solaris finger bug
Hi all: Recently, we monitored a cracker from Eastern Europe, who ran 'finger 9@host' against a Solaris 7 box, and got the following result: Login Name TTY Idle When Where daemon ??? . . . . bin ??? pts/1 Oct 2, 2002 xxx.lbl.gov sys ??? . . . . account1 ??? pts/8 Jul 20, 2000 yyy.lbl.gov account2...
ImI image file inclusion in script upload
w2box: web 2.0 File Repository Upload Script Code Source http://labs.beffa.org/w2box/ Dork : "powered by w2box" Discovered by 4ur3v0ir Homepage Four: http://www.security-frog.org http://www.c-group.org http://hslteam.org Greetz To:NINF,frat2005,komtec1,kakalake,AntraX,fr34k And Staff...
Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 934233 Published: May 8, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Excel Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...
GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability
By Cr@zyKing [email protected] Biyosecurity.Net & Expw0rm.Com Thanks : Liz0 & DarkXBoyZ & Eno7 & ApAci & Uyuss & CrackersChild & Th343k1R & Xoron & Ajannn Portal : GHH Wersion : 1.1 GHH Portal 1.1 passwd.txt Remote Password Disclosure Vulnerability Demo : http://ghh.sourceforge.net/demo Vuln :...
[MajorSecurity Advisory #46]Plogger - Session fixation Issue
MajorSecurity Advisory 46Plogger - Session fixation Issue Details ======= Product: Plogger Remote-Exploit: yes Vendor-URL: http://www.plogger.org Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de Original Advisory:...
RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- RicarGBooK 1.2.1 -=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Local File Inclusion Vulnerabilitiy By Cookie...
Aruba Mobility Controller multiple security vulnerabilities
Unauthorized access to management interface thorugh wireless network. Buffer overflow...
[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory OpenPKG GmbH http://openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.030 2006-11-04 Package: ruby Vulnerability: denial of service OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLI...
Lou Portail 1.4.1 Remote|Local File Include Vulnerability
Lou Portail 1.4.1 Class: Remote|Local File Include Vulnerability Patch: Unavailable Published 2006/10/18 Remote: Yes Local: No Type: High Site: http://louportail.free.fr/ Author: MP Contact: [email protected] Vuln Code admin/adminmodule.php: ?... include "$gadminrep/adminutils.$gext"; ...? Vuln 1...