47153 matches found
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
waraxe-2012-SA081 - Multiple Vulnerabilities in Coppermine 1.5.18 ============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-81.html Affected Software: Coppermine is a...
Mozilla Foundation Security Advisory 2012-06
Mozilla Foundation Security Advisory 2012-06 Title: Uninitialized memory appended when encoding icon images may cause information disclosure Impact: High Announced: January 31, 2012 Reporter: Tim Abraldes Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 10.0 Thunderbird 10.0 SeaMonkey...
ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-015 : 0Day HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-12-015 January 12, 2012 - -- CVE ID: CVE-2011-4788 - -- CVSS: 9, AV:N/AC:L/Au:N/C:C/I:P/A:P - -- Affecte...
Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability
Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability Software : Oxide M0N0X1D3 HTTP Server Software Version : 20040223 Vendor: http://sourceforge.net/projects/oxide-ws/ Vulnerability Published : 2011-11-15 Vulnerability Update Time : Status : Impact : Medium Bug Description : Oxid...
Valid tiny-erp <= 1.6 SQL Injection Vulnerability
Dear all, I have found a SQL injection vulnerability in Valid tiny-erp = 1.6. It seems to be version 1.6 as you can see in the 'project' section of www.valid.gr. Anyway there is not any specific number version in the sourceforge page. I reported the vulnerability to the vendor but no response as...
Mozilla Foundation Security Advisory 2011-52
Mozilla Foundation Security Advisory 2011-52 Title: Code execution via NoWaiverWrapper Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla security researcher mozbugra4 reported that an internal...
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability tested against: Microsoft Windows 2k3 r2 sp2 Oracle Hyperion Performance Management and BI v11.1.2.1.0 download url of the Oracle Hyperion suite:...
CVE-2011-2731: Spring Security privilege escalation when using RunAsManager
CVE-2011-2731: Spring Security privilege escalation when using RunAsManager Severity: Moderate Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security provides a mechanism RunAsManager to allow particular operations to run with a differe...
ZDI-11-244: (0day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability
ZDI-11-244: 0day FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-244 July 28, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Flexera Software -- Affected Products: Flexera Software FlexNet License Serv...
CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite
Advisory: Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment File Uploading Module- E-Business Suite CVE-2010-2404 Version Affected - 11.5.10.2, 12.0.6, 12.1.3 About: Oracle I-Recruitment Suite Oracle iRecruitment is a web based full-cycle recruiting solution that gives manager...
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-195 June 14, 2011 -- CVE ID: CVE-2011-1261 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...
Mozilla Foundation Security Advisory 2011-13
Mozilla Foundation Security Advisory 2011-13 Title: Multiple dangling pointer vulnerabilities Impact: Critical Announced: April 28, 2011 Reporter: regenrecht Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 Description Security researcher regenrecht reported...
HTB22924: Arbitrary Command Execution in phpAlbum.net
Vulnerability ID: HTB22924 Reference: http://www.htbridge.ch/advisory/arbitrarycommandexecutioninphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: Arbitrary Command Executio...
HTB22917: XSS vulnerabilities in phpCollab
Vulnerability ID: HTB22917 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Stored XSS Cross...
HTB22918: Path disclosure in phpCollab
Vulnerability ID: HTB22918 Reference: http://www.htbridge.ch/advisory/pathdisclosureinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Path disclosure Risk...
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-051 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this...
[DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method
ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting, File deleting Exploits: YES...
XSS vulnerability in GetSimple CMS
Vulnerability ID: HTB22609 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingetsimplecms1.html Product: GetSimple CMS Vendor: Cagintranet Networks http://get-simple.info/ Vulnerable Version: 2.01 and Probably Prior Versions Vendor Notification: 15 September 2010 Vulnerability Type:...
[security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02507909 Version: 2 HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should b...
Oracle / Sun applications multiple security vulneraebilities
Quarterly update fixed 59 different vulnerabilities...
Microsoft IIS memory corruption
Memory corruption if Extended Protection for Authentication is enabled...
Security update available for Shockwave Player
Security update available for Shockwave Player Release date: May 11, 2010 Vulnerability identifier: APSB10-12 CVE number: CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987, CVE-2010-1280, CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284,...
CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting (XSS) Vulnerability
CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting XSS Vulnerability ============================================================== Security Advisory 03.30.2010 I. BACKGROUND Apache ActiveMQ is the most popular and powerful open source messaging and Integration Patterns provider...
[Full-disclosure] Windows SMB NTLM Authentication Weak Nonce Vulnerability
to get the scripts mentioned by this advisory please get the full version at http://www.hexale.org/advisories/OCHOA-2010-0209.txt; I did not include them here to reduce the size of this email Windows SMB NTLM Authentication Weak Nonce Vulnerability Security Advisory Hernan Ochoa [email protected] ...
CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...
Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution 969883 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service...
Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege 970953 Published: July 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Internet...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities. An advisory by EnableSecurity. Trustwave published a joint advisory named TWSL2009-001 ID: ES-20090500 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt Affected Versions: versions prior...
iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 05.14.09 http://labs.idefense.com/intelligence/vulnerabilities/ May 14, 2009 I. BACKGROUND Oracle Corp.'s Outside In Technology is a document conversion engine supporting a large number of binary file formats. Prior to...
Mozilla Foundation Security Advisory 2009-05
Mozilla Foundation Security Advisory 2009-05 Title: XMLHttpRequest allows reading HTTPOnly cookies Impact: Low Announced: February 3, 2009 Reporter: Wladimir Palant Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.6 SeaMonkey 1.1.15 Description Developer and Mozilla community member Wladimir...
ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1)
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2009-01-27-1 ------------------------------------------------------------------------- ASPR 2009-01-27-1: HTML Injection in BEA WebLogic Server Console...
Joomla component beamospetition 1.0.12 Sql Injection
Joomla component beamospetition 1.0.12 Sql Injection / Xss Author : vdss Dork : "Powered by beamospetition 1.0.12" Dl : http://joomlacode.org/gf/project/beamospetition/ Xss : http://site/?option=combeamospetition&func=sign&pet='scriptalert'Xss'/script Sql Injection :...
Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
Microsoft Security Bulletin MS08-072 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution 957173 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves eight privately reported vulnerabilities in Microsoft Offi...
Two XSS Flaws in PrestaShop 1.1.0.3
Affects PrestaShop 1.1.0.3 product: homepage: http://prestashop.com This is XSS in the URI of PrestaShop. Trust no one, not even your $SERVERPHPSELF . http://10.1.1.155/prestashop1.1.0.3/admin/login.php/223Cscript3Ealert13C/script3E Add an item to the shoping cart and then vist this url:...
GoodTech SSH Remote Buffer Overflow Exploit
GoodTech SSH Remote Buffer Overflow Exploit Written by r0ut3r - writ3r at gmail.com SSHFXPOPEN command contains a buffer oveflow. All other operations are also vulnerable, opendir, unlink, etc. use Net::SSH2; my $user = "root"; my $pass = "yahh"; my $ip = "127.0.0.1"; my $port = 22; my $ssh2 =...
Linux kernel multiple security vulnerabilities
Multiple local DoS conditions, sndseqosssynthmakeinfo information leaks, integer overflows in DCCP and SCTPAUTHKEY...
VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability
================================================= Discovered By: CrAzY CrAcKeR Email: Cr4zY.CrAcKeRathotmaildotcom Script : VBZooM V1.11 ================================================ Search: POWERED BY: VBZooM V1.11 http://www.example.com/vb1/reply.php?UserID=SQL...
IBM Rational ClearQuest Web Multiple XSS Vulnerabilities
IBM Rational ClearQuest Web Multiple XSS CVE-2007-4592 Discovered on 07-24-07 by sasquatch of SecureState - www.securestate.com Multiple cross site scripting vulnerabilities exist within IBM's Rational ClearQuest Web interface. VULNERABLE VARIABLES: ===================== contextid query string...
IpSwitch WS_FTPSERVER with SSH remote Buffer Overflow
IpSwitch WSFTPSERVER with SSH remote Buffer Overflow Website:http://www.wsftp.com/products/wsftpserver/ Version:6.1.0.0 last one,others might be vuln too Bug: Remote Buffer Overflow CD 8e8.a78: Access violation - code c0000005 first chance First chance exceptions are reported before any exception...
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities
Syhunt: HFS HTTP File Server Template Cross-Site Scripting and Information Disclosure Vulnerabilities Advisory-ID: 200801161 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 2.0 to and including 2.3Beta Build 174 Non-Affected Applications: HFS 1.6a and earlier versions...
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
SnIper-sa.com SSSSS nnn nn ii ppppppp eeeeeeeee rrrrr ss nn nn nn ii pp p ee rr rr s nn nn nn ii pp p ee rr r ss nn nn nn ii ppppppp ee rr rr sssss nn nn nn ii pp eeeeee rrrr ss nn nn nn ii pp ee rrrr s nn nn nn ii pp ee rr rr ss nn nnn ii pp ee rr rr sssss nn nnn ii pp eeeeeeeeee rr rr VerY-SecR...
ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability
ZDI-07-057: Firebird processpacket Remote Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-057.html October 10, 2007 -- CVE ID: CVE-2007-4992 -- Affected Vendor: Firebird -- Affected Products: Firebird SQL 2.0.2 -- TippingPointTM IPS Customer Protection: TippingPoin...
b1gmail Cross Site Scripting
b1gmail Cross Site Scripting ============================ Version: 6.3.1 site: http://www.b1gmail.de Profile: Cross Site Scripting Method: POST location:hilfe.php strings: "+onmouseover=alert1898233298+ http://site.com/hilfe.php?chapter="+onmouseover=alert1898233298+ credits: malibu.r...
Best Top List Remote File Upload Vulnerability
Best Top List Remote File Upload Vulnerability ---------------------------------------------- Script : Best Top List Version : All Version Site : http://besttoplist.sourceforge.net Closed Founder : Rizgar Contact : [email protected] and irc.gigachat.net kurdhack Thanks : KHC, PH , ColdHackers...
Mozilla Foundation Security Advisory 2007-27
Mozilla Foundation Security Advisory 2007-27 Title: Unescaped URIs passed to external programs Impact: Critical Announced: July 30, 2007 Reporter: Jesper Johansson Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.6 Thunderbird 2.0.0.6 Thunderbird 1.5.0.13 SeaMonkey 1.1.4...
Solaris finger bug
Hi all: Recently, we monitored a cracker from Eastern Europe, who ran 'finger 9@host' against a Solaris 7 box, and got the following result: Login Name TTY Idle When Where daemon ??? . . . . bin ??? pts/1 Oct 2, 2002 xxx.lbl.gov sys ??? . . . . account1 ??? pts/8 Jul 20, 2000 yyy.lbl.gov account2...
GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability
By Cr@zyKing [email protected] Biyosecurity.Net & Expw0rm.Com Thanks : Liz0 & DarkXBoyZ & Eno7 & ApAci & Uyuss & CrackersChild & Th343k1R & Xoron & Ajannn Portal : GHH Wersion : 1.1 GHH Portal 1.1 passwd.txt Remote Password Disclosure Vulnerability Demo : http://ghh.sourceforge.net/demo Vuln :...
Sisplet CMS <= 05.10 (site_path) Remote File Inclusion Vulnerability
Sisplet CMS Found by kezzap66345 Script Download:http://www.sisplet.org/uploadi/editor/Sisplet0504.tar.bz2 https://sourceforge.net/project/showfiles.php?groupid=111881 ERROR1: File:main/forum/komentar.php require$sitepath.'main/forum/class.php'; rfi coded RFI1:...